login question, Im stumped

Just wondering, can anyone see anything wrong with this code?


<?php error_reporting(E_ALL); include './include/mysql.php'; mysql_connect("$host", "$user", "$pass") or die(mysql_error()); mysql_select_db("$database") or die(mysql_error()); //detect session I need to create if (isset($_POST['submit'])) { if(!$_POST['pass'] & !$_POST['username']) { die('You must enter a valid Username and Password'); } if(!$_POST['username']) { die('You must enter a valid Username'); } if(!$_POST['pass']) { die('You must enter a valid Password'); } $check = mysql_query("SELECT * FROM USERS WHERE NAME = '".$_POST['username']."'")or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. Click Here to Register'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['PASSWORD'] = stripslashes($info['PASSWORD']); $_POST['pass'] = md5($_POST['pass']); if ($_POST['pass'] != $info['PASSWORD']) { echo "Recorded MD5 password is.........."; echo $info['PASSWORD']; ?>
<?php echo "Entered MD5 Converted Password is."; echo md5($_POST['pass']); ?>
<?php die('Incorrect password, please try again.'); } else { // if login is ok then we set session //then redirect them to the members area header("Location: members.php"); } } } else { // if they are not logged in ?>


<?php } ?> [/php]

here is what it returns

Recorded MD5 password is..........c3284d0f94606de1fd2af172aba15bf3
Entered MD5 Converted Password is.c3284d0f94606de1fd2af172aba15bf3
Incorrect password, please try again.

It looks like the converted passwords match fine, why would the if not be working properly? I’m sure it is something stupid but if anyone could help I appreciate it a lot! Thanks

nm, like I said it was stupid, I was echoing an password encrypted 2ce

You are trying to set arrays to a value…

$_POST[’’] is an array. So you need to use it as such…
$pass = stripslashes($_POST[‘pass’]);
Then use $pass as the variable for the rest of script.

Same goes for $info[’’].

$password = stripslashes($info[‘password’]);

Try that and see if you get any further.

Sponsor our Newsletter | Privacy Policy | Terms of Service