Hey.. Can someone help me look over the following index.php and do_login.php file? My error is simple, any username, and password successfully logs in... Even if it's not in the database. Thanks in advanced. Index.php <?php session_start(); ?> <html> <head> <title>UMRT</title> </head> <body> <div></div> <?php if (isset($_SESSION['username'])) { ?> You are now logged in <a href="logout.php?logout=1">Logout</a> <?php } else { ?> <form action="do_login.php" method="post"> <table cellpadding="2" cellspacing="2" border="0"> <tr><td>Username:</td><td><input name="username" type="text" /></td></tr> <tr><td>Password:</td><td><input name="password" type="password" /></td></tr> <tr><td colspan="2"><input type="submit" value="Login" /></td></tr> </table> </form> <?php } ?> <!-- Output Error --> <?php if (in_array('error', $_SESSION)) echo $_SESSION['error']; unset($_SESSION['error']); ?> </body> </html> PHP: do_login.php <?php session_start(); $host = "localhost"; $dbuser = "root"; $dbpass = "super"; $dbname = "umrt"; if (isset($_POST['username'])) { // Mysql Connection $connection = mysql_connect($host, $dbuser, $dbpass) or die('MySQl Connection Error:' . mysql_error()); mysql_select_db($dbname) or die('MySQL Error: Cannot select table'); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $passwordcrypt = crypt($password , '$1$d4juhy6d$'); // MySQL Query $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$passwordcrypt'") or die(mysql_error()); if(!$result) { $_SESSION['error'] = 'Login Failed'; } else { // Mysql fetch row results $row = mysql_fetch_assoc($result); $_SESSION['id'] = $row['id']; $_SESSION['username'] = $username; $_SESSION['error'] = 'Login successful<br> Welcome, '.$username; } mysql_close($connection); } header('Location: index.php') ?> PHP:
After it logges the non-existent user in, is it able to provide the information to display the username from the table? (Login successful Welcome, xyz) or is it blank?
Replace that code: if(!$result) { $_SESSION['error'] = 'Login Failed'; } else { // Mysql fetch row results $row = mysql_fetch_assoc($result); $_SESSION['id'] = $row['id']; $_SESSION['username'] = $username; $_SESSION['error'] = 'Login successful<br> Welcome, '.$username; } PHP: with that code: if(!$result) { $_SESSION['error'] = 'Login Failed'; } else { // Mysql fetch row results $row = mysql_fetch_assoc($result); if (isset($row['id'])) { $_SESSION['id'] = $row['id']; $_SESSION['username'] = $username; $_SESSION['error'] = 'Login successful<br> Welcome, '.$username; } else { $_SESSION['error'] = 'Login Failed'; } } PHP: Let us know if it works. Steve
Thanks Steve for the response. It doesn't work either. Now no matter what i do, it won't login with the proper user name/password or anything. Also, the error echo isn't being displayed. For more info, i'm running php4, not sure if that makes a difference.
To show the error, in the index.php file, you must change this line: <?php if (in_array('error', $_SESSION)) echo $_SESSION['error']; unset($_SESSION['error']); ?> PHP: By this line: <?php if (isset($_SESSION['error'])) echo $_SESSION['error']; unset($_SESSION['error']); ?> PHP:
I just tested the login with my own database, and it works.. So if it doesnt work at your end, that means that the user/pass combination you are trying to login with is not currently in your database, or the encryption key on the password is not: $1$d4juhy6d$, when you insert the user/pass. Can you also show us your code when you register your user? Steve
I just got it working. It ended up being a md5 crypt function error in the registration side. And I added your code(s) and now everything works like a charm. I can still upload that registration script if you'd like.
If you fixed it and it was on the registration side, don't upload the code in this thread. Im glad you fixed it. Steve
if(mysql_num_rows($result)==0) { $_SESSION['error'] = 'Login Failed'; } else { // Mysql fetch row results $row = mysql_fetch_assoc($result); $_SESSION['id'] = $row['id']; $_SESSION['username'] = $username; $_SESSION['error'] = 'Login successful<br> Welcome, '.$username; } mysql_close($connection); } header('Location: index.php') ?> [/PHP][/QUOTE]