0

I have my Oral defense at school next week.. and I tried searching for answers.. none was working so I figured out to ask here right away..

So okay.. my page is here and I connected my php page to my database (godaddy) and its working.. in registration.php, you can add employee and its being added to my database "table" but when I try login.php it said.. "Incorrect password" but the password is correct in my database..

its like.. my php can be connected to database but my database doesn't want to connect to my php page..

what's wrong with my code? Can you help me? please? 

<?php
require('db.php');
session_start();

if (isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$username = mysql_real_escape_string($username);
$password = stripslashes($password);
$password = mysql_real_escape_string($password);


$query = "SELECT * FROM 'users' WHERE username='$username' and password='".md5($password)."'";
$result = mysql_query($query) or die(mysql_error());
$rows = mysql_num_rows($result);
if($rows==1){
$_SESSION['username'] = $username;
header("Location: home.php"); 

} else {
echo "<div class='form'><h3>Username/password is incorrect.</h3><br/><div>";
}
}else{
?>
<div class="form">

<h1>Log In</h1>
<form action="" method="post" name="login">
<input type="text" name="username" placeholder="Username" required />
<input type="password" name="password" placeholder="Password" required />
<input name="submit" type="submit" value="Login" />
</form>

</div>
<?php } ?>
martinstoeckli
  • 23,430
  • 6
  • 56
  • 87
Franchette
  • 27
  • 1
  • 9
  • 2
    mysql_* function are alraedy depreciated http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php – Þaw Mar 10 '16 at 03:00
  • @Þaw so what should I use? I am sorry.. I am a beginner programmer.. I saw your link but its not clear to me.. – Franchette Mar 10 '16 at 03:03
  • 1
    You should be using `password_hash()` or compatible for your password storage. md5 is not suitable – Rasclatt Mar 10 '16 at 03:18
  • I read the link and tried to follow it but now its not working anymore in my page.. so I revert the changes back to my old code.. – Franchette Mar 10 '16 at 03:19
  • @Rasclatt I tried changing that code.. it didn't work.. – Franchette Mar 10 '16 at 03:27
  • Likely you would need to use a compatible library because I think godaddy's php is 2 full versions out of date. – Rasclatt Mar 10 '16 at 03:31
  • You would also have to store the password using password_hash and retrieval using password_verify (or compatible). – Rasclatt Mar 10 '16 at 03:34
  • What is `$rows` when you echo it? – blazerunner44 Mar 10 '16 at 04:49
  • you should at least try PDO, but anyway, can you do `print_r($rows)` and see if values fetched are the same? – Þaw Mar 10 '16 at 07:44
  • @blazerunner44 rows is the variable of the records in the db.. – Franchette Mar 10 '16 at 10:06
  • Try to leave out the escaping functions (stripslashes and mysql_real_escape_string) and check for leading/trailing whitespaces. Do it in your login script and in the registration script, then try to register a new user and login. This is of course only for testing purposes, not for production. – martinstoeckli Mar 10 '16 at 16:04

0 Answers0