Hi, I am new to php and postgresql. I am having problems in login. It is always generating the error of incorrect password. I do not know where i am going wrong. Could anyone please have a look at the code and let me know where i am going wrong. <?php //testing the session session_start(); ?> <?php // Connects to your Database include "connect.php"; $username = $_POST["username"]; $password = $_POST["password"]; $check = pg_query("SELECT * FROM users WHERE username = '$username' and password = '$password'")or die(pg_error()); $info = pg_fetch_array( $check ); while($info = pg_fetch_array( $check )) { if ($password != $info['password']) { echo "you have entered an incorrect username or password, please try again !"; } else { header("Location: members.php"); } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['password']) { die('You did not fill in a required field.'); } // checks it against the database $check = pg_query("SELECT * FROM users WHERE username = '".$_POST['username']."' and password = '".$_POST['password']."'")or die(pg_error()); $check2 = pg_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>'); } while($info = pg_fetch_array( $check)) { //gives error if the password is wrong if ($_POST['password'] != $check['password']) { echo "incorrect password !"; } else { //then redirect them to the members area $_SESSION["username"] = $username; } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table valign="left" width="150" height="150" border="1"> <tr valign="left"> <tr valign="center"> <td> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="password" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?>
You have to use single quotes there instead of double quotes. Right now you are just sending the word username and the word password instead of the username and password field. Tell me if that helps
use $username = $_POST['username']; $password = $_POST['password']; PHP: instead of $username = $_POST["username"]; $password = $_POST["password"]; PHP:
It doesn't matter if you use a single or double quote, they are one of the same. I don't like going through code that isn't displayed probably (use code or PHP tags in your posts). Why aren't you using a MYSQL based system instead? Peace,
Try somethin like this.. works in php4 and php5! $username = $_POST['username']; $pword = $_POST['pword']; $username = trim($username); $pword = trim($pword); if(($username == null) || ($pword == null)) { } else { $cUsername = crypt($username, true); $link = mysql_connect("host", "user", "pass"); // edit as required mysql_select_db("dbase"); // edit as requried $sql = mysql_query("SELECT * FROM table where C_PWORD = '$pword' and C_KEY = '$cUsername'", $link); $num = mysql_num_rows($sql); $sql2 = mysql_query("SELECT * FROM table where C_PWORD = '$pword' and C_KEY = '$cUsername' and C_ACTIVATE = 1", $link); $num2 = mysql_num_rows($sql2); if($num2 == 1) { setcookie("key:", $cUsername, time()+300); mysql_close($link); header("Location: main.php"); } else if(($num == 1) && ($num2 == 0)) { $msg = ("Your account has not been activated yet!<br/>Please check the email you provided at registration for further instructions."); } else { $msg = ("Error! The username or password you entered is invalid!"); } } PHP:
Good to use it this way <?php //testing the session if (!isset($_SESSION)) { session_start(); } ?> AND USE PARENTHESIS // Connects to your Database include("connect.php");