Login Not Working (uses Mysql)

I don't know what's going wrong here, but it's probably a typo:

$iusername = $_POST['username'];	$ipassword = stripslashes($_POST['password']);	include "opendatabase.php";	opendatabase();	$userrow = mysql_query("SELECT * FROM `users` WHERE `username`='$iusername' LIMIT 1;");	$userarr = mysql_fetch_array($userrow);	$ipassword = md5($ipassword);	if($ipassword != $userarr[3])	{  echo "<div class=\"err\">Error: Incorrect username/password combination.</div>";  exit("</BODY></HTML>");	}	mysql_close();

That's not all of it, but the rest is just to check if they hit login or were logged in successfully.

i think your include function should be like this

include ("filename.php");

otherwise, i don't really see any error.

No, the include function works that way as well. I use it like that all the time, and haven't gotten a single error. I don't see any errors in that code, either. It could possibly be a problem in the rest of the file, I'm not sure, though.

are you sure that the index you used for $userarr is correct? why don't you just fetch the row as an associative array. in that way you can access the index as the name of the column rather than as a number.

Add "echo"s.

$iusername = $_POST['username'];$ipassword = stripslashes($_POST['password']);include "opendatabase.php";opendatabase();$userrow = mysql_query("SELECT * FROM `users` WHERE `username`='$iusername' LIMIT 1;");$userarr = mysql_fetch_array($userrow);$ipassword = md5($ipassword);// -----------echo "$ipassword - $userarr[3]";// -----------if($ipassword != $userarr[3]){ echo "<div class=\"err\">Error: Incorrect username/password combination.</div>"; exit("</BODY></HTML>");}mysql_close();

I always use "echo"-s for debuging...

Finally figured it out, it was a combination of things. First, when I originally had it as an associative array, I used the right column but forgot to have stripslashes. Then, I used a numeric array I forgot that it starts at 0 and used the actual column number instead of what it should've been in the array. Thanks for the echo idea, haron.Unfortunately, it still doesn't work. At the end, I have it to set the variable $loggedin to 1, then at the top I have it check if $loggedin is 1, and if it is to start the session. I don't think it's doing anything, though. I'd use cookies, but I don't know how to set it to die when the browser is closed, and cookies also have to be at the top.

Well, I've never really gotten the hang of cookies, but to set it so that it will expire when the browser closes, you just don't add an expiration date to the cookie, then it'll close as soon as the browser is closed. Hey, at least you fixed some of the problems with it.

I looked at what I had on my school's server, and realized that it works if you just put all the code at the top instead of making it jump around. Now I just have to make something that only members can see =P

I looked at what I had on my school's server, and realized that it works if you just put all the code at the top instead of making it jump around. Now I just have to make something that only members can see =P

61125[/snapback]

now that you have something to show, how about handling your sessions? have you done it already? if you are not into cookies, for sure you will not have the "remember me" stuff. i suggest make a session class that will support those who still uses cookies so that you can remember them. as well as those who fear cookies.

Oh wait, does somebody need help with cookies? I'm good with cookies.. IF you want to make a login thing with cookies.. Put this at the top of your page before the <html> tag.

<?phpif(isset($_POST['LOGINBUTTONAME'])) {if(mysql_num_rows(mysql_query("SELECT USERNAMESQLFIELD,PASSWORDSQLFIELD FROM USERSTABLENAME")) == 0) {echo '<b>Invalid password/username combination.</b>';} else {setcookie('username', $_POST['username'], time()+999999);setcookie('password', $_POST['password'], time()+999999);echo '<b>You have logged in as '.$_POST['username'].'.  Return to the <a href="LINKTOINDEX">index</a>.</b>';}}?>

That will work, but uh.. It uses cookies and stuff.

To get rid of the cookies you'd make a file named login.php and put this at the top:

<?phpsetcookie('username', null, time()+0);setcookie('password', null, time()+0);echo '<b>You have been logged out.  Feel free to do whatever you want.</b>';?>

that's a really bad way to use cookies. i'd rather use PHP's session functions. relying fully on cookies is really not the right way to go.

Beware with codes which uses sql strings! This code, for example, is very easy to use MySQL INJECTION. I suggest that you do it:stripslashes($iusername);stripslashes($ipassword);Do it to all your vars which have any contact with the mysql database.