Member Avatar for k2k

i just downloaded a login script and the code below is the php backend for the login. It is originally using md5 encryption and decryption for the password. For some reason I want to manage the password without encryption for now. my database has a member with login name and password. please see the line indicated with " ***" it keep complaining "databaseQuery failed"
I really have no more idea what could be wrong with that line of code, please help me. Thanks.

<?php
	//Start session
	session_start();
	
	//Include database connection details
	require_once('config.php');
	
	//Array to store validation errors
	$errmsg_arr = array();
	
	//Validation error flag
	$errflag = false;
	
	//Connect to mysql server
	$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
	if(!$link) {
		die('Failed to connect to server: ' . mysql_error());
	}
	else{echo" connection is good";}
	
	//Select database
	$db = mysql_select_db(DB_DATABASE);
	if(!$db) {
		die("Unable to select database");
	}
	else{echo "connected to database";}
	
	//Function to sanitize values received from the form. Prevents SQL injection
	function clean($str) {
		$str = @trim($str);
		//get_magic_quotes_gpc returns 0 if off, 1 otherwise
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		}
		return mysql_real_escape_string($str);
	}
	
	//Sanitize the POST values
	$login = clean($_POST['login']);
	$password = clean($_POST['password']);
	
	//Input Validations
	if($login == '') {
		$errmsg_arr[] = 'Login ID missing';
		$errflag = true;
	}
	if($password == '') {
		$errmsg_arr[] = 'Password missing';
		$errflag = true;
	}
	
	//If there are input validations, redirect back to the login form
	if($errflag) {
		$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
		session_write_close();
		header("location: login-failed.php");
		exit();
	}
	*************** error below *****************
	//Create query
	$qry="SELECT * FROM members WHERE login='$login' AND passwd='$password' ";
         /*** this is the original but i don't need md5 so i modified it to be the above one*** / 
	//$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
        ************ end error ************************
	$result=mysql_query($qry);
	
	//Check whether the query was successful or not
	if($result) {
		if(mysql_num_rows($result) == 1) {
			//Login Successful
			session_regenerate_id();
			$member = mysql_fetch_assoc($result);
			$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
			$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
			$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
			session_write_close();
			header("location: member-index.php");
			exit();
		}else {
			//Login failed
			header("location: login-failed.php");
			exit();
		}
	}else {
		die("Query failed");
	}
?>
  • 2 Contributors
  • 6 Replies
  • 119 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by k2k

Recommended Answers

All 6 Replies

Member Avatar for ryan_vietnow

is the code working already with the original query?

Member Avatar for k2k

is the code working already with the original query?

people commented that the codes are working. however in my case, it is not working. i tested it that it is connected to the database successfully. and that line of select statement looks right to me.

actually i think everything else is working (when i left both login and password blank it would send me to the login-fail.php page as supposed to) it looks like it is just that line of query got some issue.

thanks

Member Avatar for ryan_vietnow

How about the tables or the fields?Are they correct?The code seems fine.

Member Avatar for k2k

How about the tables or the fields?Are they correct?The code seems fine.

huh, thanks for your help. that was a good guess. i got 2 database and i connected to the wrong one. = P

thanks a ton

Member Avatar for ryan_vietnow

No problem bro, mark this thread as solved now. Don't forget the rep! ;)

Member Avatar for k2k

No problem bro, mark this thread as solved now. Don't forget the rep! ;)

of course, thanks again.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.