/    Sign up×
Community /Pin to ProfileBookmark

Login Script Problwm

Hi there,
If i try to login with the script below without any username or password, it logs me in as a user that is already in the database! Cant see why it would do that though when it should just show an error… There is another page, but that is just a form with no predeffined values that will affect the form!

Fet

[code=php]
<? session_start();
ob_start();
$username=$_REQUEST[‘username’];
$password=base64_encode($_REQUEST[‘password’]);
$sql_reg=”select * from tbl_register where username='”.$username.”‘ and password='”.$password.”‘ and status=’1′”;
$fet=mysql_query($sql_reg) or die(“The Following error occired: <br>”.mysql_error());
if(mysql_num_rows($fet)>0)
{
$_SESSION[‘user’]=$username;
ob_start();
header(“location:home.php”);
exit;
}
else
{
$msg=1;
}
?>
[/code]

to post a comment
PHP

2 Comments(s)

Copy linkTweet thisAlerts:
@NogDogNov 13.2006 — The first possibilties that come to mind:

  • 1. You haven't logged out a previous user (expired the session cookie and destroyed the session), so it's using that existing session.


  • 2. You have a row in your users table with empty values for user and password.
  • Copy linkTweet thisAlerts:
    @NogDogNov 13.2006 — Upon further review, are you sure that code runs without error? "password" is a reserved word in MySQL (the password() function), so I would expect your mysql_query() call to throw an error since you have not back-quoted the password column name.
    ×

    Success!

    Help @scottyrob spread the word by sharing this article on Twitter...

    Tweet This
    Sign in
    Forgot password?
    Sign in with TwitchSign in with GithubCreate Account
    about: ({
    version: 0.1.9 BETA 12.1,
    social: @webDeveloperHQ,
    });

    legal: ({
    terms: of use,
    privacy: policy
    analytics: Fullres
    });
    changelog: (
    version: 0.1.9,
    notes: added community page

    version: 0.1.8,
    notes: added Davinci•003

    version: 0.1.7,
    notes: upvote answers to bounties

    version: 0.1.6,
    notes: article editor refresh
    )...
    recent_tips: (
    tipper: Anonymous,
    tipped: article
    amount: 1000 SATS,

    tipper: @aldoushuxley,
    tipped: article
    amount: 1000 SATS,

    tipper: Anonymous,
    tipped: article
    amount: 1000 SATS,
    )...