Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 6 of 6
  1. #1
    Junior Member
    Join Date
    Oct 2005
    Posts
    2
    Member #
    11685
    i face with the problem.. the password and username is not match..
    here was my code... can anyone help me to overcome this problem...

    PHP Code:
    <?php

    session_start
    (); 
    $db mysql_connect('localhost''root''password') or die("Couldn't connect to the database."); 
    mysql_select_db('student') or die("Couldn't select the database"); 


    //parameter pass from login.html
    $username=$_POST["username"];
    $memberpass=$_POST["memberpass"];

    //check input.. not empty
    if (empty($username) || empty($memberpass))
    {
    die (
    "Error! All fields required.!");
    }


    // Encrypted user submitted password
    $enc_pass md5($memberpass);

    // Query the database to find matching username, password
    $query "SELECT username, memberpass from student_login where username='$username' and memberpass='$memberpass' ";
    $resultmysql_query($query) or die
    (
    "Could not execute query : $query." mysql_error());


    if (
    mysql_num_rows($result) != "0"// username and pass match, authenticate user
    {
    session_register($username); // session register the username
    setcookie ("siteuser",$username,time()+604800); // set cookie containing username 
    Header("Location: product.php");

    else { 
    // user is not authenticated
    echo "Error! Username and password does not match or no such user.";
    }

    ?>

  2.  

  3. #2
    Senior Member
    Join Date
    May 2003
    Location
    UK
    Posts
    2,354
    Member #
    1326
    Two things that spring to mind

    1:
    PHP Code:
    if (empty($username) || empty($memberpass))
    {
    die (
    "Error! All fields required.!");

    I think that should be
    PHP Code:
    if (empty($username) || empty($memberpass))
    {
    echo (
    "Error! All fields required.!");
    exit();

    As die is used like doThis() or diedoThisInstead()

    2: When you check the rows returned you have quotes around your value ("0"). Try change that if line to read like so:
    PHP Code:
    if (mysql_num_rows($result) != 0
    And see where that gets you.

    What errors do you get?

  4. #3
    Senior Member filburt1's Avatar
    Join Date
    Jul 2002
    Location
    Maryland, US
    Posts
    11,774
    Member #
    3
    Liked
    21 times
    die() exits with an error message, exactly the same thing as echo followed by exit, although it might do it to stderr if applicable rather than stdout.
    filburt1, Web Design Forums.net founder
    Site of the Month contest: submit your site or vote for the winner!

  5. #4
    Junior Member
    Join Date
    Oct 2005
    Posts
    2
    Member #
    11685
    the same eror

    i have made changes as you told me.. i got the same errror.. is that any error with my password

    // Encrypted user submitted password
    $enc_pass = md5($memberpass);

  6. #5
    Senior Member Eddy Bones's Avatar
    Join Date
    Jan 2004
    Location
    Washington, USA
    Posts
    1,054
    Member #
    4651
    As far as I can see, you're not even doing anything with the encrypted password.

  7. #6
    Senior Member rosland's Avatar
    Join Date
    Jul 2003
    Location
    Norway
    Posts
    1,944
    Member #
    2096
    Like Eddy Bones says, you are not using your encrypted password for anything.
    You're passing the clear text password in your query. If all stored passwords (in your DB system) are encrypted, then obviously, that query won't return any match. If they're not encrypted, then why are you making an MD5 hash?

    All your 'die' messages should be for testing purposes only!
    You don't want a user to see what part of a given query fails.
    If (after the code has been successfully tested) you recieve an error, you should either re-route to a custom error page with a backlink, or have pop-up text in your log-in form stating what required items are missing.
    (It's both design motivated and security related)
    S. Rosland


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Search tags for this page

how to check username and password do not match in php

,

twitter username and password couldnt be authenticated even changed ut

Click on a term to search for related topics.
All times are GMT -6. The time now is 11:17 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com