Login Page

wsg14 · 17-02-2009, 02:22 AM

PHP Code:


<?php
session_start();
include ("global.php");


$d = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND password = '$password'");
$data = mysql_fetch_array($d);

if($ologged == "1"){
    header("Location: index.php");
} else {
    if($_GET['action'] == login){
        $user = $_POST['username'];
        $user = htmlspecialchars($user);
        $password = $_POST['password'];
        $password = htmlspecialchars($password);
        $password = md5($password);
        
        if($user == $data['username'] || $password == $data['password']){
            if($data['activated'] == "no"){
                echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
            } else {
             $_SESSION['user'] = $user;
            $_SESSION['loggedin'] = 1;
            header("Location: index.php");
            }
        } else {
            echo "Your login credentials are incorrect.";
        }
    }
}
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>

My problem is that even though you enter the right credentials it says that they're incorrect. Thanks.

Agnostic Bear · 17-02-2009, 04:23 AM

Originally Posted by wsg14

PHP Code:


<?php
session_start();
include ("global.php");


$d = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND password = '$password'");
$data = mysql_fetch_array($d);

if($ologged == "1"){
    header("Location: index.php");
} else {
    if($_GET['action'] == login){
        $user = $_POST['username'];
        $user = htmlspecialchars($user);
        $password = $_POST['password'];
        $password = htmlspecialchars($password);
        $password = md5($password);
        
        if($user == $data['username'] || $password == $data['password']){
            if($data['activated'] == "no"){
                echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
            } else {
             $_SESSION['user'] = $user;
            $_SESSION['loggedin'] = 1;
            header("Location: index.php");
            }
        } else {
            echo "Your login credentials are incorrect.";
        }
    }
}
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>

My problem is that even though you enter the right credentials it says that they're incorrect. Thanks.

Well yes that would be because you're doing a mysql query before any variables are set.

wsg14 · 17-02-2009, 04:34 AM

PHP Code:


<?php
session_start();
include ("global.php");

$user = $_POST['username'];
$user = htmlspecialchars($user);
$password = $_POST['password'];
$password = htmlspecialchars($password);
$password = md5($password);

$d = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
$data = mysql_fetch_array($d);

if($ologged == "1"){
    header("Location: index.php");
} else {
    if($_GET['action'] == "login"){
        
        if($user == $data['username'] || $password == $data['password']){
            if($data['activated'] == "no"){
                echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
            } else {
             $_SESSION['user'] = $user;
            $_SESSION['loggedin'] = 1;
            header("Location: index.php");
            }
        } else {
            echo "Your login credentials are incorrect.";
        }
    }
}
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>

It is still saying that the credentials are incorrect.

Agnostic Bear · 17-02-2009, 04:38 AM

Originally Posted by wsg14

PHP Code:


<?php
session_start();
include ("global.php");

$user = $_POST['username'];
$user = htmlspecialchars($user);
$password = $_POST['password'];
$password = htmlspecialchars($password);
$password = md5($password);

$d = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
$data = mysql_fetch_array($d);

if($ologged == "1"){
    header("Location: index.php");
} else {
    if($_GET['action'] == "login"){
        
        if($user == $data['username'] || $password == $data['password']){
            if($data['activated'] == "no"){
                echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
            } else {
             $_SESSION['user'] = $user;
            $_SESSION['loggedin'] = 1;
            header("Location: index.php");
            }
        } else {
            echo "Your login credentials are incorrect.";
        }
    }
}
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>

It is still saying that the credentials are incorrect.

Your credentials are incorrect then. There's nothing wrong with that code.

wsg14 · 17-02-2009, 04:46 AM

I've tried over 10 different user combinations, none work. There must be something wrong that is slipping past us.

wsg14 · 17-02-2009, 04:53 AM

Just found something that would be part of the problem but it's still saying credentials are incorrect, here's the fix: (the query had a variable which didn't exist)

PHP Code:


<?php
session_start();
include ("global.php");

$user = $_POST['username'];
$user = htmlspecialchars($user);
$password = $_POST['password'];
$password = htmlspecialchars($password);
$password = md5($password);

$d = mysql_query("SELECT * FROM users WHERE username = '$user' AND password = '$password'");
$data = mysql_fetch_array($d);

if($ologged == "1"){
    header("Location: index.php");
} else {
    if($_GET['action'] == "login"){
        
        if($user == $data['username'] || $password == $data['password']){
            if($data['activated'] == "no"){
                echo "Sorry but you have not activated your account yet. Please activate it by going to your inbox or if you have not received the email you can <a href=\"login.php?action=resendemail\">resend it.</a>";
            } else {
                $_SESSION['user'] = $user;
                $_SESSION['loggedin'] = 1;
                header("Location: index.php");
            }
        } else {
            echo "Your login credentials are incorrect.";
        }
    }
} 
?>
<form action="?action=login" method="POST">
<input type="text" name="username" value="Username" />
<input type="password" name="password" value="password" />
<input type="submit" value="login" />
</form>

Joe! · 17-02-2009, 04:16 PM

When you registered the user you did md5 the password yes? You probably did, but when I made my first ever system, that was my problem for ages because I didn't understand how it worked :p

wsg14 · 17-02-2009, 08:50 PM

Yes on the register page it md5's the password.

wsg14 · 17-02-2009, 09:49 PM

Thanks to Iszak, he figured out the problem (wasn't the code, twas my column's varchar length).

Thread: Login Page

Thread Tools

Login Page

Posting Permissions