Anything wrong?[resolved]

[srachit]

This is my authenticate.php, I cant seem to find anything wrong with it, but it isnt displaying any welcome text or wrong password text :/

Code: Select all

<?php
include_once 'connect.php';
session_start();

if (isset($_POST['Login']))
{
  $player=$_POST['name'];
  $password=$_POST['password'];
  $player=strip_tags($player);
  $password=strip_tags($password);
  $password=md5($password);

  $query = "select name,password from players where name='$player' and '$password'";
  $result = mysql_query($query) or die("Could not query players");
  $result2 = mysql_fetch_array($result);
  if ($result2)
  { 
    $_SESSION['player']=$player;
    
    echo "<big>Logged in successfully<br>";
    echo "<A href=index.php>Continue</a></big>";
  }
  else
  {
   echo "<big>Wrong username or password.<A href=login.php>Try Again</a></big>";
  }
}
?>

[Elvar]

Hallo scrachit.

First thing, in your query, you are testing for Username, and Password, or are you?

Code: Select all

$query = "select name,password from players where name='$player' and '$password'"; 

"where name='$player'" <-- Seems legit
"and '$password'" <-- does not.

What you are actually doing here, is testing $password whether it's TRUE or FALSE, and since the variable is initialized, testing a string will always yield TRUE. I suppose you want to alter this to password = '$password'.

But there may be another error in your sql, try printing mysql_error() in your "die()" function.

[srachit]

Hallo scrachit.

First thing, in your query, you are testing for Username, and Password, or are you?

Code: Select all

$query = "select name,password from players where name='$player' and '$password'"; 

"where name='$player'" <-- Seems legit
"and '$password'" <-- does not.

What you are actually doing here, is testing $password whether it's TRUE or FALSE, and since the variable is initialized, testing a string will always yield TRUE. I suppose you want to alter this to password = '$password'.

But there may be another error in your sql, try printing mysql_error() in your "die()" function.

I had originally written it as password = '$password' but it wasnt working, so i checked up halls tutorial and found that he had not put it as password = '$password', so not sure which one is correct.

[dbest]

Can you dump (print_r, if i remember correctly) the "$result2" variable on the screen?

[OldRod]

This is an ongoing problem with this tutorial.

Change this:

$query = "select name,password from players where name='$player' and '$password'";

to this:

$query = "select name,password from players where name='$player' and password='$password'";

[srachit]

This is an ongoing problem with this tutorial.

Change this:

$query = "select name,password from players where name='$player' and '$password'";

to this:

$query = "select name,password from players where name='$player' and password='$password'";

Changed, it still takes me to a blank authenticate.php page

Also tried the print_r as suggested earlier, still a blank page and nothing got printed

[srachit]

Just put some echo statements through the program and noticed that it isnt entering the if statement only, anyone can spot anything wrong?

[hallsofvallhalla]

you issue is stemming from the post method on the login page. Check it is actually setting the post variable and it is spelled right.

Code: Select all

if (isset($_POST['Login']))

[srachit]

you issue is stemming from the post method on the login page. Check it is actually setting the post variable and it is spelled right.

Code: Select all

if (isset($_POST['Login']))

I had already correct this yesterday and it still wasnt working.
I checked my login.php file and there was something missing there that is why it wasnt working, thanks to everyone who helped