I have a login form with an encrypted password and I keep getting "Wrong Username or Password" even though the login exists. It works if I remove the password fields, so I know the encrypted password is not verifying. Can anyone help? Thank you!
Form - main_login.php:
Code: Select all
<form name="form1" method="post" action="checklogin.php">
Username: <input name="myusername" type="text" id="myusername">
Password: <input name="mypassword" type="text" id="mypassword">
<input type="submit" name="Submit" value="Login">
</form>Code: Select all
<?php
ob_start();
$host="xx"; // Host name
$username="xx"; // Mysql username
$password="xx"; // Mysql password
$db_name="xx"; // Database name
$tbl_name="xx"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
// encrypt password
$encrypted_mypassword = md5($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>