PHP Login

Jon W · 01-23-2008, 05:12 PM

I can't seem to get this PHP Login Script to work right. Its not doing what its suppose to be doing. When I type in a Username that is in the Database, it comes up and says: 'Invalid Username or Password'. I can't make sense of it and I don't have enough knowledge yet to know what I'm doing wrong. If someone could help me out that would be great. Thanks guys!

Jon W

PHP Code:


			


<?php



if(isset($_POST['login'])) {



$username = mysql_real_escape_string($_POST['username']);

$password = mysql_real_escape_string(md5($_POST['password']));



include('db.php');



$query = mysql_query("SELECT user_id, username, password, active FROM users WHERE username = '$username' AND password = '$password'") or die('Database Error: ' . mysql_error());



$row = mysql_fetch_assoc($query);

$check = mysql_num_rows($query);



if($check == 1) {



if($row['active'] == 1) {





session_register($username);

session_register($password);



header("Location: http://example.com/index.php?user_id=" . $row['user_id'] . "");

} else {



$error = "Please Activate your account before logging in.";

 

} } else { 



$error = "Invalid Username or Password";



} }



?>

Fumigator · 01-23-2008, 05:18 PM

The username and password isn't in your users table. This script runs the password through md5(), which is officially cracked so therefore pretty useless.

How did you enter your username/password in your table? Is the password just plain text? If so, that's your problem.

Jon W · 01-23-2008, 05:19 PM

Nope, the password is md5 in the database.

runnerjp · 01-23-2008, 05:21 PM

md5 or not still should work.. you 100% sure its right why not try makin anouther udrname and password seeing if the works

Jon W · 01-23-2008, 05:23 PM

Alright, well I'll try that and I'll let you guys know if that works or not.

Jon W · 01-23-2008, 05:26 PM

Yeah, its still doing the same thing as it was with the other Username. So its not making sense to me.

Fumigator · 01-23-2008, 05:49 PM

Try running the query outside the PHP environment, for example using phpMyAdmin and see what you get. When I say run that query, I mean exactly the same query, which means you'll need to assign the query value to a variable, echo it, then copy/paste it and run it in phpMyAdmin. In other words, don't assume anything about the query.

runnerjp · 01-23-2008, 06:10 PM

where didi you get your code from?