giannis Posted September 22, 2010 Share Posted September 22, 2010 I have the following code: <?php include "connect.php"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Welcome</title> <script type="text/javascript" src="js/jquery.min.js"></script> <script type="text/javascript" src="js/jquery.ketchup.js"></script> <script type="text/javascript" src="js/jquery.ketchup.messages.js"></script> <script type="text/javascript" src="js/jquery.ketchup.validations.basic.js"></script> <script language="javascript" type="text/javascript" src="niceforms.js"></script> <link rel="stylesheet" type="text/css" media="all" href="niceforms-default.css" /> <link rel="stylesheet" type="text/css" media="screen" href="css/jquery.ketchup.css" /> </head> <body> <div id="container"> <?php if(!empty($_SESSION['connection_status']) && !empty($_SESSION['username'])) { ?> <form action="logout.php" class="niceform"> <fieldset> <legend>Member Area</legend> <div id= "container"> <p>Thanks for logging in <b><?=$_SESSION['username']?></b> !</p> <p><input type="submit" name="submit" id="submit" value="Logout" /></p> </div> </fieldset> </form> <?php } elseif(!empty($_POST['username']) && !empty($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $validation = mysql_query("SELECT * FROM users WHERE username = '".$username."' AND password = '".$password."'"); if(mysql_num_rows($validation) == 1) { $row = mysql_fetch_array($validation); $email = $row ['email']; $_SESSION['username'] = $username; $_SESSION['email'] = $email; $_SESSION['connection_status'] = 1; echo "<h1>Success</h1>"; echo "<p>Members area is loading.</p>"; echo "<meta http-equiv='refresh' content='=4;index.php' />"; } else { echo "<h1>Error</h1>"; echo "<p> There was an error, please try again <a href=\"index.php\">here </a> .</p>"; } } else { ?> <form method="post" action="index.php" name="loginform" id="loginform" class="niceform"> <fieldset> <legend>Member Login</legend> <p>Thanks for visiting. Please login below or click <a href="register.php">here</a> to register.</p> <dl> <dt><label for="username">Username:</label><br /></dt> <dd><input type="text" name="username" id="username" class= "validate(rangelength(4,30))"/></dd> </dl> <dl> <dt><label for="password">Password:</label><br /></dt> <dd><input type="password" name="password" id="password" class= "validate(rangelength(4,30))" /></dd> </dl> <p><a href="forgot_password.php">Forgot password?</a></p> </fieldset> <fieldset class="action"> <input type="submit" name="submit" id="submit" value="Sign In" /> </fieldset> </form> <?php } ?> </div> <script type = "text/javascript"> $(document).ready(function() { $('#loginform').ketchup(); }); </script> </boby> </html> When I try to login with true username/password, I always get: There was an error, please try again here . Quote Link to comment Share on other sites More sharing options...
rwwd Posted September 22, 2010 Share Posted September 22, 2010 elseif(!empty($_POST['username']) && !empty($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $validation = mysql_query("SELECT * FROM users WHERE username = '".$username."' AND password = '".$password."'"); //Check to see what num_rows returns echo mysql_num_rows($validation); //if not 1, there is an issue with the sql end of things if(mysql_num_rows($validation) == 1) Check by echoing to screen the sql statement, then copy and paste that (assuming that it's properly constructed & as expected) into your sql console of choice and run it to see if you get the results as expected.. Go from there, and you should be fine.. Rw Quote Link to comment Share on other sites More sharing options...
chintansshah Posted September 22, 2010 Share Posted September 22, 2010 please check how many number of rows return using select query, I think it's return more then 2. Quote Link to comment Share on other sites More sharing options...
NLCJ Posted September 22, 2010 Share Posted September 22, 2010 Just a typo I saw when I took a quick look at it, you have </boby> instead of </body>. Quote Link to comment Share on other sites More sharing options...
giannis Posted September 22, 2010 Author Share Posted September 22, 2010 please check how many number of rows return using select query, I think it's return more then 2. for which lines are you talking about? Quote Link to comment Share on other sites More sharing options...
chintansshah Posted September 22, 2010 Share Posted September 22, 2010 I am talking about this query. $validation = mysql_query("SELECT * FROM users WHERE username = '".$username."' AND password = '".$password."'"); Quote Link to comment Share on other sites More sharing options...
giannis Posted September 22, 2010 Author Share Posted September 22, 2010 Shouldn't I check if both username and password are valid in order to procede the login? Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted September 22, 2010 Share Posted September 22, 2010 That is what the query does... WHERE username = '$username' AND password = 'password' If either username or password is invalid, this query is false and no records will match. Therefore, the user will not be logged in. Quote Link to comment Share on other sites More sharing options...
giannis Posted September 22, 2010 Author Share Posted September 22, 2010 so, the code is fine? Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted September 22, 2010 Share Posted September 22, 2010 If the query returns 1 and only 1 record, the login information is valid. I only meant to reply to your question; I didn't review all the code. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.