-1

I am trying to do a query in which i can see if username and password can match. If it matches, then I will go to the administrator pages. The problem Im having is that i think that the query is not giving me the right results. The database table is called admin, and it has adminame and passadmin. The user im entering IS in the database. The password is encrypted. 

<?php

    $f_user = $_POST['f_user'];
    $f_pass = $_POST['f_pass'];

    $status = authenticate($f_user, $f_pass);

    if ($status == 1)
    {
        include("../connections/config.php");

        session_start();
        //session_register("SESSION_UNAME");
        $_SESSION['SESSION_UNAME'] = $f_user;
        $SESSION_UNAME = $f_user;
        header("Location: unoadmin.php");
        exit();
    }
    else
    {
        $mensa= "Informaci&oacute;n Incorrecta...Int&eacute;ntelo de Nuevo";
        header("Location: register.php?mensa=$mensa");
        exit();
    }

    function authenticate($user, $pass)
    {
        include("../connections/config.php");

        $connection = mysql_connect($mach,$userna,$paso) or die ("Unable to connect!");
        $query = "SELECT * from admin WHERE adminame = '$f_user'";
        mysql_select_db($db);
        $result = mysql_query($query, $connection) or die ("Error in query: $query. " . mysql_error());
        $num_results = mysql_num_rows($result);

        if ($num_results == 1)
        {
            for($i=0; $i < $num_results; $i++)
            {
                $row = mysql_fetch_array($result);
                $pas = $row["passadmin"];
            }
            if(crypt($pass,$pas) == $pas)
            {
                return 1;
            }
            else
            {
                return 0;
            }
        }
        else
        {
            return 0;
        }
    }
?>

Can someone tell me what is the error? It is leading me to "Información incorrecta. Intentelo de nuevo" or in english "Wrong information. Try again"

Pranav Hosangadi
  • 23,755
  • 7
  • 44
  • 70
jjumar
  • 19
  • 4

3 Answers3

1

It is a bit of a guess, but your authenticate function returns false (error message)

I am not sure what happens in the include, it suggests inclusion of database settings.

You are using 2 different vars for the username: is:

function authenticate($user, $pass) // <-- you pass $user
{
   include("../connections/config.php");

   $connection = mysql_connect($mach,$userna,$paso) or die ("Unable to connect!");
   $query = 
    "SELECT * from admin WHERE adminame = '$f_user'"; // <-- you use $f_user

Perhaps not a real answer, but it was to long for a comment.

JvdBerg
  • 21,777
  • 8
  • 38
  • 55
  • You are onto something, additionally, I can't see how `crypt($pass,$pas) == $pas` could ever be true. – dualed Oct 26 '12 at 13:23
1

A simple solution of this question is to put your user name and password in variables and match it with database, If result have greater than 1 value than it will go to admin page. For example 

    $myusername=addslashes($_POST['username']); 
            $mypassword=addslashes($_POST['password']); 

            $sql="SELECT * FROM admin WHERE username='$myusername' and password=md5('$mypassword')";
$query = mysql_query($sql);
$row = mysql_num_rows($query);
if($row>0) {
  header("location:administrator.php");
}
else {
 echo"Please check username and password";
}
Prem
  • 697
  • 3
  • 10
0

From your code you have either:

  • no such entry in your DB with the username you provided
  • the password is wrong

Furthermore you should check your code for SQL injections!

Please take time to read article below,

Community
  • 1
  • 1
eX0du5
  • 896
  • 7
  • 16