PHP Login Script is not Working

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
selvaganesh87
Forum Newbie
Posts: 6
Joined: Wed Aug 25, 2010 8:18 pm

PHP Login Script is not Working

Post by selvaganesh87 »

Am learning PHP, I have been trying for this login form for past four days, but i cant find the result and also cant find the bug in my query can any body here help me to find the error in my query. I will much thankful for them

This is the MYSQL Query i used

mysql> select * from users where password=password('god');
+--------+-------+-------------------------------------------+
| userID | name | password |
+--------+-------+-------------------------------------------+
| 1 | selva | *895DC6A9BBBCFCDB8B7FDB51FA0383A59F38C60E |
+--------+-------+-------------------------------------------+
1 row in set (0.00 sec)

mysql> desc users;
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| userID | int(11) | | PRI | NULL | auto_increment |
| name | varchar(20) | | | | |
| password | varchar(50) | | | | |
+----------+-------------+------+-----+---------+----------------+
3 rows in set (0.00 sec)

This is the PHP code i used to develop Login Form

<? session_start() ?>
<html>
<head>
<title>Log In Form</title>
</head>
<body>
<?
if($user && $pass) {
if($logged_in_user == $user) {
echo "Your Already Logged In";
echo $user. ", your already logged in";
exit;
}
$db = mysql_connect("localhost")or die("Cannot Connect");
mysql_select_db("userlist", $db)or die("Cannot Select Database");
$user = $_POST['user'];
$pass = $_POST['pass'];
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$user = stripslashes($user);
$pass = stripslashes($pass);
$query = "select * form users where name='$user'AND password=PASSWORD('$pass')";
//$query = "select * form users where name like '%$user%' ";
$result = mysql_query($query);
if(!$result) {
echo "error" .mysql_error();
exit;
}
if(mysql_num_rows($result) == 1) {
$logged_in_user = $user;
session_register("logged_in_user");
//echo $user.;
echo "Welcome" .$logged_in_user;
exit;
}
else {
echo "Invalid User Please try again";
}
}
else if($name || $pass)
{
echo "Please Enter Both The Field" ;
}
?>
<form action="Login.php" method="POST">
<H2>Enter Login Details</H2>
User Name:
<input type=text name="user"><BR><BR>
Password :
<input type=password name="pass"><BR><BR>
<input type=submit value="Login"><BR>
</form>
</body>
</html>
JakeJ
Forum Regular
Posts: 675
Joined: Thu Dec 10, 2009 6:27 pm

Re: PHP Login Script is not Working

Post by JakeJ »

The password is obviously encrypted but nothing in your script is decrypting the password before matching it with what the user entered. Or more correctly, you're not encrypting the user input to see if it matches the encrypted password stored in the file.

Give that a shot and then see what happens.
User avatar
Jonah Bron
DevNet Master
Posts: 2764
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California

Re: PHP Login Script is not Working

Post by Jonah Bron »

password=password('god');
Looks like he's using the SQL password function.
Post Reply