Page 1 of 1

i dont know

Posted: Thu Feb 23, 2012 10:21 am
by ZetCoby
hello, i made a login form and a register form, the registration works fine, it inserts all i need in my databse but the login wont work at all, i really dont know what to do with it, can someone please help me out?

Code: Select all

<html>

<head>
	<title>Origin</title>
	<link href='http://fonts.googleapis.com/css?family=Frijole' rel='stylesheet' type='text/css'>
	<link rel="stylesheet" href="css/style.css">
	
</head>
<body>
<div class="main">
	<h1 class="origin">Origin</h1>
	<form action="index.php" method="POST">
	<div class="center_login">
		<ul id="login">
			<li>
				<label for="username">Username</lable>
				<input id="name" name="username"/>
			</li>
			<li>
				<label for="password">Password</lable>
				<input type="password" name= "password"/>
			</li>
			<li>
				<input type="submit" name="submit" value="Login">
			</li>
		</ul>
	</div>
</div>
<?php


function protect($x)
{
   $x = mysql_real_escape_string(trim($x));
   return $x;
}

$username = protect(strtolower(strip_tags($_POST['username'])));
$password = protect(strip_tags($_POST['password']));
$salt = md5($password);
$hash=sha1( "z1w29y7" . md5("9a72cd" . md5("Password" . "$salt"), "b1afb43") . "a982efa1" . md5("$salt") );
if($username && $password)  
{	
	$connect= mysql_connect ("localhost","root","");
	mysql_select_db ("origin");
	$query= mysql_query("SELECT * FROM users WHERE username='$username'"); 
	$num_rows= mysql_num_rows($query);  
		if($num_rows!=0)   
		{
			while($row=mysql_fetch_assoc($query))   
				{
					$dbusername= $row['username'];    
					$dbpassword= $row['password'];
				}			
			if(strtolower($username)==$dbusername&&$hash==$dbpassword)   
				{
					echo "<meta http-equiv='refresh' content='0;url=main.php'>";
					$_SESSION['username']=$dbusername;
				}
			else
				echo "incorect password ";
		}
		else
		{
			die("that user does not exist");
		}

}

?>

</body>
</html>

Re: i dont know

Posted: Thu Feb 23, 2012 10:37 am
by Celauran
At a glance it looks like it should work. How long is the password field in your database table?

Re: i dont know

Posted: Thu Feb 23, 2012 10:41 am
by ZetCoby
it is vaarchar set on 100

Re: i dont know

Posted: Thu Feb 23, 2012 11:14 am
by Celauran
The error could be here or could be in your registration script. Have you checked manually that $hash matches what's in the database for the given user?

Re: i dont know

Posted: Thu Feb 23, 2012 12:37 pm
by ZetCoby
i found the problem, i had 2 files index idk how lol, and i worked with one and opened the other one so everything i did in index 1 was not in index 2 withc i opened, lol sorry for the trouble, thank you for the help