Just wondering, can anyone see anything wrong with this code?
[php]
<?php error_reporting(E_ALL); include './include/mysql.php'; mysql_connect("$host", "$user", "$pass") or die(mysql_error()); mysql_select_db("$database") or die(mysql_error()); //detect session I need to create if (isset($_POST['submit'])) { if(!$_POST['pass'] & !$_POST['username']) { die('You must enter a valid Username and Password'); } if(!$_POST['username']) { die('You must enter a valid Username'); } if(!$_POST['pass']) { die('You must enter a valid Password'); } $check = mysql_query("SELECT * FROM USERS WHERE NAME = '".$_POST['username']."'")or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. Click Here to Register'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['PASSWORD'] = stripslashes($info['PASSWORD']); $_POST['pass'] = md5($_POST['pass']); if ($_POST['pass'] != $info['PASSWORD']) { echo "Recorded MD5 password is.........."; echo $info['PASSWORD']; ?><?php echo "Entered MD5 Converted Password is."; echo md5($_POST['pass']); ?>
<?php die('Incorrect password, please try again.'); } else { // if login is ok then we set session //then redirect them to the members area header("Location: members.php"); } } } else { // if they are not logged in ?>
Login | |
| Username: | |
| Password: | |
here is what it returns
Recorded MD5 password is..........c3284d0f94606de1fd2af172aba15bf3
Entered MD5 Converted Password is.c3284d0f94606de1fd2af172aba15bf3
Incorrect password, please try again.It looks like the converted passwords match fine, why would the if not be working properly? I’m sure it is something stupid but if anyone could help I appreciate it a lot! Thanks