Hi everyone,

Having a little difficulty getting anything from this.

The code appears to me to be correct, then again I have been looking at it for hours, so it is possible there could be a mistake...... :/

Anyway, the code seems sound, should let me login and instead gets nothing from the database and says login failed every single time.

Any help much appreciated!

<?php
session_start();
require("./config.php");

$con = mysql_connect($sqlserver,$sqluser,$sqlpassword);
if (!$con)
  {
  die('Connection to SQL Server failed. Error: ' . mysql_error());
  }

$username = $_POST['username'];
$password = $_POST['password'];

mysql_select_db($sqldb, $con);
$sql= "SELECT * FROM admins WHERE username='$username' AND password='$password'";
$result = mysql_query($sql) or die('Query failed: ' . mysql_error() . "<br />"); 

$count = mysql_num_rows($result);

if($count==1)
{
$_SESSION["username"] = $username;
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0;URL=./successpage.php\">\n"; 
}
else
{
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1;URL=./index.php?msg=Sorry those details were unrecognised, please try again.\">\n"; 
}
mysql_close($con);
?>

Cheers,
Jack.

Can you post the actual mysql error you are getting.

Hi Pritaeas, It's not a MYSQL error I get. The system just simply refuses to login with any user from the DB. It seems like maybe it is not using the received data to check against the db, but I am unsure.

If it helps anyone, here is the login form (form code) itself.

<form name="l-auth" method="post" action="newlogincheck.php" enctype="multipart/form-data" class="auto-style11">
     <div class="auto-style2">
     <div class="auto-style9">
	<strong><span class="auto-style7">USERNAME</span>&nbsp;&nbsp;
	<input class="auto-style3" name="username" style="width: 165px; border-style: groove; background-color: #9FCBD0;" type="text" /><br />
	<span class="auto-style7">PASSWORD</span>&nbsp;
	<input class="auto-style6" name="Password" style="width: 165px; border-style: groove; background-color: #9FCBD0;" type="password" /></strong>
     </div>
     </div>
<p class="auto-style1">
<input name="Submit" style="background-image: url('../images/admint/loginbtn.png'); border-style: none; width: 177px; height: 47px;" type="submit" value="" class="auto-style10" />
</p>
</form>
Member Avatar for diafol
enctype="multipart/form-data"

not req'd unless you're uploading a file.

$count = mysql_num_rows($result);
if($count==1)

Could there be more than one entry - if so, it will fail. Perhaps:

$count = mysql_num_rows($result);
if($count>0)

Also you don't clean the input, you need to use mysql_real_escape_string() on all your $_POSTs, otherwise " and ' could cause SQL injection.

Do this to see if you are connected to what you think:

$r= mysql_query("SELECT * FROM admins");
while($d = mysql_fetch_array($r)){
  echo $d['username'] . " " . $d['password'] . "<br />";
}

You should get a list of all users and their passwords.

Using a "LIMIT 1" at the end of your SQL should speed things up if you have a lot of users. Otherwise once found, the query will still search for more hits.

Are you sure the password is stored as plain text in the database ?

It's alright, I fixed it. Was simply down to one of the values not being passed due to one variable being capitalised and I hadn't noticed cos I was so tired.

Thanks for your help pritaeas!!!!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.