I am making a login system and its not going so well. The reason why is because the old one I had can log in with any password that was on the DB. So I tried to make my own and it doesn't except the username or password. It gives me the error I wrote "That is the wrong usernameThat is the wrong password". And it won't go past the 43rd line. There is a comment that says line 43 on it. Code: PHP: <?php session_start(); oB_start(); // allows you to use cookies. include("config.php"); //include("check.php"); if (!$logged[username]) { if (!$_REQUEST[login]) { echo(" <center><form method=\"REQUEST\"> <table> <tr> <td align=\"right\"> Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\"> </td> </tr> <tr> <td align=\"right\"> Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\"> </td></tr><tr> <td align=\"center\"> <input type=\"submit\" name=\"login\" value=\"Login\"> </td></tr><tr> <td align=\"center\"> <a href=\"register.php\">Register Here</a> </td></tr></table></form></center>"); } if($_REQUEST['login']) { $username = htmlspecialchars($_REQUEST['username']); $password = htmlspecialchars($_REQUEST['password']); //$password = $password; $sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); if(mysql_num_rows($sql)>0) { $_SESSION['auth'] = true; } if($sql[username] != $username) { echo "That is the wrong username"; if($sql[password] != $password) { echo "That is the wrong password"; } }//>>>>>>>>>This is line 43!!!!!!!!!!!!<<<<<<<<<< else{ $query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $user = @mysql_fetch_array($query); setcookie("id", $user[id],time()+(60*60*24*5), "/", ""); setcookie("pass", $user[password],time()+(60*60*24*5), "/", ""); echo ("<meta http-equiv=\"Refresh\" content=\"0; URL=http://localhost/KS%20Prac%20Sites/KRAZY_SPACE/login5.php>Thank You! You will be redirected"); } // modify the above line...add in your site url instead of yoursite.com } } else { // we now display the user controls. echo ("<center>Welcome <b>$logged[username]</b><br /></center> - <a href=\"editprofile2.php\" target=mainFrame>Edit Profile</a><br /> - <a href=\"members.php\" target=mainFrame>Member List</a><br /> - <a href=\"uploadfiles.php\">Upload images to your profile</a><br /> - <a href=\"logout.php\" target=mainFrame>Logout</a>"); } ?> Old code with the login with any password on DB.: PHP: <?php oB_start(); // allows you to use cookies. include("config.php"); if (!$logged[username]) { if (!$_POST[login]) { echo(" <center><form method=\"POST\"> <table> <tr> <td align=\"right\"> Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\"> </td> </tr> <tr> <td align=\"right\"> Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\"> </td></tr><tr> <td align=\"center\"> <input type=\"submit\" name=\"login\" value=\"Login\"> </td></tr><tr> <td align=\"center\"> <a href=\"register.php\">Register Here</a> </td></tr></table></form></center>"); } if ($_POST[login]) { // the form has been submitted. We continue... $username=$_POST['username']; $password=$_POST['password']; // the above lines set variables with the submitted information. $info = mysql_query("SELECT * FROM users WHERE 'password' = '$password' AND 'username' = '$username'") or die(mysql_error()); $data = mysql_fetch_array($info); if($data[password] != $password ) { // the password was not the user's password! echo "Incorrect username or password!"; }else{ // the password was right! $query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error()); $user = mysql_fetch_array($query); // gets the user's information setcookie("id", $user[id],time()+(60*60*24*5), "/", ""); setcookie("pass", $user[password],time()+(60*60*24*5), "/", ""); // the above lines set 2 cookies. 1 with the user's id and another with his/her password. echo ("<meta http-equiv=\"Refresh\" content=\"0; URL=http://localhost/KS%20Prac%20Sites/KRAZY_SPACE/login.php>Thank You! You will be redirected"); // modify the above line...add in your site url instead of yoursite.com } } } else { // we now display the user controls. echo ("<center>Welcome <b>$logged[username]</b><br /></center> - <a href=\"editprofile2.php\" target=mainFrame>Edit Profile</a><br /> - <a href=\"members.php\" target=mainFrame>Member List</a><br /> - <a href=\"uploadfiles.php\">Upload images to your profile</a><br /> - <a href=\"logout.php\" target=mainFrame>Logout</a>"); } ?>
You have fetched the resultset into $sql, and then you are trying to match the username using this.. PHP: if($sql[username] != $username) { echo "That is the wrong username"; but before doing that you'll have to fetch the rows using mysql_fetch_array()
When I put the PHP: mysql_fetch_array($sql) into the code in between the if statement and what I assigned $sql as, it comes up as an error message that says: "Parse error: parse error, unexpected T_IF in C:\wamp\www\KS Prac Sites\KRAZY_SPACE\login5.php on line 36"
PHP: $sql = mysql_fetch_array($sql); That's the correct syntax, please check the documentation for mysql_fetch_array here.
