View Full Version : Login Page
wsg14
17-02-2009, 02:22 AM
<?php
session_start();
include ("global.php");
$d = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND password = '$password'");
$data = mysql_fetch_array($d);
if($ologged == "1"){
header("Location: index.php");
} else {
if($_GET['action'] == login){
$user = $_POST['username'];
$user = htmlspecialchars($user);
$password = $_POST['password'];
$password = htmlspecialchars($password);
$password = md5($password);
if($user == $data['username'] || $password == $data['password']){
if($data['activated'] == "no"){
echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
} else {
$_SESSION['user'] = $user;
$_SESSION['loggedin'] = 1;
header("Location: index.php");
}
} else {
echo "Your login credentials are incorrect.";
}
}
}
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>
My problem is that even though you enter the right credentials it says that they're incorrect. Thanks.
Agnostic Bear
17-02-2009, 04:23 AM
<?php
session_start();
include ("global.php");
$d = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND password = '$password'");
$data = mysql_fetch_array($d);
if($ologged == "1"){
header("Location: index.php");
} else {
if($_GET['action'] == login){
$user = $_POST['username'];
$user = htmlspecialchars($user);
$password = $_POST['password'];
$password = htmlspecialchars($password);
$password = md5($password);
if($user == $data['username'] || $password == $data['password']){
if($data['activated'] == "no"){
echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
} else {
$_SESSION['user'] = $user;
$_SESSION['loggedin'] = 1;
header("Location: index.php");
}
} else {
echo "Your login credentials are incorrect.";
}
}
}
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>My problem is that even though you enter the right credentials it says that they're incorrect. Thanks.
Well yes that would be because you're doing a mysql query before any variables are set.
wsg14
17-02-2009, 04:34 AM
<?php
session_start();
include ("global.php");
$user = $_POST['username'];
$user = htmlspecialchars($user);
$password = $_POST['password'];
$password = htmlspecialchars($password);
$password = md5($password);
$d = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
$data = mysql_fetch_array($d);
if($ologged == "1"){
header("Location: index.php");
} else {
if($_GET['action'] == "login"){
if($user == $data['username'] || $password == $data['password']){
if($data['activated'] == "no"){
echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
} else {
$_SESSION['user'] = $user;
$_SESSION['loggedin'] = 1;
header("Location: index.php");
}
} else {
echo "Your login credentials are incorrect.";
}
}
}
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>
It is still saying that the credentials are incorrect.
Agnostic Bear
17-02-2009, 04:38 AM
<?php
session_start();
include ("global.php");
$user = $_POST['username'];
$user = htmlspecialchars($user);
$password = $_POST['password'];
$password = htmlspecialchars($password);
$password = md5($password);
$d = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
$data = mysql_fetch_array($d);
if($ologged == "1"){
header("Location: index.php");
} else {
if($_GET['action'] == "login"){
if($user == $data['username'] || $password == $data['password']){
if($data['activated'] == "no"){
echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
} else {
$_SESSION['user'] = $user;
$_SESSION['loggedin'] = 1;
header("Location: index.php");
}
} else {
echo "Your login credentials are incorrect.";
}
}
}
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>It is still saying that the credentials are incorrect.
Your credentials are incorrect then. There's nothing wrong with that code.
wsg14
17-02-2009, 04:46 AM
I've tried over 10 different user combinations, none work. There must be something wrong that is slipping past us.
wsg14
17-02-2009, 04:53 AM
Just found something that would be part of the problem but it's still saying credentials are incorrect, here's the fix: (the query had a variable which didn't exist)
<?php
session_start();
include ("global.php");
$user = $_POST['username'];
$user = htmlspecialchars($user);
$password = $_POST['password'];
$password = htmlspecialchars($password);
$password = md5($password);
$d = mysql_query("SELECT * FROM users WHERE username = '$user' AND password = '$password'");
$data = mysql_fetch_array($d);
if($ologged == "1"){
header("Location: index.php");
} else {
if($_GET['action'] == "login"){
if($user == $data['username'] || $password == $data['password']){
if($data['activated'] == "no"){
echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
} else {
$_SESSION['user'] = $user;
$_SESSION['loggedin'] = 1;
header("Location: index.php");
}
} else {
echo "Your login credentials are incorrect.";
}
}
}
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>
When you registered the user you did md5 the password yes? You probably did, but when I made my first ever system, that was my problem for ages because I didn't understand how it worked :p
wsg14
17-02-2009, 08:50 PM
Yes on the register page it md5's the password.
wsg14
17-02-2009, 09:49 PM
Thanks to Iszak, he figured out the problem (wasn't the code, twas my column's varchar length).
Want to hide these adverts? Register an account for free!
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.