php

[xinjia]

---

<?php
if (isset($_POST['username']) &&isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];


$password_hash = md5($password);

if (!empty($username) && !empty($password)) {

$query = "SELECT `id` FROM `login` WHERE `username`='$username' AND `password`='$password_hash'";
if ($query_run = mysql_query($query)) {
$query_num_rows = mysql_num_rows($query_run);

if ($query_num_rows==0) {
echo 'Invalid username/password combination.';
} else if ($query_num_rows==1) {

echo 'Log in.';
}
}
}else {
echo ' Username and Password Required.';
}

}

?>
<form action="<?php echo $current_file; ?>" method="POST">
Username: <input type="text" name="username">
Password: <input type="password" name="password">
<input type="submit" value="Log in">
</form>


unsay eror ari mga boss nga inig click sa log in bsan sakto ang password ug username kini man gihapon mugawas Invalid username/password combination>> dman ang echo login.

[-_-]

i wrap sa ug code tags para naay color2x ug highlighting

[ondoy]

e tinagsa daw bro,
1.) e echo imong query din e try sa database ang query kung sakto ba ang mo gawas
2.)kung ok ang 1 e print_r ang $query_num_rows

[emailroy2002]

1. check md5 encryption on database, is the password field md5? if it is md5 try making it a text or make the field hold longer values.

2. Table varchar field value too short.

3. Wrong Name of the field.

[boang3000]

wrong query boss

"SELECT `id` FROM `login` WHERE `username`='$username' AND `password`='$password_hash'"

imo ge select ang `id` ra sa table nga `login` pro sa imong WHERE usage kay ng gamit kag `username` og `password`,

"SELECT `id`,`username`,`password` FROM `login` WHERE `username`='$username' AND `password`='$password_hash'"

if ($query_num_rows > 0) {
echo 'Log in.';
} else {
echo 'Invalid username/password combination.';
}

[stealthghost]

complicated pud ang pag check nimo sa username og password, mao mag lisud ka og trace...

Sunda lang ang gihatag ni boang3000..

or pangita sa google,

PHP Login script tutorial

Code:

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);


// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";

[boang3000]

pra mkahbw ka nga running imong SQL statement pwede mn nmo ipa run sa SQL tab ibutang imong SQL code.

[papasilo]

I see.. your using MD5 ..

when you save your username and password sa database.
g tag sad ba nmo as MD5?

Like when I created an Account:
Username: Cashier
Password: pwcash123

Dapat ang mo reflect sa database sa password na field ani kay naka MD5 encrypt.
something like this "c89ff94aa330d60248a1d9d22d81c041" if wala sa imong
account creation e cast sad nimo into md5 imong password before storing
it to the dbase.

Care lang ta aning encrypt md5 idol kay naa man gud online site na encrypt/decrypt.
naa lain way ani. para safe gyud siya.

[ingkiang]

Code:

"SELECT `id` FROM `login` WHERE `username`='$username' AND `password`='$password_hash'"

Ok ra mani na query.

check daw ang geingon ni emailroy2002

[salbahis]

<?php
if (isset($_POST['username']) &&isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];


$password_hash = md5($password);

if (!empty($username) && !empty($password)) {

$query = "SELECT `id` FROM `login` WHERE `username`='$username' AND `password`='$password_hash'";
if ($query_run = mysql_query($query)) {
$query_num_rows = mysql_num_rows($query_run);

if ($query_num_rows==0) {
echo 'Invalid username/password combination.';
} else if ($query_num_rows==1) {

echo 'Log in.';
}
}
}else {
echo ' Username and Password Required.';
}

}

?>
<form action="<?php echo $current_file; ?>" method="POST">
Username: <input type="text" name="username">
Password: <input type="password" name="password">
<input type="submit" value="Log in">
</form>


unsay eror ari mga boss nga inig click sa log in bsan sakto ang password ug username kini man gihapon mugawas Invalid username/password combination>> dman ang echo login.

when i see a code like this i see injection...