php login script help?

[simmsy]

Hi I need help with my login script it says invalid password even when its correct however if i take out the md5 encryption of the password and use the encrypted password saved on mysql table it works please help? here is the code im using thanks:

 

<?
// Use session variable on this page. This function must put on the top of page.
session_start();

////// Logout Section. Delete all session variable.
session_destroy();

$message="";

////// Login Section.
$Login=$_POST['submit'];
if($Login){ // If clicked on Login button.
$username=$_POST['username'];
$md5_password=md5($_POST['password']); // Encrypt password with md5() function.

// Connect database.
$host="localhost"; // Host name.
$db_user="removed"; // MySQL username.
$db_password="removed"; // MySQL password.
$database="removed"; // Database name.
mysql_connect($host,$db_user,$db_password);
mysql_select_db($database);

// Check matching of username and password.
$result=mysql_query("select * from signup where username='$username' and password='$md5_password'");
if(mysql_num_rows($result)!='0'){ // If match.
session_register("username"); // Craete session username.
header("location:main.php"); // Re-direct to main.php
exit;
}else{ // If not match.
$message="--- Incorrect Username or Password ---";
}

} // End Login authorize check.
?>

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title></title>

</head>

<body>
    </tr>
   <? echo $message; ?>
      <form name="register" method="post" action="<? echo $PHP_SELF; ?>">
       <tr>
         <td height="586" colspan="8" align="center" valign="top"><p> </p>
      <table>
              <tr>
                <td height="45" colspan="2" class="class2 style34"><div align="center"><a href="file:///F|/signin.html">Sign In</a>:</div></td>
              </tr>
              <tr>
                <td colspan="2"><div align="right"></div></td>
              </tr>

              <tr>
                <td width="76" height="45"><div align="right"><span class="class2 style34">Username<span class="style39">..</span></span></div></td>
                <td width="256"><div align="center"><span class="class2 style34">
                    <input name="username" type="text" id="username" size="20" height="14" />
                </span></div></td>
              </tr>
              <tr>
                <td height="45"><div align="right"><span class="class2 style34">Password <span class="style39">..</span></span></div></td>
                <td><div align="center"><span class="class2 style34">
                    <input name="password" type="password" id="password" size="20" height="14" />
                </span></div></td>
              </tr>
              <tr>
                <td height="45" colspan="2"><div align="center"><span class="class2 style34">
                    <input name="submit" type="submit" id="submit" value="Sign In" />
                </span></div></td>
              </tr>
            </table></td>
       </tr>
      </form>
  </table>
</div>
</body>
</html>

 

MOD EDIT: Database credentials removed,

 . . . 

tags added.

[cunoodle2]

hurry up and remove your user/pass from your code so people don't steal it.

 

Also this line is wrong..

if(mysql_num_rows($result)!='0')

 

It should be..

if(mysql_num_rows($result)!=0)

[simmsy]

I did change it and it said there was an error with that line? any other ideas?

[Pikachu2000]

When posting code, please enclose it within the forum's

 . . . 

BBCode tags.

 

It would be a good idea to change your database username and password ASAP, since it was posted on the internet for about 6 hours.

[Pikachu2000]

If you echo $md5_password, and compare it manually to what's in the database, are they identical? Is the data type of the field that holds the password of the correct type, and of sufficient size to hold the md5 hash, such as CHAR(32)?

[simmsy]

oh yeah thanks for that had a dozy moment! all changed now and problem sorted I just had it as a VARCHAR

Thanks again I knew it would of been something stupid