PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
hey i have written a script that a website requires... ive created the sign up with no troubles but it does not allow me to login.. this is the login code:
include 'database_connect.php';
if(isset($_POST['login'])) {
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password = md5($password);
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$logincheck = mysql_num_rows($sql);
if($logincheck > 0) {
while($row = mysql_fetch_array($sql)) {
foreach( $row AS $key => $val ) {
$$key = stripslashes( $val );
}
// Session Data
$_SESSION['username'] = $username;
$_SESSION['userlevel'] = $userlevel;
$_SESSION['auth'] = true;
echo 'Login Successful!';
echo "<br />You Are Currently Logged In As <b>$username</b>";
}
} else {
echo "<b><font color = 'red'>Login Credentials Wrong</b></font>";
}
}
every time i try log in it comes up with the same error. it comes up with he error "wrong login credentials" which i wrote myself.. so there has to be something wrong with the SQL query or what i thin which is the md5 encoding on the password.
You shouldn't need to run mysql_real_escape_string on a string being hashed with md5(). Have you checked that your signup password hash is consistent with your login hash?
the sign up script also runs a mysql_real_escape_string and and md5.. should i remove the mysql_real_escape_string on both (both password fields i mean)?
I doubt it's causing the problem, but you don't need it as long as you're hashing with md5 before it's being inserted. Can you post the code used to insert new users?
include 'database_connect.php';
if (isset($_POST['submit'])) {
// change the variables
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$password1 = mysql_real_escape_string($_POST['password1']);
$email = mysql_real_escape_string($_POST['email']);
$email1 = mysql_real_escape_string($_POST['email1']);
$firstname = mysql_real_escape_string($_POST['firstname']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$birthdate = mysql_real_escape_string($_POST['birthdate']);
$gender = mysql_real_escape_string($_POST['gender']);
$location = mysql_real_escape_string($_POST['location']);
$ip = $_SERVER['REMOTE_ADDR'];
// Check if there is existing user in the databse
$check1 = mysql_query("SELECT * FROM users WHERE username='$username'");
if (mysql_num_rows($check1) > 1) {
echo 'Someone has already Taken that username, please try another!';
}
// check if ALL the feilds have been filled out correctly
if ($username == '') { echo 'The username field is empty'; }
if ($password == '') { echo 'The password field is empty'; }
if ($password1 == '') { echo 'The repeat password field is empty'; }
if ($email == '') { echo 'The email field is empty'; }
if ($email1 == '') { echo 'The repeat email field is empty'; }
if ($firstname == '') { echo 'The first name field is empty'; }
if ($lastname == '') { echo 'The last name field is empty'; }
if ($birthdate == '') { echo 'The birthdate field is empty'; }
if ($gender == '') { echo 'The gender field is empty'; }
if ($location == '') { echo 'The location field is empty'; }
// check if the passwords matched
if ($password == $password1) {
// Encrypt the password
$password2 = md5($password);
// insert <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> into the database
$insert = mysql_query("INSERT INTO users (username, password, email, firstname, lastname, birthdate, gender, location, ip) VALUES ('$username','$password2','$email','$firstname','$lastname','$birthdate','$gender','$location','$ip')");
if (!$insert) {
mysql_error();
} else {
// Tell themn that eveything is cool!
echo 'You can now login!';
include 'login.php';
}
} else {
echo 'The passwords you enterd did not match';
}
}