Help with this login code
Posted: Tue Apr 07, 2009 9:44 am
Hi, I am trying to create a members only portion of my website but right now I am having trouble with enabling users to login. Here is my code for users trying to log in:
As you can see the passwords and usernames are kept in the member table of my databse. But, whenever I try this code out it finds the username but displays that the password is wrong. Anyone know if I forgot something or if I am doing something wrong?
Code: Select all
<?php
session_start();
?>
<body>
<html>
<?php
include "layout.php";
?>
<div id="contnt">
<?php
include("dogs.inc");
switch (@$_POST['do'])
{
case "login":
$cxn = mysqli_connect($host, $user,$passwd,$dbname)
or die ("Couldn't connect to server.");
$sql = "SELECT loginName FROM Member
WHERE loginName='$_POST[loginName]'";
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute query.");
$num = mysqli_num_rows($result);
if ($num > 0) // login name was found
{
$sql = "SELECT loginName FROM Member
WHERE loginName='$_POST[loginName]'
AND password=md5('$_POST[password]')";
$result2 = mysqli_query($cxn,$sql)
or die("Couldn't execute query 2.");
$num2 = mysqli_num_rows($result2);
if ($num2 > 0) // password is correct
{
$_SESSION['auth']="yes";
$logname=$_POST['loginName'];
$_SESSION['logname'] = $logname;
$today = date("Y-m-d h:i:s");
$sql = "INSERT INTO Login (loginName,loginTime)
VALUES ('$logname','$today')";
$result = mysqli_query($cxn,$sql)
or die("Can't execute insert query.");
header("Location: Member_page.php");
}
else // password is not correct
{
$message="The Login Name, '$_POST[loginName]'
exists, but you have not entered the
correct password! Please try again.<br>";
include("login_form.inc");
}
}
elseif ($num == 0) // login name not found
{
$message = "The Login Name you entered does not
exist! Please try again.<br>";
include("login_form.inc");
}
break;
default:
include("login_form.inc");
}
?>
</div>
</div>
</body>
</html>