Killer1390 Posted December 13, 2010 Share Posted December 13, 2010 Well, basically I am making my log in script. This is my first website with php and MySQL... actually, its my first website I have done that isn't for a school project. Anywho, the problem I am having is I can't seem to verify the password of the account I am trying to log into. Here is the code snippet I am having trouble with: $usr = $_REQUEST['Username']; $pass = $_REQUEST['Password']; $pass = md5($pass); if(mysql_query('SELECT Password FROM Accounts WHERE Username = "' .$usr . '"') == $pass) { session_start(); $_SESSION['loggedin'] = yes; $_SESSION['User'] = $usr; $_POST['info'] = ("You have successfully logged in " . $usr . "."); } else { $_POST['info'] = "Username and password do not match.";} The problem is that it doesn't seem to matter if the username and password are correct, it always prints "Username and password do not match.". So, here is the table layout of 'Accounts': Did I type the mysql query wrong? Quote Link to comment Share on other sites More sharing options...
requinix Posted December 13, 2010 Share Posted December 13, 2010 if(mysql_query('SELECT Password FROM Accounts WHERE Username = "' .$usr . '"') == $pass) That's not how it works. mysql_query returns a resource; give that resource to a function like mysql_fetch_array to get a row of data back (as an array). Then look at the ["Password"] to get your value. Quote Link to comment Share on other sites More sharing options...
Killer1390 Posted December 13, 2010 Author Share Posted December 13, 2010 Thanks man, it worked. Quote Link to comment Share on other sites More sharing options...
JD* Posted December 13, 2010 Share Posted December 13, 2010 You're most of the way there, check this against your and see if you can get it to work: $result = mysql_query("SELECT password FROM Accounts WHERE Username = '".$_POST['Username']."'") or die(mysql_error()); if(mysql_num_rows($result) != 1) { echo "No such user exists"; unset($_POST); exit(); } if(md5($_POST['Password']) == mysql_result($result, 0, "Password")) { $_SESSION['loggedin'] = yes; $_SESSION['User'] = $usr; $_SESSION['message']= "You have successfully logged in " . $usr; } else { $_SESSION['message'] = "Username and password do not match."; UNSET($_POST); } Try not to use $_REQUEST, it's better to use $_POST and $_GET Quote Link to comment Share on other sites More sharing options...
Killer1390 Posted December 13, 2010 Author Share Posted December 13, 2010 Thanks dude . Why is $_REQUEST taboo? I am guessing it takes more processing time than $_GET or $_POST. Quote Link to comment Share on other sites More sharing options...
laffin Posted December 13, 2010 Share Posted December 13, 2010 REQUEST can be either POST/GET, so a person may overwrite the outcome of one with the other. creating a security hole that wasnt intended. Quote Link to comment Share on other sites More sharing options...
Killer1390 Posted December 13, 2010 Author Share Posted December 13, 2010 Lol, oh. Thanks . Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.