dazz_club Posted March 27, 2008 Share Posted March 27, 2008 Hi,Im trying to set up a simple login problem but my script keeps informing me that i have the wrong username or password.Here is my hml form <form method="post" action="login.php"> <ul class="form"> <li>Please enter your name: <input type="text" name="username" id="username"></li> <li>Please enter reference password: <input type="password" name="password" id="password"></li> <li><input type="submit" name="submit" value="submit" title="submit" ></li> </ul> </form> and here is the code for the logn script <?phpsession_start();require_once 'includes/connection.php';// check that the form is submittedif(isset($_POST['submit'])){ // validate username if(isset($_POST['username']) && !empty($_POST['username'])) { // use the built in mysql real escape string function to protect agains SQL Injection $username = mysqli_real_escape_string($connection, $_POST['username']); } else { // username does not validate, define an error $errors[] = 'You have forgotton to include your username.'; } // we apply the same for the password field. if(isset($_POST['password']) && !empty($_POST['password'])) { $password = md5($_POST['password']); } else { $errors[] = 'Password not provided'; } // chekc that no errors have been set, if so display them if(isset($errors) && is_array($errors)) { echo 'Errors: <ul><li>' . implode('</li><li>', $errors) . '</li></ul>'; } // no errors are set so we'll continue else { $sql= " SELECT * FROM members WHERE username = '$username' AND password = '$password' "; $result = mysqli_query($connection, $sql) or die('Query Error:<br />Query: <tt>'.$sql.'</tt><br />Error: ' . mysqli_error($connection)); // check that the query return only ONE result if(mysqli_num_rows($result) == 1) { $_SESSION['is_logged_in'] = true; // get result set from the query and assign it to the 'user' session. $row = mysqli_fetch_assoc($result); $_SESSION['user'] = $row; // redirect to the login_success.php header('Location: login_success.php'); exit; } // query failed, display error echo "Wrong Username or Password"; }}// for was not submitted, display errorelse{ echo 'Please use the login form for logging in';}?> Here is what the members table looks like CREATE TABLE `members` ( `id` int(4) NOT NULL auto_increment, `username` varchar(65) collate utf8_unicode_ci NOT NULL, `password` varchar(65) collate utf8_unicode_ci NOT NULL, PRIMARY KEY (`id`)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=5; and this is what the username and password is INSERT INTO `members` (`id`, `username`, `password`) VALUES (1, 'darren', 'darren'); if anyone can shed any light it would be great.kind regardsDazzclub Link to comment Share on other sites More sharing options...
justsomeguy Posted March 27, 2008 Share Posted March 27, 2008 Print the return value from mysqli_num_rows($result) to see what it is, that's what you're testing to see if they entered the wrong username or password. It might be 2. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.