Okay, got join working now this...

Inkybro

<?
$db = mysql_connect("localhost", "userwashere", "passwashere");
$select = mysql_select_db("wizardduels_com");
if(!$select) {
  die(mysql_error());
} else {
  $result = mysql_query("select * from users where user='".$_POST['username']."'");
  while ($row = mysql_fetch_row($result)) 
  {
    $encpass = md5($password);
    if($encpass = $row[1]) {
      echo('You have successfully logged in as ');
      echo($username);
      echo('<BR> With pass: ');
      echo($encpass);
    } else {
      echo('bad pass');
    };
  };
    echo('...');
};
?>

If someone could point out whats wrong, thanks... see what it does is just lets anyone in even if they dont have the username or have the wrong password, okay, thanks again!

Inkybro

I'm confused, please help 😕

[deleted]

if($encpass = $row[1])

try using == instead of =

Inkybro

No, it still says ... never wrong password or no such username always ... any ideas?

Inkybro

<?
$db = mysql_connect("localhost", "*****", "*****");
$select = mysql_select_db("wizardduels_com");
if(!$select) {
  die(mysql_error());
} else {
  $result = mysql_query("select * from users where user='".$_POST['user']."'");
  while ($row = mysql_fetch_row($result)) 
  {
    $encpass = md5($password);
    if($encpass == $row[1]) {
      echo('You have successfully logged in as ');
      echo($user);
      echo('<BR> With pass: ');
      echo($encpass);
    } else {
      echo('Bad Password...');
    };
  };
};
?>

Now it always says bad password, nothing else? 😕

[deleted]

Is it possible for people to have the same username? Probably not, so why the WHILE loop?

Anyway, make sure that the field you are comparing against is actually the password field, by fetching the assoc-array instead of just a row, and by comparing against $row['password'] (if indeed the column is named "password")

<?
while ($row = mysql_fetch_assoc($result))

{

$encpass = md5($password);

if($encpass == $row['password']) {

  echo('You have successfully logged in as ');

  echo($user);

  echo('<BR> With pass: ');

  echo($encpass);

} else {

  echo('Bad Password...');

};

};
?>

Inkybro

<?
$db = mysql_connect("localhost", "*****", "*****");
$select = mysql_select_db("wizardduels_com");
if(!$select) {
die(mysql_error());
} else {
$result = mysql_query("select * from users where user='".$_POST['user']."'");

while ($row = mysql_fetch_assoc($result)) 
{ 
$encpass = md5($pass); 
if($encpass == $row['pass']) { 
echo('You have successfully logged in as: '); 
echo($user); 
echo('<BR> With pass: '); 
echo($encpass); 
} else { 
echo('Bad Password...'); 
};
}; 
?>

Now it gives me an error on line 22, I looked there (and near) but I do not see anything wrong...

[deleted]

which line is number 22?

Inkybro

That's what doesn't make sense, there is NO line 22, it goes to 21 and that's all (look on my last post, count for yourself), so unless I ocunted wrong there's only 21. So anyway, thanks for helping and I'm waiting for the answer 🙂

[deleted]

Well, if PHP reports an error on the last line, that usually means you forgot to close something like a quote or a bracket somwhere before.

Are you using an editor that can highlight the code?

Inkybro

It worked but once again, I get the Bad Password thing... thanks for everyone's help I suppose you're getting mad cause I'm so stupid, but if you can keep helping, is there anything wrong, the script is above (2 messages to be exact).

Inkybro

I didn't realise to some people that that message above one is the first on a second page.

I'm posting the script here for further investigation from you helping, caring, people. Thanks.

<?
$db = mysql_connect("localhost", "*****", "*****");
$select = mysql_select_db("wizardduels_com");
if(!$select) {
die(mysql_error());
} else {
$result = mysql_query("select * from users where user='".$_POST['user']."'");

while ($row = mysql_fetch_assoc($result)); 
{ 
$encpass = md5($pass); 
if($encpass == $row['pass']) { 
echo('You have successfully logged in as: '); 
echo($user); 
echo('<BR> With pass: '); 
echo($encpass); 
} else { 
echo('Bad Password...'); 
};
}; 
}; 
?>

[deleted]

Have you checked to see just what is in $encpass and $row['pass'] before you compare them?

Inkybro

No, how exacty do you do that anyway? Thanks.

[deleted]

uhm ... well... you print them.. using print...

<?
echo $encpass;
?>

🙂

Inkybro

Yeah I have, here go to http://www.wizardduels.com/login.html then sing in as:

Username: TestAccount
Password: testing

Then you'll see it says Bad Password... encrypted pass here

That's what I mean I want it to let people in, I'm confused big time. Thanks again.

jerdo

Quit putting semi colons after curly brackets.

<?
$db = mysql_connect("localhost", "*****", "*****");
$select = mysql_select_db("wizardduels_com",$db);
if(!$select) 
{
die(mysql_error());
} else {
$result = mysql_query("select * from users where user='$_POST[user]'");

while ($row = mysql_fetch_assoc($result)); 
{ 
$encpass = md5($pass); 
if($encpass == $row['pass']) 
{ 
echo "You have successfully logged in as: $user"; 
echo "<BR> With pass: $encpass"; 
} else { 
echo "Bad Password..."; 
}
} 
} 
?>

Also make sure the password in your database is md5 encrypted. If it's using the MySQL password encryption format it isn't going to work the way you are coding it.

suit4

or, maybe, just remove the 'semicolons' after the curly brackets (is that the right word?)

like this:
<?php
$db = mysql_connect("localhost", "**", "**");
$select = mysql_select_db("wizardduels_com");
if (!$select) {
die(mysql_error());
} else {
$result = mysql_query("select * from users where user='" . $_POST['user'] . "'");

while ($row = mysql_fetch_assoc($result)) {
    $encpass = md5($pass);
    if ($encpass == $row['pass']) {
        echo('You have successfully logged in as: ');
        echo($user);
        echo('<BR> With pass: ');
        echo($encpass);
    } else {
        echo('Bad Password...');
    } 
}

}

suit4

maybe u try this

<?php

$db = mysql_connect ("localhost", "", "");
$select = mysql_select_db("wizardduels_com", $db);
if (!$select) {
    die(mysql_error());
} else {
    $result = mysql_query ("select * from users where user='$_POST[user]'");
    while ($row = mysql_fetch_object ($result)) {
        $encpass = md5($pass);
        if ($encpass == $row->pass) {
            echo "You have successfully logged in as: $user";
            echo "<BR> With pass: $encpass";
        } else {
            echo "Bad Password..." . $encpass;
        } 
    } 
} 
mysql_free_result ($result);

?>

and make sure 'user' variable via post, 'cause if there is no 'user', there's no result

ahundiak

Here is a stripped down version of your code. Maybe you can get it to work and then add your while loop back in if you really need it.

<?php
  $db = mysql_connect ("localhost", "", "") or die(mysql_error());
  mysql_select_db("wizardduels_com", $db)   or die(mysql_error());

  $user = $_POST['user'];
  $pass = $_POST['pass'];
  echo 'User is '     . $user . '<br />';
  echo 'Password is ' . $pass . '<br />';

  $result = mysql_query ("select user,pass from users where user='$user'");
  if (mysql_errno()) die(mysql_error());

  $row = mysql_fetch_assoc($result);
  if (!$row) die("user $user is not in the database");

  if (md5($pass) != $row['pass']) die("Password is incorrect");

  echo "User $user is logged in";

?>