Trouble with logging in

[pretender5552]

Code: Select all

<?php
include_once 'connect.php';
include_once 'div.php';

?>
<link href="style.css" rel="stylesheet" type="text/css" />

<left><font color='2bab4c'>
User Login &nbsp&nbspNot a member?<a href=register.php>Take the pill</a>
<form method="POST" action="authenticate.php">
Username: &nbsp&nbsp<input type="text" name="player" size="21"><br>
Password: &nbsp&nbsp<input type="password" name="password" size="21" mask="x"></left></font>
<input type="submit" value="Login" name="submit">

Code: Select all

<?php
include_once 'connect.php';
session_start();

if (isset($_POST['submit']))
{
   $player=$_POST['player'];
   $password=$_POST['password'];
   $player=strip_tags($player);
   $password=strip_tags($password);
   $password=md5($password);

   $query = "select name,password from player where name='$player' and password='$password'";
   $result = mysql_query($query) or die("Could not query players");
   $result2 = mysql_fetch_array($result);
   if ($result2)
   {
      $_SESSION['player']=$player;

      echo "<big>Logged in successfully<br>";
      echo "<a href='home.php'>Continue</a></big>";
   }
   else
   {
    echo "<big>Wrong username or password.<a href='login.php'>Try Again</a></big>";
   }
}
?>

I keep trying to log in to test that it is working but it keeps telling me username or password is not correct try again, but they are both correct. I have been gazing at it for the last couple hours and can't see it, the code looks like it should work. Also my db is player so it isn't that.

[pretender5552]

When I was doing it up I made a mistake and put player instead of players so I changed it in the coding, but I have figured it out

Code: Select all

$query = "select name,password from player where name='$player' and password='$password'";

this code needed to be switched to

$query = "select name,password from player where name='$player' and '$password'";

this code. Thanks for the help anyway.

[Chris]

What exactly is the problem? What IS it doing?

$query = "select name,password from player where name='$player' and '$password'";

Will allow players to log in without a password.

[pretender5552]

It will only allow the one that I named test to log in but only if I remove the password= from password=$password

[Jackolantern]

Yeah, you can't leave the "name='$name' and $password" in production code, because as has been stated here, it allows logging in with no password. If you could only log in with the "and $password" version, it means you shouldn't have been able to log in at all.

Maybe Halls can annotate the video that has that error, since it is a dangerous one, and needs to be fixed.

[pretender5552]

Still wish I knew what happened, I still can't get this to work

[Foofighter]

HI,
It would help to show us your register script too, maybe you made a mass with the md5, ckeck the values that are written in the DB after register.
Display the db values with the echo command and do this with the values you put in the login form too and compare them manually.. maybe you set the characters for your md5pw too short in the DB..dont know, just check every step.

greetz
Foo

[pretender5552]

Is there any code I can put in so it tells me whats wrong rather then have a simple echo message

[Foofighter]

Is there any code I can put in so it tells me whats wrong rather then have a simple echo message

nope, dont think so.

[hallsofvallhalla]

what error are you getting and post your reguser and register and trust me we will get it working.