error with login auth

urgido · 11-03-2006, 09:51 AM

I have the next code:

PHP Code:


			
$link = mysql_connect('localhost', 'myusername', 'mypass' );

mysql_select_db('mydb') or die("check your info."); 



$_POST['username'] = $username;

$_POST['password'] = $password;

$password = md5($password);



$consult= "SELECT * FROM users WHERE password='$password' AND username='$username'";



$result= mysql_query($consult,$link);

echo mysql_error();





// Check auth

if($username=$row['username'] && $password=$row['password']){

 echo "all success";

}else{

 echo "login failed";

}

For some reasons my code don't work!

Can somebody fix this? my password are encrypted(md5). Regards

ess · 11-03-2006, 11:35 AM

First of all...please correct the following statements

from

PHP Code:


			
$_POST['username'] = $username;

$_POST['password'] = $password;

to

PHP Code:


			
$username = $_POST['username']; 

$password = $_POST['password'] ;

Second...if you haven't stored user's passwords in the database encrypted in md5...it won't work.

So...I would advise to you get the script working without using md5 first...

once you have...go back and implement md5 in your script.

Good luck

urgido · 11-03-2006, 08:08 PM

implementation for md5 is made. check the footer of my message

I made the changes that you say me and the problem is same.

Regards

dumpfi · 11-03-2006, 10:32 PM

Use mysql_fetch_assoc.

dumpfi

urgido · 11-03-2006, 10:49 PM

I put the following code:

PHP Code:


			
while ($fila = mysql_fetch_assoc($result)) {

   //nothing

}

How I can compare the values to know if there are correct. I you remember that the username and password must coincide to be able to go to cp.php of another way errorcp.php
?

Regards

Brandoe85 · 11-04-2006, 04:01 AM

You could use mysql_num_rows():

PHP Code:


			
$link = mysql_connect('localhost', 'myusername', 'mypass' );
mysql_select_db('mydb') or die("check your info."); 

$_POST['username'] = $username;
$_POST['password'] = $password;
$password = md5($password);

$consult= "SELECT * FROM users WHERE password='$password' AND username='$username'";

$result= mysql_query($consult,$link);

if(mysql_num_rows($result) > 0)
{
    // good login...do whatever
}
else
{
    // login failed.
}

Ref:
http://us2.php.net/mysql_num_rows

urgido · 11-04-2006, 04:06 AM

Brandoe85 THANKKKKKKKKKKKKKKKKKKKKKKKKKK YOU.

BEST REGARDS!

Brandoe85 · 11-04-2006, 04:11 AM

Woops, I didn't put in the other fixes for the tranposed variable names but you get the idea. Good luck