Gonna kick myself when I figure this out
Posted: Thu Jan 15, 2009 2:02 am
I'm doing a really...REALLY rudimentary script for a class just to make my life a little easier when it comes to handing in homework. I'm working on making the login script and like...it's so stupid, it's such a simple script, it's not very secure...at all, but it's not working.
the action is the way it is because I have a front gateway that has the resource for the constants etc.
I'm at the "Something went wrong" part meaning the query has been run but it's not returning a result set. I KNOW for a fact that I used MD5 to encrypt the password. I got the literal hash and tried entering values manually in the MySQL client and it returned the one row I needed, but for some reason it's not working here. I know it has to be...HAS TO BE the stupidest error that I'm just way too burnt out to find.
Code: Select all
<?php
if (isset($_POST['submitted'])) {
$link = mysqli_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASS, MYSQL_DB) or
die("Could not connect to database" . mysqli_connect_error());
$userName = mysqli_real_escape_string($link, $_POST['userName']);
$password = mysqli_real_escape_string($link, $_POST['password']);
$submitted = $_POST['submitted'];
$sql = "SELECT userName, password FROM users WHERE userName='$userName' AND password='md5($password)'";
$rs = mysqli_query($link, $sql) or
die("Query failed!!!" . mysqli_error($link));
$count = mysqli_num_rows($rs);
if ($count == 1) {
session_start();
$_SESSION['loggedIn'] = TRUE;
$_SESSION['userName'] = $userName;
header('Location: ' . SITE_DIR . '/admin/index.php');
} else {
echo "Something went wrong.";
}
} else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Login</title>
</head>
<body>
<form method="post" action="index.php?page=login">
<table style="margin: 0 auto; margin-top: 20px; border: 1px solid 0;">
<tr>
<td>Login:
<input type="text" name="userName" /></td>
</tr>
<tr>
<td>Password:
<input type="password" name="password" /></td>
</tr>
<tr>
<td>
<input type="hidden" name="submitted" value="TRUE" />
<input type="submit" value="Log In" />
</td>
</tr>
</table>
</form>
</body>
</html>
<?php } ?>
I'm at the "Something went wrong" part meaning the query has been run but it's not returning a result set. I KNOW for a fact that I used MD5 to encrypt the password. I got the literal hash and tried entering values manually in the MySQL client and it returned the one row I needed, but for some reason it's not working here. I know it has to be...HAS TO BE the stupidest error that I'm just way too burnt out to find.