User registration and log in .

[TottoBennington]

The trouble is when i log in later of register an user, it continue saying that my password is incorrect!

 

Is is the form for registration!

 

<?php 
echo  "<h1>REGISTER</h1>";

$submit = @ $_POST['submit'];
$fullname = strip_tags ( @ $_POST['fullname']);
$username = strtolower(strip_tags ( @ $_POST['username']));
$password = md5( strip_tags ( @ $_POST['password']));
$repeatpassword = md5 ( strip_tags ( @ $_POST['repeatpassword']));
$date = date ("Y-m-d");


if ($submit)
{ 
     $connect = mysql_connect("localhost","root","");
 mysql_select_db("login");

 $namecheck = mysql_query("SELECT username FROM users WHERE username='$username'");
 $count = mysql_num_rows($namecheck); 
 if ($count !=0) 
 {
 die ("Username already taken!");
 }
 if ($fullname&&$username&&$password&&$repeatpassword) 
 {
     
	  
	  
	 if ($password==$repeatpassword) 
	 {
	      
		  if (strlen ($username)> 25 || strlen ($fullname)> 25) 
		  {
		      echo "Length of username or fullname too long!";
		  }  
		  
		      else 
				 {
		         if (strlen ($password)> 100 || strlen ($password)< 5)
              		 {
				     echo "Password must be between 5 and 100 characters";
				 }
				        else
					    {
						  $password = md5 ($password);
	                      $repeatpassword = md5 ($repeatpassword);
						  
	                      $queryreg = mysql_query ("INSERT INTO users VALUES ( '','$fullname','$username','$password','$date')");
						  die ("You have been registered! <a href='index.php'>return to index </a>");
						}
		         }
		  
	 } 

		 else 
		 {
	      echo "Your passwords do not match!";
	     }

     } 

	 else  echo  "Please fill <b>all</b> of the fields !";
}

?>
<html>
     <p>
     <form action='register.php' method='POST'>
     <table>
	     <tr>
		     <td>
			    Your full name:
			 </td>
			 <td>
			    <input type='text' name='fullname' value='<?php echo $fullname; ?>'>
			 </td>
		 </tr>
		 <tr>
		     <td>
			    Choose a username:
			 </td>
			 <td>
			    <input type='text' name='username' value='<?php echo $username; ?>'>
			 </td>
		 </tr>
		 <tr>
		     <td>
			    Choose a password:
			 </td>
			 <td>
			    <input type='password' name='password'>
			 </td>
		 </tr>
		 <tr>
		     <td>
			    Repeat the password:
			 </td>
			 <td>
			    <input type='password' name='repeatpassword'>
			 </td>
		 </tr>
	 </table>
	 <p>
	 <input type='submit' name='submit' value='register'>
 </form>
</html> 

 

That's the log in page, i think the trouble is when i compare the passwords.

 

<?php
session_start ();
    $username = @ $_POST['username'];
    $password = @ $_POST['password'];

if($username&&$password) {
     $connect = mysql_connect ("localhost", "root","") or die ("could not connect");
     mysql_select_db ("login") or die ("could not find db");

 $query = mysql_query ("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());	
          
 $numrows = mysql_num_rows ($query);	
	  
 if ($numrows!= 0) 
     {
         while ($row = mysql_fetch_assoc($query)) 
	 {
     $dbusername = $row ['username'];
	 $dbpassword = $row ['password'];
     }

         if ($username == $dbusername && md5 ($password) ==  $dbpassword) 
		         {
	             echo 'you are in! <a href="member.php">click here</a> to go to member page.';
                     $_SESSION['username'] = $username;
				 }
		         else echo 'Sorry incorrect password, try again <a href="index.php"> return to log in page </a>!';
			     
         } else  die ("that user doesen´t exist");

} else die ("Please enter username and password!");

?> 

 

HELP ME!

[Julius]

What I would do first: check what you have in database (password) and compare it to the one which you are giving in login form.

<?php
session_start ();
    $username = @ $_POST['username'];
    $password = @ $_POST['password'];

if($username&&$password) {
     $connect = mysql_connect ("localhost", "root","") or die ("could not connect");
     mysql_select_db ("login") or die ("could not find db");

 $query = mysql_query ("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());	
          
 $numrows = mysql_num_rows ($query);	
	  
 if ($numrows!= 0) 
     {
         while ($row = mysql_fetch_assoc($query)) 
	 {
     $dbusername = $row ['username'];
	 $dbpassword = $row ['password'];
     }

         if ($username == $dbusername && md5 ($password) ==  $dbpassword) 
		         {
	             echo 'you are in! <a href="member.php">click here</a> to go to member page.';
                     $_SESSION['username'] = $username;
				 }
		         else { echo 'Values: username: ' . $username . ', dbusername: ' . $dbusername . ', password: ' . md5($password) . ', dbpassword: ' . $dbpassword . '<br/>'; echo 'Sorry incorrect password, try again <a href="index.php"> return to log in page </a>!'; }
			     
         } else  die ("that user doesen´t exist");

} else die ("Please enter username and password!");

?>

Also: you can replace your query to this

$query = mysql_query ("SELECT username FROM users WHERE username = '$username' AND password = '" . md5($password) . "'") or die(mysql_error());
if ( mysql_num_rows ( $query ) == 1 ) { echo 'Success'; } else { echo 'Try again'; }

But thats after you find what you were doing wrong