login script problem

**omarali** · Mar 24th, 2008, 04:21 PM

Hi could anyone help, the script suppose to access the database, but keeping said invalid username/password I checked every thing, and the username and password are in the database. Could you please replay using the [email removed — Mod] email address because the member one not working. Thanks

PHP Code:


<?php

session_start();

include "conn.inc.php";

if (isset($_POST['submit']))

{





     $query = "SELECT username, password FROM users " .

         "WHERE username = '" . $_POST['username'] ."' " .

            "AND password = (PASSWORD('" . $_POST['password'] . "'));";



     $result = mysql_query($query) 

         or die(mysql_error());



     if (mysql_num_rows($result) == 1)

     {

          $_SESSION['user_logged'] = $_POST['username'];

          $_SESSION['user_password'] = $_POST['password'];

          header ("Refresh: 5; URL=" . $_POST['redirect'] . "");

          echo "You are being redirected to your original page request!<br>";

          echo "(If your browser doesn't support this, <a href=\"" .

               $_POST['redirect']. "\">click here</a>)";

     }

         else

         {

        

?>

          <html>

          <head>

          <title>user Login</title>

          </head>

          <body>

                    

            

                    <fieldset>

          Invalid Username and/or Password<br>

          Not registered? <a href="register.php">Click here</a> to register.<br>

          <form action="user_login.php" method="post">

          <input type="hidden" name="redirect" 

                    value="<?php echo $_POST['redirect']; ?>">

          Username: <input type="text" name="username"><br>

          Password: <input type="password" name="password"><br><br>

          <input type="submit" name="submit" value="Login">

          </form>

                    </fieldset>

                    </bpdy>

                    </html>

<?php 



     }

}

else

{



if(isset($_GET['redirect']))

{

$redirect = $_GET['redirect'];

}else

{

$redirect="index.php";

}

?>

     <html>

     <head>

     <title>User Login</title>

     </head>

     <body>

         <fieldset>

     Login below by supplying your username/password...<br>

     Or <a href="register.php">click here</a> to register.<br><br>

     <form action="user_login.php" method="post">

     <input type="hidden" name="redirect" value="<? echo $redirect; ?>">

     Username: <input type="text" name="username" ><br>

     Password: <input type="password" name="password" ><br><br>

     <input type="submit" name="submit" value="Login">

     </form>

         </fieldset>

     </body>

     </html>

<?php

}

?>

**k1ll3rdr4g0n** · Mar 24th, 2008, 10:16 PM

How are you storing your passwords? It seems like it uses MySQL's PASSWORD hash scheme to check against the passwords.

Please post an example row from your MySQL table. An example means don't post your everyday password, fyi

.

**dclamp** · Mar 24th, 2008, 10:36 PM

i would remove you email from your post if i were you. Your inbox will be spammed

Also, i made some changes to you code, mostly organized it. But you might want to try my code and see if it works

PHP Code:


<?php
session_start();
include "conn.inc.php";
if (isset($_POST['submit']))
{
     $query = "SELECT username, password FROM users WHERE username='{$_POST['username']}' AND password=PASSWORD('{$_POST['password']}')";

     $result = mysql_query($query) or die(mysql_error());

     if (mysql_num_rows($result) == 1)
     {
          $_SESSION['user_logged'] = $_POST['username'];
          $_SESSION['user_password'] = $_POST['password'];
          header("Refresh: 5; URL='{$_POST['redirect']}'");
          echo "You are being redirected to your original page request!<br>";
          echo "(If your browser doesn't support this, <a href='{$_POST['redirect']}'>click here</a>)";
    }
    else
    {        
    ?>
        <html>
        <head>
            <title>user Login</title>
        </head>
        <body>
            <fieldset>
                Invalid Username and/or Password<br>
                Not registered? <a href="register.php">Click here</a> to register.<br>
                <form action="user_login.php" method="post">
                    <input type="hidden" name="redirect" value="<?php echo $_POST['redirect']; ?>">
                    Username: <input type="text" name="username"><br>
                    Password: <input type="password" name="password"><br><br>
                    <input type="submit" name="submit" value="Login">
                </form>
            </fieldset>
        </body>
        </html>
    <?php }
}
else
{

if(isset($_GET['redirect']))
{
    $redirect = $_GET['redirect'];
}
else
{
    $redirect="index.php";
}
?>
    <html>
    <head>
        <title>User Login</title>
    </head>
    <body>
        <fieldset>
            Login below by supplying your username/password...<br>
            Or <a href="register.php">click here</a> to register.<br><br>
            <form action="user_login.php" method="post">
                <input type="hidden" name="redirect" value="<? echo $redirect; ?>">
                Username: <input type="text" name="username" ><br>
                Password: <input type="password" name="password" ><br><br>
                <input type="submit" name="submit" value="Login">
            </form>
        </fieldset>
    </body>
    </html>
<?php
}
?>

Also might want to take a look at mysql_real_escape_string()

**DigiRev** · Mar 24th, 2008, 11:00 PM

Not really related to the question, but using $_POST values directly in your query is prone to MySQL injection.

Edit: Nvm, missed what dclam posted.

**omarali** · Mar 26th, 2008, 07:08 PM

Hi thanks the problem has been sorted. just I worked out the qouetation mark, in the query statement.

**dclamp** · Mar 26th, 2008, 11:14 PM

next time your problem is resolves you can just use Resolve Thread in the Thread Tools menu in the original thread.

