login

4hana · March 10th, 2006, 05:19 PM

Hi

The code below is from the book Beginning PHP, Apache, MySQL Web Development. I have implemented the user_login.php code however it says that the username or password is invalid. I can't see what is wrong with the code.
Any help would be much appreciated.
Thanks

<?php
session_start();
include "dbconnect.php";

// This is the login page for the site.
$page_title = 'Goldsmiths University';
include_once('includes/header.html');

if (isset($_POST['submit']))
{
     $query = "SELECT username, s_password FROM student WHERE username = '" .
          $_POST['username'] . "' AND s_password = (password('" . $_POST['s_password']
          . "'));";
     $result = mysql_query($query) or die(mysql_error());

     if (mysql_num_rows($result) == 1)
     {
          $_SESSION['user_logged'] = $_POST['username'];
          $_SESSION['user_password'] = $_POST['s_password'];
          header ("Refresh: 5; URL=" . $_POST['redirect'] . "");
          echo "You are being redirected to your original page request!<br>";
          echo "(If your browser doesn't support this, <a href=\"" .
               $_POST['redirect']. "\">click here</a>)";
     }
     else
     {
?>
          <html>
          <head>
          <title>Vote</title>
          </head>
          <body>
          Invalid Username and/or Password<br>
          Not registered? <a href="register.php">Click here</a> to register.<br>
          <form action="user_login.php" method="post">
          <input type="hidden" name="redirect" value="<?php echo $_POST['redirect'];
               ?>">
          Username: <input type="text" name="username"><br>
          Password: <input type="password" name="s_password"><br><br>
          <input type="submit" name="submit" value="Login">
          </form>
<?
     }
}
else
{
if ($_SERVER['HTTP_REFERER'] == "" || $_SERVER['HTTP_REFERER'] ==
     "http://igor.gold.ac.uk/index.php")
{
$redirect = "/index.php";
}
else
{
$redirect = $_GET['redirect'];
}
?>
     <html>
     <head>
     <title>Login</title>
     </head>
     <body>
     Login below by supplying your username/password...<br>
     Or <a href="register.php">click here</a> to register.<br><br>
     <form action="user_login.php" method="post">
     <input type="hidden" name="redirect" value="<? echo $redirect; ?>">
     Username: <input type="text" name="username"><br>
     Password: <input type="password" name="s_password"><br><br>
     <input type="submit" name="submit" value="Login">
     </form>

    </body>
     </html>
<?php
}
?>
<br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br>
<?php
include_once('includes/footer.html');
?>

Mantis · March 10th, 2006, 08:48 PM

Stupid question .. did you create the database , with the table and username and password?

Cause if you didn't .. guess why it says username or password incorrect ;)

4hana · March 12th, 2006, 06:00 PM

Of course, I have created a table including the username and password. Which is why I can't understand why I have the problem.

wildteen88 · March 13th, 2006, 02:36 PM

What data type have you assigned s_password in your student table? maker sure s_password has a varchar value (if it is set to varchar as the data type) of atleast 40 in order for your password encryption to work properly