Here is my code for the login script. Everything works perfectly, but everytime I enter everything CORRECTLY into the forum, it says "The username, ____, and password do not match!". When they do match.
If I leave the areas blank, they say "You must enter a username!" or "You must enter a password!".
All the error messages work good, but whenever I fill the form in correctly, it displays my first error message "The username, ____, and password do not match!".
Does anyone see what's wrong with it?

<?php
session_start();
include("config.php");

$username = $_POST['username'];
$usernamefinal = ucfirst(strtolower($username));
$password = $_POST['password'];

if (isset($_POST['submit']))
{
	if(!empty($username))
	{
		if (!empty($password))
		{
			$sql = "SELECT username FROM members WHERE username='$usernamefinal'";
			$result = mysqli_query($cxn, $sql) or die("Query died: username");
			$num = mysqli_num_rows($result);
			if ($num > 0)
			{
				$sql = "SELECT username, password FROM members WHERE username='$usernamefinal' AND password=md5('$password')";
				$result = mysqli_query($cxn, $sql) or die("Query died: username and password");
				$num = mysqli_num_rows($result);
				if ($num > 0)
				{
					$sql = "SELECT userid FROM members WHERE username='$usernamefinal'";
					$result = mysqli_query($cxn, $sql) or die("Query died: userid");
					$row = mysqli_fetch_array($result);
					$userid = $row['userid'];
					
					$_SESSION['auth'] = "yes";
					$_SESSION['username'] = $usernamefinal;
					$_SESSION['userid'] = $userid;
					$ipadd = $_SERVER['REMOTE_ADDR'];
					$sql2 = "INSERT INTO login (userid, username, logintime, ipadd) VALUES ('$userid', '$usernamefinal', NOW(), inet_aton('$ipadd'))";
					mysqli_query($cxn, $sql2) or die("Query died: login session");
					header("Location: news.php");
				}
				else
				{
					$error = "The username, $usernamefinal, and password do not match!";
				}
			}
			else
			{
				$error = "That username doesn't exist!";
			}
		}
		else
		{
			$error = "You must enter a password!";
		}
	}
	else
	{
		$error = "You must enter a username!";
	}
}
?>

<?php include("header.php"); ?>
	
	<h1>Login Form</h1>
	<?php echo $error; ?>
	<form action="<?php echo $_SERVER['SCRIPT_NAME'] ?>" method="post">
		Username: <input type="text" name="username"><br>
		Password: <input type="password" name="password"><br>
		<input type="submit" name="submit" value="Login">
	</form>
				
<?php include("footer.php"); ?>

Ok I have the variables output after the form is submitted.
The password is what's wrong.

It's suppose to be this:
7da293f88d6e3bffc85a5e86e

And it's coming out like this:
7da293f88d6e3bffc85a5e86ee836fca

Do you have any clue why it is doing that? It's adding 7 extra characters onto it.

Member Avatar for cuonic

Seems like you may have got your encryption method mixed up somewhere. Maybe you used MD2 or MD4 instead of MD5 somewhere or the other way round

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.