I am using the code below, it checks for empty fields and verifies email, but even if the password is correct it won't login. the password has been inserted with md5 protection, below is the code.
PHP:
session_start();
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$email = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM accounts WHERE email = '$email'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: home.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['email'] | !$_POST['password']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM accounts WHERE email = '".$_POST['email']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['password'] = stripslashes($_POST['password']);
$info['password'] = stripslashes($info['password']);
$_POST['password'] = md5($_POST['password']);
//gives error if the password is wrong
if ($_POST['password'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{
// if login is ok then we add a cookie
$_POST['email'] = stripslashes($_POST['email']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['email'], $hour);
setcookie(Key_my_site, $_POST['password'], $hour);
//then redirect them to the members area
header("Location: home.php");
}
}
}
else
{
// if they are not logged in
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>email:</td><td>
<input type="text" name="email" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="password" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
}
Here is the registration code:
PHP:
// here we encrypt the password and add slashes if needed
$_POST['password'] = md5($_POST['password']);
if (!get_magic_quotes_gpc()) {
$_POST['password'] = mysql_escape_string($_POST['password']);
$_POST['email'] = mysql_escape_string($_POST['email']);
$_POST['full_name'] = mysql_escape_string($_POST['full_name']);
$_POST['user_url'] = mysql_escape_string($_POST['user_url']);
}
// now we insert it into the database
$insert = "INSERT INTO accounts (Uniquer, Full_name, Email, Password, User_url)
VALUES ('".$uniquer."','".$_POST['full_name']."', '".$_POST['email']."','".$_POST['password']."', '".$_POST['user_url']."')";
$add_member = mysql_query($insert);
After using ini_set function i got to see the error, i am getting this message but not sure what it means:
There are the lines where the errors are at:
if ($pass != $info['password'])
and this line
if ($_POST['password'] != $info['password']) {
I solved it, if you notice in the queries it says SELECT *, instead i tried SELECT email, password.