Colourtheory Posted December 20, 2012 Share Posted December 20, 2012 For some reason, it always says that the password is incorrect. I have looked at everything, so I'm hoping that someone can help me <? //This function will find and checks if your data is correct //Collect your info from login form $username = $_REQUEST['username']; $password = $_REQUEST['password']; //Connecting to database $connect = mysql_connect("myhost", "myuser", "mypass"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("mydatabase", $connect); if(!$select_db){ die(mysql_error()); } //Find if entered data is correct $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; $select_user = mysql_query("SELECT * FROM users WHERE id='$id'"); $row2 = mysql_fetch_array($select_user); $user = $row2['username']; if($username != $user){ die("Username is wrong!"); } $pass_check = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id'"); $row3 = mysql_fetch_array($pass_check); $email = $row3['email']; $select_pass = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id' AND email='$email'"); $row4 = mysql_fetch_array($select_pass); $real_password = $row4['password']; if($password != $real_password){ die("Your password is wrong!"); } //Now if everything is correct let's finish his/her/its login session_register("username", $username); session_register("password", $password); echo "Welcome, ".$username." please continue on our <a href=index.php>Index</a>"; ?> Link to comment Share on other sites More sharing options...
kanchatchai Posted December 20, 2012 Share Posted December 20, 2012 (edited) <?PHP@session_start();//This function will find and checks if your data is correct//Collect your info from login form if (isset($_REQUEST['logout']))unset($_SESSION["username"]);//Show Logout Buttonif (isset($_SESSION["username"]))echo '<form method="post" name="logoutform" action=""> Username: '.$_SESSION["username"].' <input value="logout" name="logout" type="submit"><br></form>';//Show Login Formelseif (!(isset($_POST['username'])&&isset($_POST['password']))){echo '<b>Login Form</b><br/><form method="post" name="loginform" action=""> User Name:<input name="username"><br> User Password:<input name="password" type="password"><br><input value="Login" name="submit" type="submit"><br></form>';}else{ $username = $_POST['username']; $password = $_POST['password']; //Connecting to database $connect = mysql_connect("myhost", "myuser", "mypass"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("mydatabase", $connect); if(!$select_db){ die(mysql_error()); } //check username $result = mysql_query("SELECT * FROM users WHERE username='$username'"); $row = mysql_fetch_array($result); $user = $row['username']; if($username != $user){ die('Username is wrong! <br/><a href="">Try again</a>'); } else $select_pass = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); while($row4 = mysql_fetch_array($select_pass)) { $_SESSION["username"] = $_POST["username"]; } if (isset($_SESSION["username"] )) echo 'Welcome, '.$_SESSION["username"].' please continue on our <a href="index.php">Index</a>'; else die('Your password is wrong! <br/><a href="">Try again</a>'); }?> Edited December 20, 2012 by kanchatchai Link to comment Share on other sites More sharing options...
justsomeguy Posted December 20, 2012 Share Posted December 20, 2012 Why are you sending 4 database queries to check a username and password? When they enter their username and password you send 1 query to get the entire record for that username. Not the username plus the password, or the username plus an ID, or the username plus an ID and an email, just the username. Look up the record with the username that they typed in. If it doesn't exist, show an error that the username wasn't found. Otherwise, compare the password they entered with the password in the database record you got. If that doesn't match, show an error that the password is wrong. Or else, set your session variables and do whatever else. There's an example of that kind of thing here: http://w3schools.invisionzone.com/index.php?showtopic=12509 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now