Login page help

code works, just not finding correct query

Page 1 of 1

6 Replies - 671 Views - Last Post: 26 August 2010 - 09:39 AM Rate Topic: -----

#1 Moogoo  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 10
  • View blog
  • Posts: 82
  • Joined: 06-January 10

Login page help

Posted 25 August 2010 - 07:12 PM

Okay, I've created a page where people can login to a site. The checklogin.php script gets connection to db, queries for match on username and password, then either registers session or spits back response of "Invalid Username or Password". When I test the login page, it keeps giving me the Invalid Username or Password string even though I'm logging in with a username and password I know is in the db, because I query the db directly and get the result I'm looking for. Would someone mind taking a look at my code and see if the mistake can be found? Thanks in advance.
<?php
	$host = "";
	$username = "";
	$password = "";
	$db_name = "";
	
	//database server connection and database selection
	mysql_connect("$host", "$username", "$password")or die("cannot connect to database");
	mysql_select_db("$db_name")or die("cannot select database");
	
	//send username and password from form
	$thisusername = $_POST['thisusername'];
	$thispassword = $_POST['thispassword'];
	
	//adds function to reduce mySQL injection from form
	$thisusername = stripslashes($thisusername);
	$thispassword = stripslashes($thispassword);
	$thisusername = mysql_real_escape_string($thisusername);
	$thispassword = mysql_real_escape_string($thispassword);
	
	//start the query for database
	$sql = "SELECT * FROM login WHERE lg_username='$thisusername' and lg_passwd='$thispassword'";
	$result = mysql_query($sql);
	
	//this will check that one row only came back from query and the results match
	$count = mysql_num_rows($result);
	
	if($count==1)
	{
		session_register("thisusername");
		session_register("thispassword");
		header("location:loginsuccess.php");
	}
	else
	{
		echo"Invalid Username or Password";
	}
?>



Is This A Good Question/Topic? 0
  • +

Replies To: Login page help

#2 no2pencil  Icon User is online

  • Toubabo Koomi
  • member icon

Reputation: 5309
  • View blog
  • Posts: 27,210
  • Joined: 10-May 07

Re: Login page help

Posted 25 August 2010 - 07:45 PM

Visually verify what's happening to the variables.

	else
	{
		echo $thisusername." ".$thispassword."<hr>";
		echo"Invalid Username or Password";
	}



Was This Post Helpful? 0
  • +
  • -

#3 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6063
  • View blog
  • Posts: 23,515
  • Joined: 23-August 08

Re: Login page help

Posted 26 August 2010 - 03:42 AM

Good job using mysql_real_escape_string on your input. I do not believe you need the stripslashes call as well.

You should also NOT be storing passwords in the database in plain text. You should be hashing them -- after salting them -- with SHA1 and saving them in a hashed state. You should then hash the user input in the same manner and compare to the hashed value in the DB.
Was This Post Helpful? 0
  • +
  • -

#4 Moogoo  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 10
  • View blog
  • Posts: 82
  • Joined: 06-January 10

Re: Login page help

Posted 26 August 2010 - 09:18 AM

Okay, I have checked the select statement by echoing the $sql variable and it does not pass my $thisusername variable or the $thispassword variable into the select statement. Is there a different way to do a mysql_query?
Was This Post Helpful? 0
  • +
  • -

#5 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6063
  • View blog
  • Posts: 23,515
  • Joined: 23-August 08

Re: Login page help

Posted 26 August 2010 - 09:29 AM

Well, you need to figure out where you're losing it. Echo the variables at different stages in your script to see where it's getting fudged up.
Was This Post Helpful? 0
  • +
  • -

#6 Moogoo  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 10
  • View blog
  • Posts: 82
  • Joined: 06-January 10

Re: Login page help

Posted 26 August 2010 - 09:37 AM

I found the problem <smacks head>. The input name and id were 'username' and 'password'. I was trying to post from 'thisusername' and 'thispassword'. I should be fired.
Was This Post Helpful? 0
  • +
  • -

#7 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6063
  • View blog
  • Posts: 23,515
  • Joined: 23-August 08

Re: Login page help

Posted 26 August 2010 - 09:39 AM

But now you've learned a little more about debugging right? So it's a wash?
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1