Member Avatar for tcollins412

i have a register and a log in page and it will not work. Here is the script for the register:

$myusername=$_POST['user'];
$mypassword=$_POST['pass'];
$cleanpwd=md5('$mypassword');

$myusername = stripslashes($myusername);
$cleanpwd = stripslashes($cleanpwd);
$myusername = mysql_real_escape_string($myusername);
$cleanpwd = mysql_real_escape_string($cleanpwd);

$sql="SELECT * FROM $tbl_name WHERE email='$myusername' and password='$cleanpwd'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
setcookie('username', '$myusername');
setcookie('password', '$cleanpwd');
session_register("myusername");
session_register("mypassword");
header('location:memberspage.php');
}
else {
echo "Wrong Username or Password";
}
?>

and the html for it is:

<table><td style='font-weight: bold; color: white; margin-left:auto; margin-right: auto;'><p>Class Manager Log-In</p>
<form name=login method=POST action="checklogin.php">User:<input type='text' name='user'><br />Pass:<input type='password' name='pass'><br /><input type='submit' value=Login class=emailbutton></form></td></table>

also the code for the register page is:

$user = $_POST['name'];
$password = $_POST['pass'];
$cleanpwd = md5('$password');
$zip = $_POST['zip'];
$last = $_POST['lname'];
$email = $_POST['email'];

$query = "INSERT INTO members (name, lname, password, email, zip) VALUES ('$user', '$last', '$cleanpwd', '$email', '$zip')";

$result = mysql_query($query)
or die('Could not send');

echo'Sent';

and it always says the username and password is wrong. But it isnt. Please help

  • 3 Contributors
  • 4 Replies
  • 176 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by rch1231
Member Avatar for rch1231

Does it do any good to replace $tbl_name with members in the following code? I don't see you setting the variable anywhere...

$sql="SELECT * FROM $tbl_name WHERE email='$myusername' and password='$cleanpwd'";

and what happens if you get multiple rows?

try

if($count > 0){
setcookie('username', '$myusername');
Member Avatar for tcollins412

i just tested it without encryption and it worked

Member Avatar for TySkby

With your login code, md5() is the last thing you should do to the password. stripslashes() and mysql_real_escape_string() should come first.

Try taking out running md5 on the password until you are querying for it. So...

$myusername=$_POST['user'];
$mypassword=$_POST['pass'];

$myusername = stripslashes($myusername);
$cleanpwd = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$cleanpwd = mysql_real_escape_string($cleanpwd);

$sql="SELECT * FROM $tbl_name WHERE email='$myusername' and password=MD5($cleanpwd)";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
setcookie('username', '$myusername');
setcookie('password', '$cleanpwd');
session_register("myusername");
session_register("mypassword");
header('location:memberspage.php');
}
else {
echo "Wrong Username or Password";
}
?>

If that doesn't work, try checking out this thread: http://www.daniweb.com/forums/thread106429.html

@rch1231: $count shouldn't have multiple rows anyways (there shouldn't be any users sharing username/password combinations), so I think

if($count==1)

should work ok.

Edited by TySkby because: n/a
Member Avatar for rch1231

TySkby - On the count issue my point is really that there is nothing in the registration age code to prevent a user from submitting the same name and password more than one time (refreshing the page a couple of times) or a unique index on the user name field (no ignore on the insert statement) to prevent the same user name being submitted twice. Your statement is correct they shouldn't occur but they are possible and if there is a way then there is a user out there somewhere that will find it.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.