Login Help

Question

Tenaciousmug 0 Junior Poster in Training

12 Years Ago

Here is my code for the login script. Everything works perfectly, but everytime I enter everything CORRECTLY into the forum, it says "The username, ____, and password do not match!". When they do match.
If I leave the areas blank, they say "You must enter a username!" or "You must enter a password!".
All the error messages work good, but whenever I fill the form in correctly, it displays my first error message "The username, ____, and password do not match!".
Does anyone see what's wrong with it?

<?php
session_start();
include("config.php");

$username = $_POST['username'];
$usernamefinal = ucfirst(strtolower($username));
$password = $_POST['password'];

if (isset($_POST['submit']))
{
	if(!empty($username))
	{
		if (!empty($password))
		{
			$sql = "SELECT username FROM members WHERE username='$usernamefinal'";
			$result = mysqli_query($cxn, $sql) or die("Query died: username");
			$num = mysqli_num_rows($result);
			if ($num > 0)
			{
				$sql = "SELECT username, password FROM members WHERE username='$usernamefinal' AND password=md5('$password')";
				$result = mysqli_query($cxn, $sql) or die("Query died: username and password");
				$num = mysqli_num_rows($result);
				if ($num > 0)
				{
					$sql = "SELECT userid FROM members WHERE username='$usernamefinal'";
					$result = mysqli_query($cxn, $sql) or die("Query died: userid");
					$row = mysqli_fetch_array($result);
					$userid = $row['userid'];
					
					$_SESSION['auth'] = "yes";
					$_SESSION['username'] = $usernamefinal;
					$_SESSION['userid'] = $userid;
					$ipadd = $_SERVER['REMOTE_ADDR'];
					$sql2 = "INSERT INTO login (userid, username, logintime, ipadd) VALUES ('$userid', '$usernamefinal', NOW(), inet_aton('$ipadd'))";
					mysqli_query($cxn, $sql2) or die("Query died: login session");
					header("Location: news.php");
				}
				else
				{
					$error = "The username, $usernamefinal, and password do not match!";
				}
			}
			else
			{
				$error = "That username doesn't exist!";
			}
		}
		else
		{
			$error = "You must enter a password!";
		}
	}
	else
	{
		$error = "You must enter a username!";
	}
}
?>

<?php include("header.php"); ?>
	
	<h1>Login Form</h1>
	<?php echo $error; ?>
	<form action="<?php echo $_SERVER['SCRIPT_NAME'] ?>" method="post">
		Username: <input type="text" name="username"><br>
		Password: <input type="password" name="password"><br>
		<input type="submit" name="submit" value="Login">
	</form>
				
<?php include("footer.php"); ?>

php

Edited 12 Years Ago by Tenaciousmug because: n/a

2 Contributors
2 Replies
92 Views
1 Day Discussion Span
Latest Post 12 Years Ago Latest Post by cuonic

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Tenaciousmug 0 Junior Poster in Training · Answer 1 · 2011-05-07T01:20:59+00:00

Ok I have the variables output after the form is submitted.
The password is what's wrong.

It's suppose to be this:
7da293f88d6e3bffc85a5e86e

And it's coming out like this:
7da293f88d6e3bffc85a5e86ee836fca

Do you have any clue why it is doing that? It's adding 7 extra characters onto it.

cuonic · Answer 2 · 2011-05-08T08:35:01+00:00

Seems like you may have got your encryption method mixed up somewhere. Maybe you used MD2 or MD4 instead of MD5 somewhere or the other way round