I built a code for Log In Page. The Code was working perfectly till yesterday. But, today it is not working like i wanted it to work. Its on my localhost at the moment.
if (isset($_POST['userpassword']))
{
include('db.php'); //I am using passwordu instead of password.
$query = "SELECT * FROM users WHERE username = '".$_REQUEST['username']."' AND passwordu = '".md5($_REQUEST['userpassword'])."'";
$result = mysql_query($query);
$num_rows = mysql_num_rows($result);
if ($num_rows == 1)
{
echo "Congratulations. You are now Logged in. You will be logged out when the Browser is closed.";
$_SESSION['logval'] = TRUE;
}
else
{
echo "You Have Entered Wrong Information. <b>Please Try AGAIN."; }
?>
Whenever I enter a wrong password, it shows the correct thing. But, when i enter the right password, then also it shows that the password was not accepted.
This code was working perfectly till yesterday. Today, this problem cropped up.
I Have Figured out the Solution to this problem.
I was using the varchar(20) for the passwordu field. So, it was not working. I set it now to a larger value i.e. 100(for safety). And it works like a charm.
One glaring issue that I see is that you are checking if
$num_rows == 1. While this is fine in most cases, it’s possible that it is masking a potential issue with duplicate accounts. This is to say that if you have more than 1 of the same account, you give the illusion that the credentials are incorrect when in fact they are.As a test, try the example below to see if it begins to work:
Though this may fix your problem, you will need to figure out why you would have a duplicate account.
Edit
I would consider Mike Brant’s suggestion in the comments below. Truly, there should be a unique constraint to prevent the potential case for duplicates.