PHP - Login Script

N

nerdpowah23

New Member
Messages
14
Reaction score
0
Points
0
This code below, should work properly, however I have no idea what I'm missing here, the else statement that says "Your info is incorrect..." which led me to believe that the query was messed up somehow, so I added an or trigger error on to it. Still no luck, can you help? :)
Code: 
<?php require("styles/top.php");?>
<?php
$salt1 = "***********";
$salt2 = "***********";
?>
   <?php
   if (isset($_POST['login-btn'])){
  $username = strip_tags($_POST['username']);
  $password = strip_tags($_POST['password']);
  
  if ($username && $password){
   
   $pass = $salt2.md5($password).$salt1;
   
   $query = mysql_query("SELECT * FROM farcry_crime_town.users WHERE username='$username' AND password='$pass'") or trigger_error('Error: ' . mysql_error());
   $numrows = mysql_num_rows($query);
   
   if ($numrows == 1){
    
    $row = mysql_fetch_assoc($query);
                    $dbid = $row['userid'];
                                $dbuser = $row['username'];
                                $locked = $row['locked'];
                                $userlevel = $row['userlevel'];
                                $total_logins = $row['total_logins'];
                            if($locked = 0){
    $new_total = $total_logins+1;
    $ip = $_SERVER['REMOTE_ADDR'];
    mysql_query("UPDATE farcry_crime_town.users SET last_login='NOW()', ip='$ip', total_logins='$new_total' WHERE userid='$dbid'");
    echo"<script type=\"text/javascript\">
                window.location = \"index.php\"
    </script>";
    
    $_SESSION['username'] = $dbuser;
    $_SESSION['userid'] = $dbid;
    $_SESSION['userlevel'] = $userlevel;
    
 
    }
                else
                   echo"<center><font color=\"red\">Your account is locked.</font></center>";
   }
   else
    echo "<center><font color=\"red\">Your login information was incorrect.</font></center>";
                          
  }
  else
   echo "<center><font color=\"red\">You did not fill in the entire form.</font></center>";
 }
 
 ?>
<form action="login.php" method="post" enctype="multipart/form-data">
<center>
<table>
   <tr>
     <td>Username&nbsp;</td>
     <td><input type="text" name="username" class="textbox" /></td>
   </tr>
   <tr>
     <td>Password&nbsp;</td>
     <td><input type="password" name="password" class="textbox" /></td>
   </tr>
   <tr>
     <td><p class="login">
    <input name="login-btn" type="submit" class="btn" value="LOGIN" />
   </p></td>
   </tr>
</table>
</center>
</form>
</body>
</html>
 
descalzo

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
Have it print out:

$password
$username
md5($password)

and then use PHPMyAdmin to check your database to make sure your stored values are correct.

Usually I don't make the query an AND. I just ask for the info by username. Then compare stored and computed password hashes.
 
You must log in or register to reply here.
Top