Hi... Below the code <?php include "pass.php"; session_start(); $user = isset($_POST['user']) ? $_POST['user'] : $_SESSION['user']; $pass = isset($_POST['pass']) ? md5($_POST['pass']) : $_SESSION['pass']; mysql_query("insert into login('', '$user', '$pass')"); $link = mysql_connect($hostname, $username, $password); if($link){ $db = mysql_select_db("time", $link); } $sql = "select * from login where username = '$user' and password = password('$pass')"; $result2 = mysql_query($sql); if(!isset($pass) || !isset($user)) { if($result2) { ?> <form method=POST action=""> <div align=center >Enter login details</div><br> <table align = center> <tr><td>Username</td><td><input type=text name=user value=""> <tr><td>Password</td><td><input type=password name=pass value=""> <tr><td><input type=submit value="Submit"></td></tr> </table> </form> <?php } } else if($result2 != 'pass'){ echo "<font>Authentication Failed</font>"; } ?> issue for this code for password is correct or incorrect, the result will be occured Authentication failed.. What is the issue for this code? pls help.. regards subha
<?php include "pass.php"; session_start(); //$user = isset($_POST['user']) ? $_POST['user'] : $_SESSION['user']; //$pass = isset($_POST['pass']) ? md5($_POST['pass']) : $_SESSION['pass']; $user=$_REQUEST["user"]; $pass=md5($_REQUEST["user"]); mysql_query("insert into login('', '$user', '$pass')"); $link = mysql_connect($hostname, $username, $password); if($link){ $db = mysql_select_db("time", $link); } $sql = "select * from login where username = '$user' and password = $pass"; $result2 = mysql_query($sql); if(!isset($pass) || !isset($user)) { if($result2) { ?> <form method=POST action=""> <div align=center >Enter login details</div><br> <table align = center> <tr><td>Username</td><td><input type=text name=user value=""> <tr><td>Password</td><td><input type=password name=pass value=""> <tr><td><input type=submit value="Submit"></td></tr> </table> </form> <?php } } else if($result2 != 'pass'){ echo "<font>Authentication Failed</font>"; } ?> plz try this.. it will work.. if not work let me know..
If you can post the code again but surrounded by CODE tags because it formats it like this: Hello world Code (markup): I'll take a look at it for you.
actually, mysql_query should give error because it should be after mysql_connect sentence. give mysql_connect function before mysql_* function and it should work. Let me know.
you have $result2 = mysql_query($sql); and then you have if($result2 != 'pass') the first impression i have is that, $result is always != 'pass' (why would $result became pass?) correct me if i am wrong.
<?php include "pass.php"; session_start(); //CONNECT TO THE DATABASE $link = mysql_connect($hostname, $username, $password) or die('I cannot connect to the database because: '.mysql_error()); mysql_select_db("time", $link); $msg='Enter login details'; if ($_POST['sublogin']) { //DID USER CLICK THE SUBMIT BUTTON? $user=$_POST["user"]; $pass=md5($_POST["user"]); if (mysql_query("INSERT INTO `login` (`username`,`password`) VALUES ('".$user."','".$pass."')")) { echo 'Added OK<br />'; } else { echo 'Not added<br />'; } //CHECK THE USER AND PASS WITH WHAT'S IN THE DATABASE $query = mysql_query("SELECT * FROM `login` WHERE `username` = '".$user."' AND `password` = '".$pass."'"); if (mysql_num_rows($query)>0) { //CHECK HOW MANY ROWS OUR QUERY RETURNED $msg='Login successful'; } else { $msg='Login failed!'; } } ?> <form method="post" action=""> <div align="center"><?=$msg?></div><br> <table align=center> <tr><td>Username</td><td><input type="text" name="user" value=""></td></tr> <tr><td>Password</td><td><input type="password" name="pass" value=""></td></tr> <tr><td><input type="submit" name="sublogin" value="Login"></td></tr> </table> </form> PHP: As you can see I've changed quite a bit as you seemed to be doing things in the wrong order. I've placed the database connection at the top - you can't INSERT until there is a connection which you were trying to do before. If you've got a connection being established in "pass.php" then you don't have to connect again. I changed $_REQUEST to $_POST as you're using method="post" - the $_REQUEST method reads from both the URL and $_POST. I've corrected the MySQL "INSERT" line. If you indent your code you'll find it a lot easier to read and debug should you get errors plus I've added the </td></tr> onto the end of the table's cell lines as they were missing. Other small bits and pieces sorted as well. Any questions - ask away!