My Log In Script
Posted: Tue Jan 16, 2007 7:44 pm
feyd | Please use
Login Form"
Any help on ideas why it isn't working is appreciated.
feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Hello,
I created a log in script recently it worked and all but I found out I wasn't using correct MySql syntax and forgot the WHERE to identify the specific username and password.
At first it wasn't grabbing the Username and now I fixed that error now I get the following error stating the password can not be found. Is it because possibly do with my md5 hashes?
Here is my login code:Code: Select all
<?php
//login page
session_start();
require ("config.php");
switch (@$_POST['do'] )
{
case "new":
//if entered blank form returns error
foreach ($_POST as $field => $value)
{
if ($value == "")
{
$blanks[] = $field;
}
}
if (isset ($blanks) )
{
$message = "Following fields are blank. Please enter the required information: ";
foreach ($blanks as $value)
{
$message .= "$value, ";
}
extract ($_POST);
include ('login_form.php');
exit();
}
$sql = "SELECT username FROM members WHERE username = '$_POST[username]'";
$rs = mysql_query($sql, $con);
print mysql_error();
$num = mysql_num_rows($rs);
if ($num > 0) // login name found!
{
$sql = "SELECT username FROM members WHERE username = '$_POST[username]' AND password=md5('$_POST[password]')";
$result2 = mysql_query ($sql,$con);
print mysql_error();
$num2 = mysql_num_rows ($result2);
if ($num2 > 0) //correct passy
{
//Grab session id
$user = mysql_query("SELECT id FROM members WHERE username = ".$_POST['username']." LIMIT 0,1");
$result = mysql_fetch_assoc($user);
$_SESSION['id'] = $result['id'];
$_SESSION['auth'] = "yes";
$_SESSION['gid'] = $gid;
$_SESSION['id'] = $id;
header ("Location: userarea.php");
}
else
{
$message = "The Login Name, '$_POST[username]' exists, but you have not entered the correct password!<br/>";
include ("login_form.php");
}
}
elseif ($num == 0)
{
$message = "Login Name does not exist";
include ("login_form.php");
}
break;
default:
include ('login_form.php');
}
?>Code: Select all
<html>
<head>
<title>Member Login</title>
</head>
<body>
<h1>Member Login:</h1><br />
<?php
if (isset ($message) )
{
print " $message ";
}
?>
<form action="login.php?do=new" method="POST">
Member ID: <input type="text" name="username" size="20" /><br /><br />
Password: <input type="password" name="password" size="20" /><br /><br />
<input type="hidden" name="do" value="new">
<input type="submit" name="Submit" value="Login" />
</form>
</body>
</html>feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]