Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Dec 2008
    Posts
    10
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Login script won't log me in.

    I have a login script set up. Every time I try to login, it says my username and/or password is incorrect for some reason. I have tried with and without hashing the password with no luck.

    Here is my code:
    PHP Code:
    <?php
    session_start
    ();
    include(
    "includes/functions.php");
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html>
    <head>
        <title>Challenge System Control Panel - Login</title>
        <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
        <style media="all" type="text/css">@import "css/all.css";</style>
    </head>
    <body>
    <div id="main">
        <div id="header">
            <a href="index.php" class="logo"><img src="" width="101" height="29" alt="" /></a>
            <ul id="top-navigation">
                <li class="active"><span><span>Login</span></span></li>
            </ul>
        </div>
        <div id="middle">
            <div id="left-column">
            </div>
            <div id="center-column">
                <div class="top-bar">
                    <h1>Control Panel Login</h1>
                    <div class="breadcrumbs"></div>
                </div><br />
    <div class="select-bar">
              </div>
              <div class="table">
                    <img src="img/bg-th-left.gif" width="8" height="7" alt="" class="left" />
                    <img src="img/bg-th-right.gif" width="7" height="7" alt="" class="right" />
                    <table class="listing form" cellpadding="0" cellspacing="0">
                        <tr>
                            <th class="full" colspan="1">Login</th>
                        </tr>
                        <!--<tr>-->
    <?php
    $message 
    "";
    if (
    $_GET["do"] == "login")
     {
     if (!
    $_POST["username"] || !$_POST["password"])
      {
      
    $message "You need to provide a username and password.";
      }
    $myusername $_POST['username'];
    $mypassword md5($_POST['password']);
     
    // Create query
     
    $q "SELECT * FROM `users` WHERE `username`='".$myusername."' AND `password='".$mypassword."'";
     
    // Run query
     
    $r mysql_query($q);

     if ( 
    $obj = @mysql_fetch_object($r) )
      {
      
    // Login good, create session variables
      
    $_SESSION["valid_id"] = $obj->id;
      
    $_SESSION["valid_user"] = $_POST["username"];
      
    $_SESSION["valid_time"] = time();

      
    // Redirect to member page
      
    Header("Location: index.php");
      }
     else
      {
      
    // Login not successful
      
    $message "Sorry, could not log you in. Wrong login information.";
      }
     }
    else
     {
    //If all went right the Web form appears and users can log in
     
    echo "<tr><td class=\"first\"><center><form action=\"?do=login\" method=\"POST\">";
     echo 
    "Username: <input name=\"username\" size=\"15\"></td></tr>";
     echo 
    "<tr class=\"bg\"><td>Password: <input type=\"password\" name=\"password\" size=\"15\"></td></tr>";
     echo 
    "<tr><td><input type=\"submit\" value=\"Login\"></center></td></tr>";
     echo 
    "</form>";
     }
     
    ?>
     </table>
    <p>&nbsp;</p>
    </div>
    <center><font color="red"><?php echo $message?></font></center>
            </div>
            <div id="right-column">
                <strong class="h">INFO</strong>
                <div class="box">Detect and eliminate viruses and Trojan horses, even new and unknown ones. Detect and eliminate viruses and Trojan horses, even new and </div>
          </div>
        </div>
        <div id="footer"></div>
    </div>


    </body>
    </html>
    Any help is greatly appreciated.

    Thanks in advance,
    Sean
    Last edited by VectorWolf; 03-10-2009 at 11:38 PM.

  • #2
    New Coder
    Join Date
    Dec 2008
    Posts
    10
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Anyone?

  • #3
    Regular Coder ninnypants's Avatar
    Join Date
    Apr 2008
    Location
    Utah
    Posts
    504
    Thanks
    10
    Thanked 47 Times in 47 Posts
    Try this instead
    PHP Code:
    if (mysql_num_rows($r) == )
      {
    $obj = @mysql_fetch_object($r)
      
    // Login good, create session variables
      
    $_SESSION["valid_id"] = $obj->id;
      
    $_SESSION["valid_user"] = $_POST["username"];
      
    $_SESSION["valid_time"] = time();

      
    // Redirect to member page
      
    Header("Location: index.php");
      } 

  • #4
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,075
    Thanks
    2
    Thanked 320 Times in 312 Posts
    Your query is failing and returning a FALSE value in $r instead of a result resource and because you have an @ in front of mysql_fetch_object() to suppress errors, you probably already know this from the error message it was outputting before you put the @ in.

    To debug why your query is failing change this -

    PHP Code:
    $r mysql_query($q); 
    to this -

    PHP Code:
    $r mysql_query($q) or die('Query failed: ' mysql_error()); 
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #5
    Regular Coder
    Join Date
    Nov 2007
    Location
    Leeds, UK
    Posts
    514
    Thanks
    24
    Thanked 19 Times in 19 Posts
    (!$_POST["username"] || !$_POST["password"])

    Meens if post username not equal to true or post password not equal to true fail
    PHP Code:
    $q "SELECT * FROM `users` WHERE `username`='".$myusername."' AND `password='".$mypassword."'"
     
    // Run query 
     
    $r = @mysql_query($q);

    if ( 
    $obj = @mysql_fetch_array($r) ) 
      { 
      
    // Login good, create session variables 
      
    $_SESSION["valid_id"] = $obj['id']; 
      
    $_SESSION["valid_user"] = $_POST["username"]; 
      
    $_SESSION["valid_time"] = time(); 

      
    // Redirect to member page 
      
    Header("Location: index.php"); 
      } 
     else 
      { 
      
    // Login not successful 
      
    $message "Sorry, could not log you in. Wrong login information."
      } 
    All you need to do check if there in DB don't need to check if there's no data sent just run it and output same error it not much load
    Working towards a Internet where we don't have website just browser applications Kill the Hyper-link and say hello to 3D Games in the browser :)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •