Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4

Thread: Please help!!!!

  1. #1
    New Coder
    Join Date
    Aug 2008
    Posts
    64
    Thanks
    11
    Thanked 0 Times in 0 Posts

    Please help!!!!

    I AM MAKING A LOGIN FORM AND WHEN I ENTER CORRECTLY IT DOES NOT LOG IN IT USERNAME AND/OR PASSWORD ARE INCORRECT
    INSTEAD OF SAYING YOU HAVE SUCCESSFULLY LOGED IN AS $USER

    HERE IS THE SCRIPT

    PHP Code:
    <?php
    session_start
    ();
    include 
    "./global.php";

    echo 
    "<title>Login</title>\n";
    if(
    $_SESSION['uid']) {
        echo 
    "You are already logged in if you wish to log out, please <a href=\"./logout.php\">click here</a>!\n";
    } else {

        if(!
    $_POST['submit']) {
                echo 
    "<table border=\"0\" cellspacing=\"3\" cellpadding\=\"3\">\n";
                echo 
    "<form method=\"post\" action=\"./login.php\">\n";
                echo 
    "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
                echo 
    "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
                echo 
    "<tr><td colspan=\"2\" align=\"center\"<input type=\"submit\" name=\"submit\" value =\"Login\"></td></tr>\n";
                echo 
    "</form></table>\n";
            } else {
                
    $user mss($_POST['username']);
                
    $pass $_POST['password'];
                
                    if(
    $user && $pass) {
                        
    $sql "SELECT id FROM `users` WHERE `username`='".$user."'";
                        
    $res mysql_query($sql) or die(mysql_error());
                        if(
    mysql_num_rows($res) > 0) {
                            
    $sql2 "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
                            
    $res2 mysql_query($sql2) or die("CAN NOT CONNECT");
                            if(
    mysql_num_rows($res2) > 0) {
                                
    $row mysql_fetch_assoc($res2);
                                
    $_SESSION['uid'] = $row['id'];
                                echo 
    "You have succsessfully logged in as " $user;
                                
                            } else {
                                echo 
    "Username and/or password are not valid!\n";
                            }
                        } else {
                            echo 
    "The username you supplied does not exist!\n";
                        }
                    } else {
                        echo 
    "Complete the form!\n";
                    }
            }

    }

    ?>

    HERES GLOBAL.PHP


    PHP Code:
    <?php

    $con 
    mysql_connect('localhost''root''root') or die (mysql_error());
    $db mysql_select_db("users"$con);


    function 
    mss($value) {
        return 
    mysql_real_escape_string(trim(strip_tags($value)));
    }

    ?>

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,852
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Code:
    if(mysql_num_rows($res) > 0) {
                            $sql2 = "SELECT id,username FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
                            $res2 = mysql_query($sql2) or die("CAN NOT CONNECT");
                            if(mysql_num_rows($res2) > 0) {
                                $row = mysql_fetch_assoc($res2);
                                $_SESSION['uid'] = $row['id'];
                                $user=$row['username'];
                                echo "You have succsessfully logged in as " . $user;
                                
                            }
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    New Coder
    Join Date
    Aug 2008
    Posts
    64
    Thanks
    11
    Thanked 0 Times in 0 Posts
    This did not work

  • #4
    New to the CF scene
    Join Date
    Aug 2008
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I think this query might be the problem:

    $sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";


    Do you store passwords in md5 format?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •