Ok so I am trying create a login script, here I am using PHP5 and mysqli, I would to ask if you could let me know why it keeps just returning “the error: your username and password does not match any in our db”? when I have created the an account and it clearly does? It’s probably something obvious I’ve missed. Heres the code…
//Check if the form has been submitted
if (isset($_POST[‘login’]))
{
//Check if username and password are empty
if ($_POST['username']!='' && $_POST['password']!='')
{
//Create query to check username and password to database
$validate_user = $mysqli->query('SELECT id, username, password, active FROM users WHERE ="'.$mysqli->real_escape_string(md5($_POST['username'])).' AND password = "'.$mysqli->real_escape_string(md5($_POST['password'])).'"');
//We check if the query returns true
if ($validate_user->num_rows == 1)
{
$row = $validate_user->fetch_assoc();
//Check if the user has activated there account
if ($row['activated'] == 1)
{
$_SESSION['id'] = $row['id'];
$_SESSION['logged_in'] = true;
Header('Location: ../main/index.php');
}
//Show this error if activation returns as 0
else {
$error = '<p class="error">Please activate your account.</p>';
}
}
//Show this error if the details matched any in the db
else {
$error = '<p class="error">Your username and password are not in our database!</p>';
}
}
//Show this error if the username and password field have not been entered
else {
$error = '<p class="error">Please enter your username and password.</p>';
}
}
Your query, simplified, looks like:
SELECT id, username, password, active FROM users WHERE =”‘.md5(<username>).’ AND password = “‘.md5(<password>).'”‘)
I’m sure it should be:
SELECT id, username, password, active FROM users WHERE username=”‘.<username>.’ AND password = “‘.md5(<password>).'”‘)