Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Mar 2013
    Posts
    14
    Thanks
    1
    Thanked 0 Times in 0 Posts

    My login script are not working

    Hello i got nickname hej and password hej in database. But when i type it i only get the message Wrong username/password. What is wrong with my script?

    <?php
    session_start();
    include "db.php";

    $query = ("SELECT * FROM accounts WHERE nickname ='$loginuser' and password = '$loginpass'");

    $res = mysql_query($query);

    $rows = mysql_num_rows($res);

    $loginuser = $_POST['loginuser'];
    $loginpass = $_POST['loginpass'];

    $errors = array();

    if (isset($_POST['loginbutton'])){

    if (!$loginuser){
    $errors[] = "You need to fill the username field.";
    }

    if (!$loginpass){
    $errors[] = "You need to fill the password field.";
    }

    if(count($errors) > 0){
    foreach($errors AS $error)
    echo $error . "<br>\n";
    }

    if($rows == 1)
    {
    $_SESSION['loginuser'];
    $_SESSION['loginpass'];
    header("location:?p=profile");
    }
    else
    {
    echo 'Username/Password not correct!';
    }

    }
    ?>

    <center><h3>Login</h3>
    <table><tr>
    <form method="POST">

    Username:<br>
    <input type="text" name="loginuser"><br><br>
    Password:<br>
    <input type="password" name="loginpass"><br><br>
    <input type="submit" name="loginbutton" value="Login">
    </form>
    </table></tr><br>

    Do you got problem to login? <br>Maybe you has forgot your password? Please use this <a href="?p=lostaccount">Lostaccount</a>

    </center>

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,493
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    You're doing the query before you know what the incoming $_POST values are ...

    Try changing this:

    <?php
    session_start();
    include "db.php";

    $query = ("SELECT * FROM accounts WHERE nickname ='$loginuser' and password = '$loginpass'");

    $res = mysql_query($query);

    $rows = mysql_num_rows($res);

    $loginuser = $_POST['loginuser'];
    $loginpass = $_POST['loginpass'];


    To this:

    <?php
    session_start();
    include "db.php";

    if($_POST['loginuser']){
    $loginuser = mysql_real_escape_string($_POST['loginuser']);
    }
    if($_POST['loginpass']){
    $loginpass = mysql_real_escape_string($_POST['loginpass']);
    }

    $query = ("SELECT * FROM accounts WHERE nickname ='$loginuser' and password = '$loginpass'");

    $res = mysql_query($query);

    $rows = mysql_num_rows($res);


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •