Everytime I run this, it kicks to the “Either you don’t have an account, or you entered the wrong Username or Password!” in verify.php

All my coding.

after user clicks submit to register for the site
“welcome.php”
[php]

<?php $con = mysql_connect("localhost","root","123"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("test1", $con); if (!empty($_POST['handle']) && !empty($_POST['pword'])) { $username = mysql_real_escape_string($_POST['handle']); $password = md5(mysql_real_escape_string($_POST['pword'])); $cpassword = md5(mysql_real_escape_string($_POST['cpword'])); $email = mysql_real_escape_string($_POST['email']); $verify = mysql_real_escape_string($_POST['walker']); $toon = mysql_real_escape_string($_POST['toonname']); $checkusername = mysql_query("SELECT * FROM reguserstest WHERE handle = '".$username."'"); $checkemail = mysql_query("SELECT * FROM reguserstest WHERE email = '".$email."'"); if (mysql_num_rows($checkusername) == 1) { echo "

Error

"; echo "

Sorry, that USERNAME is taken. Please go back and try again.

"; } else { if (mysql_num_rows($checkemail) == 1) { echo "

Error

"; echo "

Sorry, that EMAIL is taken. Please go back and try again.

"; } else { if ($password != $cpassword) { echo "

Error

"; echo "

Sorry, The second PASSWORD you entered doesn't match the first PASSWORD. Please go back and try again.

"; } else { if ($verify != "walker") { echo "

Error

"; echo "

Sorry, Luke's name isn't Luke Sky". $verify .". Please go back and try again.

"; } else { $sql="INSERT INTO reguserstest (continent, email, handle, pword, toonname, lvl, faction, class, aclass, type, server, rating, 2v2, 3v3, 4v4) VALUES ('$_POST[cont]', '$_POST[email]', '$_POST[handle]', '$_POST[pword]', '$_POST[toonname]', '$_POST[lvl]', '$_POST[faction]', '$_POST[class]', '$_POST[aclass]', '$_POST[type]', '$_POST[server] ',0,0,0,0)"; if (mysql_query($sql,$con)) { header("Location: login.php"); } else { echo "

Error

"; echo "

Sorry, your registration failed. Please go back and try again.

"; } } } } } } mysql_close($con); ?>

[/php]

At this point if run
[php]
$result = mysql_query(“SELECT * FROM reguserstest”);
mysql_fetch_array($result))[/php]

it will show me all of the information i just entered in register.php and written with welcome.php

Now, welcome.php (when successful) takes me to

login.php

when i click login on login.php it takes me to

verify.php

[php]$username = mysql_real_escape_string($_POST[‘username’]);
$password = md5(mysql_real_escape_string($_POST[‘password’]));

$sql=“SELECT * FROM reguserstest WHERE handle=’$username’ and
pword=’$password’”;
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){
session_start();
$_SESSION[‘username’] = $username;
$_SESSION[‘password’] = $password;
$_SESSION[‘loggedin’] = 1;
header(‘location:success.php’);
}
else {
echo "


TORBattles - Login

";
}[/php]

After i login using the exact information, which i’m 100% positive is written to the table, it takes me to

“Either you don’t have an account, or you entered the wrong Username or Password!”

any help is appreciated. thank you!

1st - check your input variables, make sure you didn’t mispell the POST names.
2nd - Change $result=mysql_query($sql); in verify.php to $result=mysql_query($sql) or die(mysql_error()); to see if there’s any issues with the query.
3rd - If there’s nothing wrong with the query, echo $count to see if its finding any rows

Ok I’m not getting any errors when I run my code with the changes you suggested.

However, I noticed that if I remove the md5() function from $password and $password then it works flawlessly. I don’t understand it. If I understood the logic mistake, then I can fix it. Any ideas?

Don’t md5 the password until after you’ve done the comparison. Also, you’re not using any of the variables in your insert query, all your passwords are being saved in plain text. If i put 'oogly as a username, it’ll break the query since the quote isn’t escaped. Below is the query i’m talking about.

$sql=“INSERT INTO reguserstest (continent, email, handle, pword, toonname, lvl, faction, class, aclass, type, server, rating, 2v2, 3v3, 4v4) VALUES (’$_POST[cont]’, ‘$_POST[email]’, ‘$_POST[handle]’, ‘$_POST[pword]’, ‘$_POST[toonname]’, ‘$_POST[lvl]’, ‘$_POST[faction]’, ‘$_POST[class]’, ‘$_POST[aclass]’, ‘$_POST[type]’, ‘$_POST[server]’,0,0,0,0)”;

These are what you should be using in the query
// used in query
$username = mysql_real_escape_string($_POST[‘handle’]);
$email = mysql_real_escape_string($_POST[‘email’]);
$verify = mysql_real_escape_string($_POST[‘walker’]);
$toon = mysql_real_escape_string($_POST[‘toonname’]);

// used for comparison only
$password = $_POST[‘pword’];
$cpassword = $_POST[‘cpword’];

[php]if ($password != $cpassword) {
echo “

Error

”;
echo “

Sorry, The second PASSWORD you entered doesn’t match the first PASSWORD. Please go back and try again.

”;
} else {
$password = md5($_POST[‘pword’]);
// rest of else code[/php]

Thank you that worked! Now the password is written onto my table in md5 format.

However now i’m having trouble logging in.

[php]
$username = mysql_real_escape_string($_POST[‘username’]);
$password = mysql_real_escape_string($_POST[‘password’]);
$password = md5($_POST[‘password’]);

$sql=“SELECT * FROM reguserstest WHERE username=’$username’ and
password=’$password’”;
$result=mysql_query($sql) or die(mysql_error());

$count=mysql_num_rows($result);

if($count==1){
session_start();
$_SESSION[‘username’] = $username;
$_SESSION[‘password’] = $password;
$_SESSION[‘loggedin’] = 1;
header(‘location:success.php’);
}
else {
echo "


TORBattles - Login

";
}
[/php]

goes directly to “Either you don’t have an account, or you entered the wrong Username or Password!”

Above the if($count), put echo $count."
";. See what it says.

after inserting echo $count."
";

the ouput is 0 <—zero

Then that’s why its giving that message. Its not finding a user with those credentials. So, since the query is failing, lets do this:
[php]
$sql=“SELECT * FROM reguserstest WHERE username=’$username’ and password=’$password’”;
echo $sql."
";
$result=mysql_query($sql) or die(mysql_error());[/php]
That’ll show you what (if any) information is being sent through the query.

my output is thus:

SELECT * FROM reguserstest WHERE username=‘test1’ and password=‘5a105e8b9d40e1329780d62ea2265d8a’

Just a quick thought, go into your regusers table and make sure that the column has the necessary amount of characters (varchar(xx)). for passwords, i usually go with at least 60. When you do the insert query, mysql won’t return an error message if it truncates the data being inserted, it’ll just do it.

I only mention this because it happened to me on one of my projects. About drove me nuts trying to figure out why it wasn’t doing the right thing.

ok yep, that was the problem.

thanks richei for the help!

figures, its usually always the simplest things that you never think about at least you learned a little on how to troubleshoot scripts now