hi guys i need some help with my code
im new to php and im trying to create a login page.
i have created MYSQL database to go along but whenever i try to login - it brings me to myaccount.php and just displays Access Denied no matter what input, be it in the database or just plain rubbish.
Hope you guys can help me out as ive been messing around with it for a day :$

<?php 
include 'dbc.php';

$user_name = mysql_real_escape_string($_POST['name']);

if ($_POST['Submit']=='Login')
{
$md5pass = md5($_POST['pwd']);
$sql = "SELECT user_pwd FROM users WHERE 
            user_name = '$_POST[user_name]'"; 
			
$result = mysql_query($sql) or die (mysql_error());
    if ( $result = $md5pass ) 
	{ 
   // A matching row was found - the user is authenticated.
       session_start();
      list($md5pass,$user_name) = mysql_fetch_row($result);
      // this sets variables in the session
      $_SESSION['user']= $user_name;

		
		if (isset($_GET['ret']) && !empty($_GET['ret']))
      {
      header("Location: $_GET[ret]");
      exit();
      } else
      {
      header("Location: myaccount.php");
      exit();
      }
      //echo "Logged in...";
      exit();
  }

header("Location: login.php?msg=Invalid Login");
//echo "Error:";
exit();		
}

?>

<link href="styles.css" rel="stylesheet" type="text/css">

<?php if (isset($_GET['msg'])) { echo "<div class=\"msg\"> $_GET[msg] </div>"; } ?>


<p>&nbsp;</p><table width="40%" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr> 
    <td bgcolor="#d5e8f9" class="mnuheader" >
<div align="center"><font size="5"><strong>Login 
        Members</strong></font></div></td>
  </tr>
  <tr> 
    <td bgcolor="#e5ecf9" class="mnubody"><form name="form1" method="post" action="">
        <p>&nbsp;</p>
        <p align="center">Username 
          <input name="username" type="text" id="user_name">
        </p>
        <p align="center"> Password: 
          <input name="pwd" type="password" id="pwd">
        </p>
        <p align="center"> 
          <input type="submit" name="Submit" value="Login">
        </p>
        <p align="center"><a href="register.php">Register</a> | <a href="forgot.php">Forgot</a></p>
      </form></td>
  </tr>
</table>
<?php
session_start();
if (!isset($_SESSION['user']))
{
 die ("Access Denied");
}
?> 
<h2>My Account </h2>
<?php if (isset($_SESSION['user'])) { ?>
<p>Logged as <?php echo $_SESSION['user']; ?> | <a href="settings.php">Settings</a> 
  | <a href="logout.php">Logout</a> </p>
<?php } ?>

Change:

$result = mysql_query($sql) or die (mysql_error());
if ( $result = $md5pass ) {
    // ...

To:

$result = mysql_query($sql) or die (mysql_error());
if ($result) {
    $record = mysql_fetch_assoc($result);
    if ( $record['user_pwd '] == $md5pass ) {
        // ...
}

Hi there,
The problem is where you are checking your $result against the $md5Pass, what you are doing is running the query and storing the result set in $result, but we aren't done yet, that $result only contains a pointer to a result set in memory and not the actual results (data). You need to add this to your code:

$md5pass = md5($_POST['pwd']);
$sql = "SELECT user_pwd FROM users WHERE 
            user_name = '$_POST[user_name]'"; 
			
$result = mysql_query($sql) or die (mysql_error());
$row = mysql_fetch_array($result);
$password_in_db = $row['user_pwd'];
    if ( $password_in_db == $md5pass ) 
	{ 
   // A matching row was found - the user is authenticated.

P.S remember, when comparing values in an if expression always use two (sometimes three) equals signs, using a single equals sign will assign one value to the other and not compare them.

thanks for your replies.
i have changed my code to the one below.
but im back to the problem of being directed to myaccount.php no matter what i type in. any ideas?

<?php 
include 'dbc.php';

	if ($_POST['Submit']=='Login')
	{
		$md5pass = md5($_POST['pwd']);
		$sql = "SELECT user_pwd FROM users WHERE user_name = '$_POST[user_name]'"; 
		$result = mysql_query($sql) or die (mysql_error());
		$row = mysql_fetch_array($result);
		$password_in_db = $row['user_pwd'];
		
			if ($password_in_db == $md5pass) 	
			{ 
		 	  	// A matching row was found - the user is authenticated.
			   	session_start();
		     	list($md5pass,$user_name) = mysql_fetch_row($result);
		     	// this sets variables in the session
		      	$_SESSION['user_name']= $user_name;
	      	}
  			echo "Logged in...";
 		  header("Location: myaccount.php");
   		   exit();
	  }


?>
<?php
session_start();
if (!isset($_SESSION['user_name']))
{
 die ("Access Denied");
}
?> 
<h2>My Account </h2>
<?php if (isset($_SESSION['user_name'])) { ?>
<p>Logged as <?php echo $_SESSION['user_name']; ?> | <a href="settings.php">Settings</a> 
  | <a href="logout.php">Logout</a> </p>
<?php } ?>

Well, the way your code is structured (in the first snippet), if $_POST == 'Login', the user will always be redirected to myaccount.php, if you only want that to happen if the login fails, then you must put it into and else statement like this:

if ($_POST['Submit']=='Login')
	{
		$md5pass = md5($_POST['pwd']);
		$sql = "SELECT user_pwd FROM users WHERE user_name = '$_POST[user_name]'"; 
		$result = mysql_query($sql) or die (mysql_error());
		$row = mysql_fetch_array($result);
		$password_in_db = $row['user_pwd'];
		
			if ($password_in_db == $md5pass) 	
			{ 
		 	  	// A matching row was found - the user is authenticated.
			   	session_start();
		     	list($md5pass,$user_name) = mysql_fetch_row($result);
		     	// this sets variables in the session
		      	$_SESSION['user_name']= $user_name;

                        echo "Logged in..."; 
	      	      } else {
  			   header("Location: myaccount.php");
               		   exit();
                      }
                   //Carry on with what would happen after a succesful login here
	  }

okay guys thanks for all your help ive got the first part working already =) but ive got another problem. ive modified myaccount.php to list a button. When the user clicks the button it will link the user to another page called keyinput.php.

<?php session_start(); 


if (!isset($_SESSION['user_name']))
{
 die ("Access Denied");
}
?>
<?php if (isset($_SESSION['user_name'])) { ?>
<p>&nbsp;</p>
<table width="65%" border="0" cellpadding="0" cellspacing="0">
  <tr> 
    <td bgcolor="d5e8f9" class="mnuheader"><strong><font size="5">my account</font></strong></td>
  <tr> 
    <td bgcolor="e5ecf9" ><form name="form1" style="padding:5px;">
    	<p>My Account</p>
        <p align="left"> 
		<a href="keyinput.php" style="text-decoration:none">
		<button height="25px" width="130px">Keys</button></a>
          </p>
        </p>
        <p>&nbsp;</p>
<p>Logged as <?php echo $_SESSION['user_name']; ?> | <a href="settings.php">Settings</a> 
  | <a href="logout.php">Logout</a> </p>
<?php } ?>
<?php
session_start();

include ('dbc.php'); 

		$keys = rand(1000,9999);
		mysql_query("INSERT INTO users (`key`) VALUES('$keys') WHERE id = $_SESSION['user_name']") or die(mysql_error());
  die ("hello");

?>

<p>&nbsp;</p>
<table width="65%" border="0" cellpadding="0" cellspacing="0">
  <tr> 
    <td bgcolor="d5e8f9" class="mnuheader"><strong><font size="5">key</font></strong></td>
  <tr> 
    <td bgcolor="e5ecf9" ><form name="form1" style="padding:5px;">
	   <p><br>
    	Time issued:
  		<input name="time" type="text" id="time">
    	</p>
    	<p>
    	Please enter your key:
  		<input name="key" type="text" id="key">

ive just started on my keyinput.php and require a little help. i would like to insert data($key) into mysql database(`key`) when the id_in_database is = to the _session id(user_name) from the previous page myaccount.php.
however, i cant seem to bring forward the value. Do i have to retrieve it all over again?. What am i doing wrong?.
Also, i would like my page to display the time when my key is inserted into the database, to the a box named time issued:, any tips on how to do so?.

Any help would be greatly appreciated.
Been working on it for the past 5 hours and im stuck =x
Thanks,
Danny

replace session_start(); with:

if (! session_id())
    session_start();

Calling session_start() may overwrite your existing session.

This article has been dead for over six months. Start a new discussion instead.