login form
Posted: Mon Aug 13, 2007 9:58 pm
Yes, the ever present "login page" question, haha. I promise I've been reading through all sorts of tutorials and quite a few topics on here before coming to you guys for help. So hopefully you won't mind helping out with yet another login question :]
I admit, the code I'm using is "borrowed" from http://php.about.com/od/finishedphp1/ss ... code_3.htm, but with a few minor tweaks to make it more specific to what I needed. I do promise that I took the time to go through it and do my best to understand it, rather than just copy paste it and call it good :] ha. Although, naturally, if I understood it I wouldn't be here.
Anyway, the problem i'm having is that no matter which username/password combination I use (even the correct ones in my mySQL database), the page returns as "Password incorrect." I'm assuming this is a problem with the code?
Here's the code:
thank you in advance :]
I admit, the code I'm using is "borrowed" from http://php.about.com/od/finishedphp1/ss ... code_3.htm, but with a few minor tweaks to make it more specific to what I needed. I do promise that I took the time to go through it and do my best to understand it, rather than just copy paste it and call it good :] ha. Although, naturally, if I understood it I wouldn't be here.
Anyway, the problem i'm having is that no matter which username/password combination I use (even the correct ones in my mySQL database), the page returns as "Password incorrect." I'm assuming this is a problem with the code?
Here's the code:
Code: Select all
<?php
// Connects to your Database
mysql_connect("localhost", "user", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM members WHERE uname = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database.<a href=joinform.html>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['pass'] = stripslashes($info['pass']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['pass']) {
die('Incorrect password, please try again.'); }
else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
//then redirect them to the members area
header("Location: members.php");
}
}
}
else
{
// if they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>