Am learning PHP, I have been trying for this login form for past four days, but i cant find the result and also cant find the bug in my query can any body here help me to find the error in my query. I will much thankful for them
This is the MYSQL Query i used
mysql> select * from users where password=password('god');
+--------+-------+-------------------------------------------+
| userID | name | password |
+--------+-------+-------------------------------------------+
| 1 | selva | *895DC6A9BBBCFCDB8B7FDB51FA0383A59F38C60E |
+--------+-------+-------------------------------------------+
1 row in set (0.00 sec)
mysql> desc users;
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| userID | int(11) | | PRI | NULL | auto_increment |
| name | varchar(20) | | | | |
| password | varchar(50) | | | | |
+----------+-------------+------+-----+---------+----------------+
3 rows in set (0.00 sec)
This is the PHP code i used to develop Login Form
<? session_start() ?>
<html>
<head>
<title>Log In Form</title>
</head>
<body>
<?
if($user && $pass) {
if($logged_in_user == $user) {
echo "Your Already Logged In";
echo $user. ", your already logged in";
exit;
}
$db = mysql_connect("localhost")or die("Cannot Connect");
mysql_select_db("userlist", $db)or die("Cannot Select Database");
$user = $_POST['user'];
$pass = $_POST['pass'];
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$user = stripslashes($user);
$pass = stripslashes($pass);
$query = "select * form users where name='$user'AND password=PASSWORD('$pass')";
//$query = "select * form users where name like '%$user%' ";
$result = mysql_query($query);
if(!$result) {
echo "error" .mysql_error();
exit;
}
if(mysql_num_rows($result) == 1) {
$logged_in_user = $user;
session_register("logged_in_user");
//echo $user.;
echo "Welcome" .$logged_in_user;
exit;
}
else {
echo "Invalid User Please try again";
}
}
else if($name || $pass)
{
echo "Please Enter Both The Field" ;
}
?>
<form action="Login.php" method="POST">
<H2>Enter Login Details</H2>
User Name:
<input type=text name="user"><BR><BR>
Password :
<input type=password name="pass"><BR><BR>
<input type=submit value="Login"><BR>
</form>
</body>
</html>
PHP Login Script is not Working
Moderator: General Moderators
-
selvaganesh87
- Forum Newbie
- Posts: 6
- Joined: Wed Aug 25, 2010 8:18 pm
Re: PHP Login Script is not Working
The password is obviously encrypted but nothing in your script is decrypting the password before matching it with what the user entered. Or more correctly, you're not encrypting the user input to see if it matches the encrypted password stored in the file.
Give that a shot and then see what happens.
Give that a shot and then see what happens.
- Jonah Bron
- DevNet Master
- Posts: 2764
- Joined: Thu Mar 15, 2007 6:28 pm
- Location: Redding, California
Re: PHP Login Script is not Working
Looks like he's using the SQL password function.password=password('god');