-1
<?php
    error_reporting (E_ALL ^ E_NOTICE);
    session_start();
    ?>
    <html>
    <head>
    <title>Log in</title>
    </head>
    <body>
    <?php
    $form = "<form action='./log.php' method='POST'>
    <table>
    <tr>
        <td>Username</td>
        <td><input type='text' name='name'></td>
    </tr>
    <tr>
        <td>Password</td>
        <td><input type='text' name='password'></td>
    </tr>
    <tr>
        <td></td>
        <td><input type='submit' name='loginbtn' value='Login'></td>
    </tr>
    </table>
    </form>";

        if ($_POST['loginbtn']) {
            $user = $_POST['name'];
            $password = $_POST['password'];
            if($user) {
                if($password) {
                    require('connect.php');
                    $password = md5($password)
                    //make user login info correct
                    $query = mysql_query("SELECT * FROM users where name= '$user'");
                    $numrows = mysql_num_rows($query);
                    if($numrows == 1) {
                        $row = mysql_fetch_assoc($query);
                        $dbid = $row['id'];
                        $dbuser = $row['name'];
                        $dbpass = $row['password'];
                        $dbactive = $row['active'];

                        if($password == $dbpass) {
                            if($dbactive == 1) {
                                //set session info
                                $_SESSION['id'] = $dbid;
                                $_SESSION['name'] = $dbuser;

                                echo "You have logged in as <b>$dbname</b> <a href='en/index.html'>Click Here</a> to go on next page";
                            }
                            else {
                                echo "You must activate your account to login. $form";
                            }

                        }
                        else {
                            echo "You did not enter the correct password";
                        }
                    }
                    else {
                        echo "The username you entered was not found. $form";
                    }

                    mysql_close();
                }
                else {
                    echo "Tou must eneter your password. $form";
                }
            }
            else {
             echo "Tou must eneter a username. $form";
            }
        }
        else {
            echo $form;
        }
    ?>
    </body>
    </html>

*My registration system instert password on db in md5 format.

but this login form can't find my password and print me problem "You did not enter the correct passsword".

How to sloving this problem?*

Persistently trying to solve the problem but have not been able

Stacker-flow
  • 1,251
  • 3
  • 19
  • 39
TIGER
  • 3
  • 3
  • 5
    Please don't use md5 for passwords, it's not been secure enough for hashing passwords for years. Look at [bcrypt](http://php.net/manual/en/function.crypt.php), or the PHP [password hash](http://php.net/manual/en/function.password-hash.php) function if you're using PHP >= 5.5 – Styphon Nov 11 '14 at 16:23
  • 3
    It says that because `$password` is not equal to `$dbpass`. Try to debug those values and see what's inside. Also, you script is subject to sql injection. – Nico Nov 11 '14 at 16:24
  • 3
    Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). You will also want to [Prevent SQL Injection!](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Nov 11 '14 at 16:26
  • 1
    @SpYk3HH It's highly relevant, the sooner you can break a users bad habits and educate them the better. – Styphon Nov 11 '14 at 16:26

1 Answers1

0

It may possible while inserting password into database some white space or other values are inserted alongwith password field. So once again check your inserting code. Use trim befor making password md5 like $password = md5(trim($password)) at both side(for Insert and Select). also note that it is case sensitive. As said in the comment section dont use md5 as it is not that much secure.

Sumit Patil
  • 556
  • 1
  • 5
  • 19