When I run this form, it tells me the password is incorrect when I know the password is correct… Is something wrong with the encryption/decryption of the password?
REGISTRATION CODE (works fine)
[code]
Register [php]<?php // Connects to your Databasemysql_connect(“dbmysql.com”, “username”, “password”) or die(mysql_error());
mysql_select_db(“db_name”) or die(mysql_error());
//This code runs if the form has been submitted
if (isset($_POST[‘submit’])) {
//This makes sure they did not leave any fields blank
if ( !$_POST[‘email’]| !$_POST[‘fname’] |!$_POST[‘lname’] |!$_POST[‘address’] |!$_POST[‘username’] | !$_POST[‘pass’] | !$_POST[‘pass2’]) {
die('You did not complete all of the required fields');
}
// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST[‘username’];
$check = mysql_query(“SELECT username FROM tenantlogin WHERE username = ‘$usercheck’”)
or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}
// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}
// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}
// now we insert it into the database
$insert = "INSERT INTO tenantlogin (email, fname, lname, address, username, pass)
VALUES ('".$_POST['email']."','".$_POST['fname']."','".$_POST['lname']."','".$_POST['address']."','".$_POST['username']."', '".$_POST['pass']."')";
$add_member = mysql_query($insert);
?>
Registered
Thank you, you have registered - you may now login.
<?php }else
{
?>
| Email: | |
| First Name: | |
| Last Name: | |
| Street Address: | |
| Username: | |
| Password: | |
| Confirm Password: | |
LOGIN CODE (works until it reads in the password and incorrectly provides an error when the password is correct)
[code]
Login2 [php]<?php//Connects to your Database
mysql_connect(“dbmysql.com”, “username”, “password”) or die(mysql_error());
mysql_select_db(“db_name”) or die(mysql_error());
//Checks if there is a login cookie
if(isset($_COOKIE[‘ID_my_site’]))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE[‘ID_my_site’];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM tenantlogin WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: members.php");
}
}
}
//if the login form is submitted
if (isset($_POST[‘submit’])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM tenantlogin WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen’t exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=register2.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST[‘pass’] = stripslashes($_POST[‘pass’]);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST[‘username’], $hour);
setcookie(Key_my_site, $_POST[‘pass’], $hour);
//then redirect them to the members area
header(“Location: members.php”);
}
}
}
else
{
// if they are not logged in
?>
Login | |
| Username: | |
| Password: | |