There is no need to create a new thread.

**omarali** · Mar 31st, 2008, 06:11 AM

Hi everyone
sorry this is log senario, I am using the bllow php script to register user, it is work fine it store the data into table that been created for this perpose in in mysql database. But when I try to log in using another script allways said username invalid.
but if I insert the data into the same table using mysql command instead of the script register, the log in script working fine could anyone please tell me what is wrong. Thanks

Code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!-- This script creat registeration page -->
<?php 
//  start the session 
session_start();

//use extenral file to connect to MySQL 
include "conn.inc.php";
?>
<html>

<head>
<title>Registration Page</title>
</head>
<body>
<?php 
// check if the form has been submited and assigned to Register form
if (isset($_POST['submit']) && $_POST['submit']=="Register")
{
 	 //checking the information which entered by a user
	 if($_POST['username'] != "" && 
			$_POST['password'] != "" &&
			$_POST['firstname']!= "" && 
			$_POST['sex'] != "");
			{
			 		
					$check_user = $_POST['username'];
					//create query to extract user information from the database
          $query = "SELECT username FROM users WHERE username =
          '$check_user';";
	
				  // store the result of fail 
					$res = mysql_query($query)
					
					// display error in case of no 
					or die(mysql_error());
				// check if the there is a result, if greate than zero the form excuted
					if (mysql_num_rows($res) != 0)
					{
?>


<p>
The username 
<?php echo $_POST['username']; ?>,is alredy exsit, please choose
 another<br/>
 <fieldset  >
 <legend>This Is Regestration Form</legend>
<form action="register.php" method="post"> 
Username:  <input type="text" name="username"><br/>
Password:  <input type="password" name="password"  value=
"<?php echo $_POST['password']; ?> "><br/>
Firsname : <input type="text" name="firstname"  
value="<?php echo $_POST['firstname']; ?>"><br />
     Sex : <input type="text" name= "sex" 
value="<?php echo $_POST['sex']; ?>"><br />
<input type="submit" name="submit" 
value="Register"> &nbsp;
<input type="reset" value="Clear">
</form>

</p>
</fieldset>
<?php 
}
else
{
    //inserting data int user table
 		$query = "INSERT INTO users(username,password,firstname,sex)" .
				"VALUES ('" . $_POST['username'] . 
				"'," . "(PASSWORD('" . $_POST['password']. "')),'" . 
				$_POST['firstname'] .
				"' ,'" . $_POST['sex'] . "');";
				
				
          // store the result of the query 
					$result = mysql_query($query) 
					or die(mysql_error());
          
					// cheks the user logged in with specified user name and password
					// using session
					$_SESSION['user_logged'] = $_POST['username'];
          $_SESSION['user_password'] = $_POST['password'];
?>
<p> Thank you, <?php echo $_POST['firstname']; ?> for registering<br/>
<?php 
			header("Refresh: 5 URL=main.html");
			echo "Your regiasteration is complete" .
			"you are bieng sent to page your are reguired <br/>";
			echo "(if your browser doesnot support this " .
			"<a href=\"main.html.php\"> Click Here</a>)";
			die();
			}
		
		}
						
?>
<fieldset>
<legend>This regestration Form</legend>
 <p> The Username, Password, Firstname, and
          sex fields are required!</b>
          <form action="register.php" method="post">
          Username: <input type="text" name="username" value="<?php echo
					$_POST['username']; ?>"><br>
					Password: <input type="password" name="password" value="<?php echo
          $_POST['password']; ?>"><br>
          Firstname: <input type="text" name="firstname" value="<?php echo
					$_POST['first_name']; ?>"><br>
          sex: <input type="text" name="sex" value="<?php echo
					$_POST['sex']; ?>"><br>
          <input type="submit" name="submit" value="Register"> &nbsp; 
					<input type="reset" value="Clear">
          </form>
</p>		
</fieldset>
<?php
    
 }

else
{
?>
<fieldset>
<legend>Welcome to the registration page</legend>
<p>
<br>
The Username, Password, First Name, and Sex field are required!
<form action="register.php" method="post">
Username: <input type="text" name="user_name"><br>
Password: <input type="password" name="password"><br>
Firstname : <input type="text" name="first_name"><br>

Sex     : <input type="text" name="sex"><br>
<input type="submit" name="submit" value="Register"> &nbsp; 
<input type="reset" value="Clear">
</form>
</fieldset>
<?php
}
?>

</body>
</html>

**dclamp** · Mar 31st, 2008, 11:42 AM

This is the 3rd thread you have created about your login problem:

http://www.vbforums.com/showthread.php?t=515971 http://www.vbforums.com/showthread.php?t=515312 http://www.vbforums.com/showthread.php?t=514956

I am going to have a mod clean them up. Double posting is bad enough, but triple posting?

**omarali** · Mar 31st, 2008, 05:47 PM

Sorry mate first it not the same, could be the title same but if you read the script carfully you found it is different one and second the problem with last time script has been solved and I did notified the forum about it.

**penagate** · Mar 31st, 2008, 07:28 PM

I've merged them. Your problem might be different but we would prefer it if you would keep one topic to one thread.

Thread: login script problem

Thread Tools

Display

login script problem

Re: login script problem

Re: login script problem

Re: login script problem

log in problem

Re: log in problem

login script problem

Re: login script problem

Re: login script problem

Re: login script problem

Posting Permissions