PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
friedcpu
Forum Newbie
Posts: 4 Joined: Wed May 19, 2004 1:47 pm
Location: uk
Contact:
Post
by friedcpu » Sat May 22, 2004 6:45 am
Hi
this always returns wrong username or password, it just wont work, i have rewrote the code many times following php books, websites, and it just wont work, hopefully you could spot whats wrong?
<?
$user = "$username";
$pass = "$password";
$conn = mysql_connect("localhost","username","password");
$db = mysql_select_db("friedcpu");
$password = md5($pass);
$result = mysql_query("SELECT realname, username, password, email, url, country, datereg FROM users WHERE username='$user' and password='$pass'");
$myrow = mysql_fetch_array($result);
$real_username = $myrow["username"];
$real_password = $myrow["password"];
if ($user=="$real_username" && $pass=="$real_password") {
// Login Correct!
$cookie_user = $myrow["username"];
$cookie_pass = $myrow["password"];
$cookie_name = $myrow["realname"];
$cookie_email = $myrow["email"];
$cookie_url = $myrow["url"];
$cookie_country = $myrow["country"];
$cookie_datereg = $myrow["datereg"];
setcookie ("FriedCPU[username]", $cookie_user);
setcookie ("FriedCPU[pass]", $cookie_pass);
setcookie ("FriedCPU[name]", $cookie_name);
setcookie ("FriedCPU[email]", $cookie_email);
setcookie ("FriedCPU[url]", $cookie_url);
setcookie ("FriedCPU[country]", $cookie_country);
setcookie ("FriedCPU[datereg]", $cookie_datereg);
echo "Logged In As: $cookie_user";
}else{
echo "Wrong username or pass";
}
?>
thanks so much to anybody who answers!
pht
Forum Newbie
Posts: 7 Joined: Sat May 22, 2004 6:47 am
Post
by pht » Sat May 22, 2004 6:57 am
Are you sure, you are comparing right values in
if ($user=="$real_username" && $pass=="$real_password") {
shouldn't it be:
if ($user=="$real_username" && $password=="$real_password") {
because sql query may give you only encrypted form of password, not "real"...
Another guestion is, that have you really inserted encrypted password to the table?
Do you get any results from the database?
I would begin with these checks...
markl999
DevNet Resident
Posts: 1972 Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)
Post
by markl999 » Sat May 22, 2004 7:02 am
$user = "$username";
$pass = "$password";
Where are these values coming from? If they are coming from a form post then try using $_POST['username'] and $_POST['password'] instead.
Also try this version which should show you where it's going wrong.
Code: Select all
<?php
$user = $username;
$pass = $password;
//If using a form POST use the 2 below instead.
//$user = $_POST['username'];
//$pass = $_POST['password'];
$conn = mysql_connect('localhost','username','password') or die(mysql_error());
$db = mysql_select_db('friedcpu') or die(mysql_error());
$password = md5($pass);
$query = "SELECT realname, username, password, email, url, country, datereg FROM users WHERE username='$user' and password='$pass'";
echo $query; //debugging to make sure the query is what you expect
$result = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($result)){
$myrow = mysql_fetch_array($result);
$real_username = $myrow["username"];
$real_password = $myrow["password"];
$cookie_user = $myrow["username"];
$cookie_pass = $myrow["password"];
$cookie_name = $myrow["realname"];
$cookie_email = $myrow["email"];
$cookie_url = $myrow["url"];
$cookie_country = $myrow["country"];
$cookie_datereg = $myrow["datereg"];
setcookie ("FriedCPU[username]", $cookie_user);
setcookie ("FriedCPU[pass]", $cookie_pass);
setcookie ("FriedCPU[name]", $cookie_name);
setcookie ("FriedCPU[email]", $cookie_email);
setcookie ("FriedCPU[url]", $cookie_url);
setcookie ("FriedCPU[country]", $cookie_country);
setcookie ("FriedCPU[datereg]", $cookie_datereg);
echo "Logged In As: $cookie_user";
}else{
echo "Wrong username or pass";
}
?>
friedcpu
Forum Newbie
Posts: 4 Joined: Wed May 19, 2004 1:47 pm
Location: uk
Contact:
Post
by friedcpu » Sat May 22, 2004 8:02 am
thank you both for replying.
i used your $_POST[]; mark, that works,
but it actually turned out the error was
the length of the column in the database ws 25 for the encrypted password, the encrypted pass turns out to be longer, so the database cut it off, and the form didnt, so it was trying to match a long pass against a short pass.
all works now tho
thanks for your help.