Ok, I have all my functions working along with the real_escape_string(). Now I just need to find out WHY the password check isn't working properly. Whenever I try to login with the username: Dyl and the password it was signed up with, it says "Dyl is an existing username, but it's not the right password" when it is.. Can anyone see what I'm doing wrong?
<?php
session_start();
switch (@$_POST['Button'])
{
case "Log in";
include("haha.php");
$cxn = mysqli_connect($host,$user,$password,$database);
$fusername = $cxn->real_escape_string($_POST['fusername']);
$sql = "SELECT `username` FROM `Member` WHERE `username`='$fusername'";
$result = mysqli_query($cxn,$sql) or die("Query died: fusername");
$num = mysqli_num_rows($result);
if($num > 0)
//username was found
{
include("haha.php");
$cxn = mysqli_connect($host,$user,$password,$database);
$fpassword = $cxn->real_escape_string($_POST['fpassword']);
$sql = "SELECT `username` FROM `Member` WHERE `username`='$fusername' AND `password`=md5('$fpassword')";
$result2 = mysqli_query($cxn,$sql) or die("Query died: fpassword");
$num = mysqli_num_rows($result2);
if($num > 0) //password matches
{
include("haha.php");
$cxn = mysqli_connect($host,$user,$password,$database);
$_SESSION['auth']="yes";
$_SESSION['username'] = $fusername;
$sql = "INSERT INTO Login (username,loginTime) VALUES ('$fusername',NOW())";
$result = mysqli_query($cxn,$sql) or die("Query died: insert");
header("Location: testing.php");
}
THERE IS MORE CODE BUT IT DOESNT DEAL WITH THE PASSWORD CONFIRMATION
Ok so can anyone see anything that is wrong? I've checked and looked 5 million times and I really can't find anything..
And I KNOW I don't have to include the haha.php and do the $cxn every time. I'm just making sure it follows everything because I was trying to find the error. After I find it, I will delete it because there is no point having that much includes and connections when one was already made at the top. xD