Login script not working

  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

okay so i have this login script that use to work but know as long as the user name you type in exists it lets you in you dont need to type in the right password
HELP!

PHP Code: [ Select ]
<?php
 
include("header.php");
 
?>
 
<?php
 
$user = ($_POST[user]);
 
$pass = ($_POST[pass]);
 
$checkuser = mysql_query("SELECT * FROM members WHERE username = '$user'");
 
if(mysql_num_rows($checkuser) <1) {
 
     $output = "You have entered an invalid password/username.<br>
 
        <form action='login.php' method='post'>
 
<input name='user' type='text'>
 
<input name='pass' type='password'>
 
<input type=submit value=Login>
 
</form>";
 
} else {
 
     $output = "You have been successfully logged in.<br><a href='console.php'>Click here to go to your console</a>";
 
     }
 
       //Sets a cookie to keep login info  
 
setcookie("usercook", "$user", time()+3600, "/");  //line 20
 
setcookie("passcook", "$pass", time()+3600, "/"); //line 21
 
include("html_head.php");
 
echo $output;
 
include("html_foot.php");
 
?>    
  1. <?php
  2.  
  3. include("header.php");
  4.  
  5. ?>
  6.  
  7. <?php
  8.  
  9. $user = ($_POST[user]);
  10.  
  11. $pass = ($_POST[pass]);
  12.  
  13. $checkuser = mysql_query("SELECT * FROM members WHERE username = '$user'");
  14.  
  15. if(mysql_num_rows($checkuser) <1) {
  16.  
  17.      $output = "You have entered an invalid password/username.<br>
  18.  
  19.         <form action='login.php' method='post'>
  20.  
  21. <input name='user' type='text'>
  22.  
  23. <input name='pass' type='password'>
  24.  
  25. <input type=submit value=Login>
  26.  
  27. </form>";
  28.  
  29. } else {
  30.  
  31.      $output = "You have been successfully logged in.<br><a href='console.php'>Click here to go to your console</a>";
  32.  
  33.      }
  34.  
  35.        //Sets a cookie to keep login info  
  36.  
  37. setcookie("usercook", "$user", time()+3600, "/");  //line 20
  38.  
  39. setcookie("passcook", "$pass", time()+3600, "/"); //line 21
  40.  
  41. include("html_head.php");
  42.  
  43. echo $output;
  44.  
  45. include("html_foot.php");
  46.  
  47. ?>    
  • harryhood
  • Graduate
  • Graduate
  • harryhood
  • Posts: 141

Post 3+ Months Ago

PHP Code: [ Select ]
 
 
 
$checkuser = mysql_query("SELECT * FROM members WHERE username = '$user'");
 
 
  1.  
  2.  
  3.  
  4. $checkuser = mysql_query("SELECT * FROM members WHERE username = '$user'");
  5.  
  6.  


Should be something like:

PHP Code: [ Select ]
 
$checkuser = mysql_query("SELECT * FROM members WHERE username = '$user' and password = '$pass'");
 
 
  1.  
  2. $checkuser = mysql_query("SELECT * FROM members WHERE username = '$user' and password = '$pass'");
  3.  
  4.  


It doesn't look like the code is checking for a row in the table with the correct username and password, just a valid username.

Post Information

  • Total Posts in this topic: 2 posts
  • Users browsing this forum: No registered users and 129 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.