user login help

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
chapm4
Forum Newbie
Posts: 4
Joined: Mon Dec 01, 2003 8:35 am

user login help

Post by chapm4 »

feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]


Hi,

The code below is on my login page.  My include files connect to the database fine.  I even have another page that gives me all data out of the login table that works fine.  Anytime I run the below, I get Wrong user password message.  Can't figure out what the deal is can you help?

table: login
fields: username
           password

Code: Select all

<?php 

session_start(); 

$errorMessage = ''; 
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
   include 'includes/configdb.php';
   include 'includes/opendb.php';

   $userId = $_POST['txtUserId'];
   $password = $_POST['txtPassword'];
     
         
        // check if the user id and password combination exist in database 
        $sql = "SELECT username
                FROM login 
                WHERE username = '$userId' AND password = PASSWORD('$password')"; 
         
        $result = mysql_query($sql) or die('Query failed. ' . mysql_error());  
         
        if (mysql_num_rows($result) == 1) { 
            // the user id and password match,  
            // set the session 
            $_SESSION['image_is_logged_in'] = true; 

            // remove the random value from session             
            $_SESSION['image_random_value'] = ''; 
             
            // after login we move to the main page 
            header('Location: main.php'); 
            exit; 
        } else { 
            $errorMessage = 'Sorry, wrong user id / password'; 
        } 
         
        include 'includes/closedb.php'; 
    
} 
?> 
<html> 
<head> 
<title>Basic Login</title> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
</head> 

<body> 
<?php 
if ($errorMessage != '') { 
?> 
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p> 
<?php 
} 
?> 
<form action="" method="post" name="frmLogin" id="frmLogin"> 
 <table width="500" border="1" align="center" cellpadding="2" cellspacing="2"> 
  <tr> 
   <td width="150">User Id</td> 
   <td><input name="txtUserId" type="text" id="txtUserId"></td> 
  </tr> 
  <tr> 
   <td width="150">Password</td> 
   <td><input name="txtPassword" type="password" id="txtPassword"></td> 
  </tr> 
  <tr> 
   <td width="150">Enter Number</td> 
   <td><input name="txtNumber" type="text" id="txtNumber" value=""> 
    &nbsp;&nbsp;<img src="randomImage.php"></td> 
  </tr> 

  <tr> 
   <td width="150">&nbsp;</td> 
   <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td> 
  </tr> 
 </table> 
</form> 
</body> 
</html>

feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

have you used the mysql hashing technique during registration as well...

Code: Select all

password = PASSWORD('$password')";
Post Reply