Page 1 of 1

Another roadblock with login script

Posted: Thu Apr 29, 2010 11:35 pm
by cwheel3915
Alright, This is the script to check if a username, and password inputted in a form exist in the database. If so let them login.

The trouble im having is with the mysql query. Im wanting it to search the table userdb for email address and passwords matching the one entered by the user.

I have the email field in my db set as primary key.

Code: Select all

<?php

session_start();

# If Magic Quotes are enabled, stripslashes()
    if(get_magic_quotes_gpc()) {
      $input = array(&$_GET, &$_POST, &$_COOKIE, &$_ENV, &$_SERVER);
      
      while(list($k, $v) = each($input)) {
        foreach($v as $key => $val) {
          if(!is_array($val)) {
            $input[$k][$key] = stripslashes($val);
            continue;
          }
          $input[] =& $input[$k][$key];
        }
      }
      unset($input);
      } 
      
       # Fetch POST Vars
  /* Check for existence before referencing a variable! */
  /* Adding slashes does NOT protect you from SQL Injection.  Use: mysql_real_escape_string() */
 $email = isset($_POST['email']) ? $_POST['email'] : '';
$password = isset($_POST['password']) ? $_POST['password']: '';
    
     # Hash $password
      $password = hash('sha512', $password);
 
    
      # Connect to the MySql Database
      $mysql = mysql_connect('localhost', 'root');
    
  # Select Database to use
    mysql_selectdb('mobgame');
    
  
    # Mysql query
      
	$result = mysql_query("SELECT * FROM `userdb` WHERE `email` = '$email' AND 'password' = '$password' ");
                            
	# check if enail, and password found.
      If(mysql_num_rows($result) == 1) {
       
       $_SESSION['user'] = $_POST['email'];
     
     header("location: main.php");
 } 
     
      else {
      echo "<a href=\"index.php\">Invalid user name or password click here to try again</a>";
      exit;
      }
?>

Re: Another roadblock with login script

Posted: Fri Apr 30, 2010 12:21 am
by cwheel3915
This is for a practice project im doing to make a clone of an older version of the pbbg "mafia.org" I dont plan on ever launching it, as I expect the code will be less than efficient by the time im done, but hopefully by the time im done ill understand how to start a real pbbg.

Anyway its like I said for some reason I cant figure out how to get a mysql query to come up with results of any rows matching the email , and password entered. I know the rows are there, but no matter how I rewrite the query it doesnt find them. I checked to make sure when I did the hash to encode the password that it ended up matching what was in the database, and it did. So I cant for the life of me figure out why I cant do this.

Re: Another roadblock with login script

Posted: Fri Apr 30, 2010 12:56 am
by cwheel3915
I HAVE SOLVED THE ISSUE.

Being a noob sucks, I have spent a couple of hours just to find out all I had wrong was a couple of '' '' lol.