...

View Full Version : Problem with login info verify



Bobbo171
06-12-2005, 11:51 PM
I use the following code to check the users entered against the database

$v = mysql_query("SELECT * FROM user WHERE username='" . $_POST['username'] . "' AND password=md5('" . $_POST['password'] . "') AND valid='1'");

if(mysql_num_rows($v) == 1){
while($row = mysql_fetch_assoc($v)){
$_SESSION['loged'] = true;
$_SESSION['id'] = $row['id'];
$_SESSION['user'] = $row['username'];
$_SESSION['email'] = $row['email'];

if($row['lev'] == 1){
$_SESSION['admin'] = true;
}
if($_POST['remem'] == yes){
$passw = md5($_POST['password']);
setcookie("biz_id",$row['id'], time()+60*60*24*30, "/", ".bizarroproductions.com");
setcookie("biz_username", $row['username'], time()+60*60*24*30, "/", ".bizarroproductions.com");
setcookie("biz_password", $passw, time()+60*60*24*30, "/", ".bizarroproductions.com");
setcookie("biz_email", $row['email'], time()+60*60*24*30, "/", ".bizarroproductions.com");
if($row['lev'] == 1){
setcookie("biz_admin", true, time()+60*60*24*30, "/", ".bizarroproductions.com");
}
}
}
}else{
echo "<strong>Login Failed</strong><br /> Please try again, or check your email to make sure you have validated your account";
}
but it always goes to the else statement and says that It failed but I know the username and password are sent and correct and I know that they exist in the database. Does anyone see anything wrong with my query or if I have misplaced any code because Ive looked over this a lot and have seen nothing wrong.
Any help is appreciated, Thanks :D

Kura_kai
06-13-2005, 02:45 AM
try this for the first line


$v = mysql_query("SELECT * FROM user WHERE username = '$_POST['username']' AND password = md5($_POST['password']) AND valid='1'");

or you can do something like this


$sql = "SELECT * FROM user WHERE username = '$_POST['username']' AND password = md5('$_POST['password']') AND valid = '1'");
$v = mysql_query($sql);

goaltender
06-13-2005, 02:50 AM
I see you're passing your 'verified' value as a string:



$v = mysql_query("SELECT * FROM user WHERE username='" . $_POST['username'] . "' AND password=md5('" . $_POST['password'] . "') AND valid='1'");


I've found if a column is an 'int' column and you pass it a string value, it will not work. You might want to try this sql statement instead (note no single quotes around the 1):



$v = mysql_query("SELECT * FROM user WHERE username='" . $_POST['username'] . "' AND password=md5('" . $_POST['password'] . "') AND valid=1");


Hope this helps!

Bobbo171
06-13-2005, 05:06 AM
turns out it wasnt the query that was wrong but my password hash from the registration that was stored in the database was different than the login one that was being checked against it and it all went back to my registration script where hashed a blank variable
all is well, thanks for the help



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum