0

i have a register and a log in page and it will not work. Here is the script for the register:

$myusername=$_POST['user'];
$mypassword=$_POST['pass'];
$cleanpwd=md5('$mypassword');

$myusername = stripslashes($myusername);
$cleanpwd = stripslashes($cleanpwd);
$myusername = mysql_real_escape_string($myusername);
$cleanpwd = mysql_real_escape_string($cleanpwd);

$sql="SELECT * FROM $tbl_name WHERE email='$myusername' and password='$cleanpwd'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
setcookie('username', '$myusername');
setcookie('password', '$cleanpwd');
session_register("myusername");
session_register("mypassword");
header('location:memberspage.php');
}
else {
echo "Wrong Username or Password";
}
?>

and the html for it is:

<table><td style='font-weight: bold; color: white; margin-left:auto; margin-right: auto;'><p>Class Manager Log-In</p>
<form name=login method=POST action="checklogin.php">User:<input type='text' name='user'><br />Pass:<input type='password' name='pass'><br /><input type='submit' value=Login class=emailbutton></form></td></table>

also the code for the register page is:

$user = $_POST['name'];
$password = $_POST['pass'];
$cleanpwd = md5('$password');
$zip = $_POST['zip'];
$last = $_POST['lname'];
$email = $_POST['email'];

$query = "INSERT INTO members (name, lname, password, email, zip) VALUES ('$user', '$last', '$cleanpwd', '$email', '$zip')";

$result = mysql_query($query)
or die('Could not send');

echo'Sent';

and it always says the username and password is wrong. But it isnt. Please help

3
Contributors
4
Replies
5
Views
6 Years
Discussion Span
Last Post by rch1231
0

Does it do any good to replace $tbl_name with members in the following code? I don't see you setting the variable anywhere...

$sql="SELECT * FROM $tbl_name WHERE email='$myusername' and password='$cleanpwd'";

and what happens if you get multiple rows?

try

if($count > 0){
setcookie('username', '$myusername');
0

With your login code, md5() is the last thing you should do to the password. stripslashes() and mysql_real_escape_string() should come first.

Try taking out running md5 on the password until you are querying for it. So...

$myusername=$_POST['user'];
$mypassword=$_POST['pass'];

$myusername = stripslashes($myusername);
$cleanpwd = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$cleanpwd = mysql_real_escape_string($cleanpwd);

$sql="SELECT * FROM $tbl_name WHERE email='$myusername' and password=MD5($cleanpwd)";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
setcookie('username', '$myusername');
setcookie('password', '$cleanpwd');
session_register("myusername");
session_register("mypassword");
header('location:memberspage.php');
}
else {
echo "Wrong Username or Password";
}
?>

If that doesn't work, try checking out this thread: http://www.daniweb.com/forums/thread106429.html

@rch1231: $count shouldn't have multiple rows anyways (there shouldn't be any users sharing username/password combinations), so I think

if($count==1)

should work ok.

Edited by TySkby: n/a

0

TySkby - On the count issue my point is really that there is nothing in the registration age code to prevent a user from submitting the same name and password more than one time (refreshing the page a couple of times) or a unique index on the user name field (no ignore on the insert statement) to prevent the same user name being submitted twice. Your statement is correct they shouldn't occur but they are possible and if there is a way then there is a user out there somewhere that will find it.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.