Below is the script I'm using for my login.php. The session opens fine (unlike other programs that have the session on another page), the includes contain the database info to access the database, yet, when it comes to the SELECT to find and compare the username and passwords, my program goes straight to the "$errorMessage = 'Sorry, wrong user id / password';" even though the username and password are in the database and are entered exactly that way in the form. Any ideas why this may be happening?
<?php
// we must never forget to start the session
session_start();
$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
include 'config.php';
include 'opendb.php';
$userId = $_POST['txtUserId'];
$password = $_POST['txtPassword'];
// check if the user id and password combination exist in database
$sql = "SELECT *
FROM members
WHERE username = '$username'
AND password = PASSWORD('$password')";
$result = mysql_query($sql)
or die('Query failed. ' . mysql_error());
if (mysql_num_rows($result) == 1) {
// the user id and password match,
// set the session
$_SESSION['db_is_logged_in'] = true;
// after login we move to the main page
header('Location: main.php');
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}
include 'closedb.php';
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150"> </td>
<td><input type="submit" name="btnLogin" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
PHP login script not working...
Moderator: General Moderators
- jaoudestudios
- DevNet Resident
- Posts: 1483
- Joined: Wed Jun 18, 2008 8:32 am
- Location: Surrey
Re: PHP login script not working...
So your script is connecting to the database fine? Are you able to double check this?
In your sql query you have PASSWORD() function. How is the password stored in the database? as plain text or the PASSWORD() hash?
It would help if you posted the error you get and your database schema and data.
In your sql query you have PASSWORD() function. How is the password stored in the database? as plain text or the PASSWORD() hash?
It would help if you posted the error you get and your database schema and data.
-
cavemaneca
- Forum Commoner
- Posts: 59
- Joined: Sat Dec 13, 2008 2:16 am
Re: PHP login script not working...
Maybe try changing this:
to this:
At least, I'm assuming that PASSWORD() is supposed to be a function that encrypts the password? If not:
If you have a self created algorithm for encrypting your passwords, great. But if PASSWORD() is just something that cleans it up, you should probably try SHA1(), MD5(), or crypt().
Code: Select all
$sql = "SELECT * FROM members WHERE username = '$username' AND password = PASSWORD('$password')";Code: Select all
$sql = "SELECT * FROM members WHERE username = '".$username."' AND password = '".PASSWORD($password)."'";Code: Select all
$sql = "SELECT * FROM members WHERE username = '".$username."' AND password = '".$password."'";Re: PHP login script not working...
Yes, the script is connecting to the database. That is working fine. I test it with the following script:
// This connects to server, then tests for failure.
if(!($conn = mysql_connect($dbhost, $dbuser, $dbpass)))
{
print("Failed to connect to database!<br>\n");
exit();
}
// This selects the database from a database configuration program, then tests for failure.
if(!mysql_select_db($dbname, $conn))
{
print("Cannot use database!<br>\n");
exit();
}
?>
No error is given using this script.
As for the changes, the '".PASSWORD($password)."' change gave me the error "Call to undefined function password() in /home/adminName/folder_location/login.php" in the first example. The other examples produced the same "invalid username or password" error.
The settings for my password field in my database table are:
type = VACHAR
length = 10
collation = ascii_general_ci
attributes = (empty)
null = no
default = (empty)
extra = (empty)
Please let me know if any of this helps.
// This connects to server, then tests for failure.
if(!($conn = mysql_connect($dbhost, $dbuser, $dbpass)))
{
print("Failed to connect to database!<br>\n");
exit();
}
// This selects the database from a database configuration program, then tests for failure.
if(!mysql_select_db($dbname, $conn))
{
print("Cannot use database!<br>\n");
exit();
}
?>
No error is given using this script.
As for the changes, the '".PASSWORD($password)."' change gave me the error "Call to undefined function password() in /home/adminName/folder_location/login.php" in the first example. The other examples produced the same "invalid username or password" error.
The settings for my password field in my database table are:
type = VACHAR
length = 10
collation = ascii_general_ci
attributes = (empty)
null = no
default = (empty)
extra = (empty)
Please let me know if any of this helps.