Member Avatar for ms061210

Hello guys, Please take a look at my code, coz I don't know why I cant login here in my log in form.By the way, my database is working, so the problem is in the code. looking forward for your help guys,

here is my code:

<?php
    session_start();
    include("config.php");
?>  

<html>
<head>

    <title>LOG IN</title>
<style>

body {
            background: url('login.png') no-repeat scroll;
            background-size: 100% 100%;
            min-height: 500px;
        }


div.user{
   position:fixed;
   bottom:135px;
   height:90px;
   left:700px;
}

div.pass{
   position:fixed;
   bottom:20px;
   height:90px;
   left:700px;
}

</style>

</head>
<body autocomplete="off" >

<audio autoplay loop>
      <source src="bgsound.ogg">
      <source src="bgsound.mp3">
  </audio>

  <div class="user">
  <br>
  <br>
  <form method='post' action='login1.php'>
  <input type="text" name="player_name" style="height:30px;"> <br>
  </div>
  <div class="pass">
  <input type="password" name="password" style="height:30px;">
  <br> <br>

 &nbsp;&nbsp; <input type="submit" name="login" value="Login" > &nbsp;&nbsp;
 <a href="reg.php"><input type="button" name="register" value="Sign Up" ></a>

 </div>
  </form>
  </div>


</body>
</html>

<?php
    if(isset($_REQUEST["login"])){
        $player_name = $_REQUEST["player_name"];
        $password = $_REQUEST["password"];

        $query_checkuser = "SELECT player_name FROM player
                            WHERE player_name = '$player_name'";

        $result_checkuser = pq_query($query_checkuser);

            if(pg_num_rows($result_checkuser) >= 1 ){
            $query_checkpswd = "SELECT password FROM player
                          WHERE player_name = '$player_name'";

            $result_checkpswd = pg_query($query_checkpswd);
            $player_data = pg_fetch_assoc($result_checkpswd);
            $p_password = $player_data["password"];

                if($password == $p_password ){

            echo "You are logged-in as, <b>",$player_name , "</b>";
            $_SESSION["player_name"] = $player_name;
            header("Location: page1.htm");
        }else{
        echo "<script> window.alert('Error! Invalid Username or Password!') </script>";
        }
    }
    }

?>

In my registration form, when the user add accounts, It was saved in the database, but when I'm loggin in, it says the Invalid username, Please help. Thank you very much.

  • 4 Contributors
  • 4 Replies
  • 328 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by homeboy

Recommended Answers

All 4 Replies

Member Avatar for broj1

Insert some debug code say after line 89:

echo "Username query: $query_checkuser<br />";
echo "Password query: $query_checkpswd<br />";
echo "Entered password: $password<br />";
echo "Password in the DB: $p_password<br />";

and check whether queries and values are correct.

Member Avatar for phpology

why dont you try and combine your queries into 1 query i.e.

$query_checkuser = "SELECT * FROM player
                            WHERE 
                            player_name = '".$player_name."' and 
                            password = '".$password."'";
echo $query_checkuser."<Br />"; //ensure that the sql statement is correct.

Then execute query, check if record was found do something, else show error.

Also remember to sanitize your user input as currently you are prone to sql injection - pg_escape_string

commented: Useful post +7
Member Avatar for phpology

oh another note, move the PHP code above your html code, you dont want to render the HTML and then process your PHP and also you cant redirect if content is written to the page too. if that makes sense?

Edited by phpology
Member Avatar for homeboy

Have you encrypted your password in your data base when you save it? If yes, you should dechiper your password before if($password == $p_password ).
Try using echo to show what you got in $p_password, before the condition.

Edited by homeboy because: more text
commented: Good point, actually +8
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.