login script in php not working

Question

i ceated a register form in php which is as follows:

<?php

$con = mysql_connect("localhost","root","","einternals");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
else
{
echo "Enter your details";
}
?>

<html>
<body background="bg1.jpg">

 <form action="insert.php" method="post">
 <h1 align="center"><u>REGISTER</u></h1>
 <fieldset>
 <p align="center">&nbsp&nbsp&nbsp&nbspName: <input type="text" name="name" required/></p>   <br>

<p align="center">Date of birth: <input type="date" name="dob" required/></p><br>

<p align="center">&nbsp&nbspEmail id: <input type="email" name="username" required /></p></br> 

<p align="center">Password: <input type="password" name="password" required /><br>


<input type="submit" value="OK" /></p>
</fieldset>
</form>

the php file that inserts the data into db is as follows

<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
else
{
mysql_select_db("einternals", $con);

$sql="INSERT INTO members (name, dob, username, password)
VALUES
 ('$_POST[name]','$_POST[dob]','$_POST[username]',SHA1('$_POST[password]'))";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Thank you for registering";


}
mysql_close($con)
?>


<a href="index.html">Go back</a>

here's the php code that verifies the data from the db and gives access. But the problem is it always shows a message "Wrong username or password" even if i enter the correct details.

<?php

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="einternals"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['username']; 
$mypassword=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

replace the line with I have posted in answer. – Vickrant Oct 20 '14 at 06:25 — Vickrant, Oct 20 '14 at 06:25

score 0 · Answer 1 · answered Oct 20 '14 at 06:23

0

What I can see here is you are saving the password in encrypted format. But while comparing you are not encrypting it.

Use this:

$mypassword = sha1(mysql_real_escape_string($mypassword));

answered Oct 20 '14 at 06:23

Vickrant

1,233
2
9
15

yea i did that now but m still not able to log in – nido Oct 20 '14 at 06:28
please check the table password value which is inserted and the input password value after conversion are they same? – Vickrant Oct 20 '14 at 06:36
yea its same. I infact created a new user and still not able to log in – nido Oct 20 '14 at 06:40
what is the query result? – Vickrant Oct 20 '14 at 06:41
it is suppose to take me to the homepage but it executes the else part { session_register("username"); session_register("password"); header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ?>} – nido Oct 20 '14 at 06:43
@nido are you sure its `if($count==1){` ? try to test it with `$count > 0` – Kevin Oct 20 '14 at 06:50
what is the value of $count you got? – Vickrant Oct 20 '14 at 06:59

login script in php not working

1 Answers1