Programming Forums > Web Development and Design > PHP

foxcity911 · Jun 28th, 2005, 7:51 PM

when i run this script it always comes up my error message 'incorrect login...'. i cant see anything wrong with it, can you?
here's my login page

(Toggle Plain Text)

<?
print "<B>Login<B>";
print "<P>";

print "<FORM action=login_authenticate.php METHOD=POST>";
print "Username:";
print "<INPUT TYPE=TEXT NAME=username>";
print "<P>";
print "Password:";
print "<INPUT TYPE=PASSWORD NAME=password>";
print "<P>";
print "<INPUT TYPE=SUBMIT VALUE=SUBMIT NAME=login>";
print "</FORM>";

?>

the login page has no problems, but my authenticate page does.

(Toggle Plain Text)

<?


//convert the field values to simple variables 

//add slashes to the username and md5() the password 
$user = $_REQUEST['username']; 
$pass = md5($_REQUEST['password']); 


//set the database connection variables 

$dbHost = "localhost"; 
$dbUser = "root";  
$dbDatabase = "logins"; 

//connet to the database 

$db = mysql_connect("$dbHost", "$dbUser"); 

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 

$result=mysql_query("select * from login where user='$user' AND pass='$pass'", $db); 

//check that at least one row was returned 

$rowCheck = mysql_num_rows($result); 
if($rowCheck > 0){ 
while($row = mysql_fetch_array($result)){ 

  //start the session and register a variable 

  session_start(); 
  session_register($user); 

  //successful login code will go here... 
  echo 'Success!'; 

  } 

  } 
  else { 

  //if nothing is returned by the query, unsuccessful login code goes here... 

  echo 'Incorrect login name or password. Please try again.'; 
  } 
 
?>

my DB is called logins and my table is called login

DaWei · Jun 28th, 2005, 8:03 PM

You don't say HOW it's failing. Remember, you're in front of your machine looking at your code, we aren't. You have to say things. Is your database password an empty password? I recommend you get used to putting an "or die" after things like the query. The best error to print out is the returned mysql_error (). Queries fail REALLY REALLY often. It helps to know if it failed, because it narrows things down. This bubba 'spects your $rowCheck is zero because of a bad query.

foxcity911 · Jun 28th, 2005, 8:17 PM

thanks dawei that was actually very helpful. i forgot about the or die on rowcheck
it is rowchecks fault!!!! my table isnt empty. i have 2 fields, user and pass. usernames are foxcity911 and harry passwords are catboy and potter resepectively.

foxcity911 · Jun 28th, 2005, 8:33 PM

i found the problem i replaced the $_REQUEST with $_POST and i got rid of md5 cos it isn't encrypting shit.

BlazingWolf · Jun 28th, 2005, 8:54 PM

In regard to MD5. You need to store the hash of the password in the database.

Otherwise it will always return no rows because the hash will never be the same as your string 'catboy'.

So then when you hash the password that was entered on the form you can match it to the hash in the database.

Jun 28th, 2005, 7:51 PM	#1
foxcity911 Programmer Join Date: Jun 2005 Location: Queensland Posts: 37 Rep Power: 0	Why doesn't this login work? when i run this script it always comes up my error message 'incorrect login...'. i cant see anything wrong with it, can you? here's my login page (Toggle Plain Text) <? print "<B>Login<B>"; print "<P>"; print "<FORM action=login_authenticate.php METHOD=POST>"; print "Username:"; print "<INPUT TYPE=TEXT NAME=username>"; print "<P>"; print "Password:"; print "<INPUT TYPE=PASSWORD NAME=password>"; print "<P>"; print "<INPUT TYPE=SUBMIT VALUE=SUBMIT NAME=login>"; print "</FORM>"; ?> <? print "<B>Login<B>"; print "<P>"; print "<FORM action=login_authenticate.php METHOD=POST>"; print "Username:"; print "<INPUT TYPE=TEXT NAME=username>"; print "<P>"; print "Password:"; print "<INPUT TYPE=PASSWORD NAME=password>"; print "<P>"; print "<INPUT TYPE=SUBMIT VALUE=SUBMIT NAME=login>"; print "</FORM>"; ?> the login page has no problems, but my authenticate page does. (Toggle Plain Text) <? //convert the field values to simple variables //add slashes to the username and md5() the password $user = $_REQUEST['username']; $pass = md5($_REQUEST['password']); //set the database connection variables $dbHost = "localhost"; $dbUser = "root"; $dbDatabase = "logins"; //connet to the database $db = mysql_connect("$dbHost", "$dbUser"); mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); $result=mysql_query("select * from login where user='$user' AND pass='$pass'", $db); //check that at least one row was returned $rowCheck = mysql_num_rows($result); if($rowCheck > 0){ while($row = mysql_fetch_array($result)){ //start the session and register a variable session_start(); session_register($user); //successful login code will go here... echo 'Success!'; } } else { //if nothing is returned by the query, unsuccessful login code goes here... echo 'Incorrect login name or password. Please try again.'; } ?> <? //convert the field values to simple variables //add slashes to the username and md5() the password $user = $_REQUEST['username']; $pass = md5($_REQUEST['password']); //set the database connection variables $dbHost = "localhost"; $dbUser = "root"; $dbDatabase = "logins"; //connet to the database $db = mysql_connect("$dbHost", "$dbUser"); mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); $result=mysql_query("select * from login where user='$user' AND pass='$pass'", $db); //check that at least one row was returned $rowCheck = mysql_num_rows($result); if($rowCheck > 0){ while($row = mysql_fetch_array($result)){ //start the session and register a variable session_start(); session_register($user); //successful login code will go here... echo 'Success!'; } } else { //if nothing is returned by the query, unsuccessful login code goes here... echo 'Incorrect login name or password. Please try again.'; } ?> my DB is called logins and my table is called login

Jun 28th, 2005, 8:03 PM	#2
DaWei Resident Grouch Join Date: Jun 2005 Posts: 6,453 Rep Power: 10	You don't say HOW it's failing. Remember, you're in front of your machine looking at your code, we aren't. You have to say things. Is your database password an empty password? I recommend you get used to putting an "or die" after things like the query. The best error to print out is the returned mysql_error (). Queries fail REALLY REALLY often. It helps to know if it failed, because it narrows things down. This bubba 'spects your $rowCheck is zero because of a bad query. __________________ Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code. Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers

Jun 28th, 2005, 8:54 PM	#5
BlazingWolf Hobbyist Programmer Join Date: Sep 2004 Posts: 207 Rep Power: 5	In regard to MD5. You need to store the hash of the password in the database. Otherwise it will always return no rows because the hash will never be the same as your string 'catboy'. So then when you hash the password that was entered on the form you can match it to the hash in the database. __________________ _______________________________ BlazingWolf

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Jun 28th, 2005, 8:17 PM	#3
foxcity911 Programmer Join Date: Jun 2005 Location: Queensland Posts: 37 Rep Power: 0	thanks dawei that was actually very helpful. i forgot about the or die on rowcheck it is rowchecks fault!!!! my table isnt empty. i have 2 fields, user and pass. usernames are foxcity911 and harry passwords are catboy and potter resepectively.

Jun 28th, 2005, 8:33 PM	#4
foxcity911 Programmer Join Date: Jun 2005 Location: Queensland Posts: 37 Rep Power: 0	i found the problem i replaced the $_REQUEST with $_POST and i got rid of md5 cos it isn't encrypting shit.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Programming Forums > Web Development and Design > PHP

Why doesn't this login work?