Start New Discussion within our Web Development Community

Hello guys, Please take a look at my code, coz I don't know why I cant login here in my log in form.By the way, my database is working, so the problem is in the code. looking forward for your help guys,

here is my code:



    <title>LOG IN</title>

body {
            background: url('login.png') no-repeat scroll;
            background-size: 100% 100%;
            min-height: 500px;




<body autocomplete="off" >

<audio autoplay loop>
      <source src="bgsound.ogg">
      <source src="bgsound.mp3">

  <div class="user">
  <form method='post' action='login1.php'>
  <input type="text" name="player_name" style="height:30px;"> <br>
  <div class="pass">
  <input type="password" name="password" style="height:30px;">
  <br> <br>

 &nbsp;&nbsp; <input type="submit" name="login" value="Login" > &nbsp;&nbsp;
 <a href="reg.php"><input type="button" name="register" value="Sign Up" ></a>



        $player_name = $_REQUEST["player_name"];
        $password = $_REQUEST["password"];

        $query_checkuser = "SELECT player_name FROM player
                            WHERE player_name = '$player_name'";

        $result_checkuser = pq_query($query_checkuser);

            if(pg_num_rows($result_checkuser) >= 1 ){
            $query_checkpswd = "SELECT password FROM player
                          WHERE player_name = '$player_name'";

            $result_checkpswd = pg_query($query_checkpswd);
            $player_data = pg_fetch_assoc($result_checkpswd);
            $p_password = $player_data["password"];

                if($password == $p_password ){

            echo "You are logged-in as, <b>",$player_name , "</b>";
            $_SESSION["player_name"] = $player_name;
            header("Location: page1.htm");
        echo "<script> window.alert('Error! Invalid Username or Password!') </script>";


In my registration form, when the user add accounts, It was saved in the database, but when I'm loggin in, it says the Invalid username, Please help. Thank you very much.

Insert some debug code say after line 89:

echo "Username query: $query_checkuser<br />";
echo "Password query: $query_checkpswd<br />";
echo "Entered password: $password<br />";
echo "Password in the DB: $p_password<br />";

and check whether queries and values are correct.

why dont you try and combine your queries into 1 query i.e.

$query_checkuser = "SELECT * FROM player
                            player_name = '".$player_name."' and 
                            password = '".$password."'";
echo $query_checkuser."<Br />"; //ensure that the sql statement is correct.

Then execute query, check if record was found do something, else show error.

Also remember to sanitize your user input as currently you are prone to sql injection - pg_escape_string

Useful post

oh another note, move the PHP code above your html code, you dont want to render the HTML and then process your PHP and also you cant redirect if content is written to the page too. if that makes sense?

Have you encrypted your password in your data base when you save it? If yes, you should dechiper your password before if($password == $p_password ).
Try using echo to show what you got in $p_password, before the condition.

Good point, actually
This question has already been answered. Start a new discussion instead.