php not allowing login

Question

I have created a log in system however when i log in it say the email or password are incorrect even though it's a test user and the details are correct. Maybe it doesn't match the database, I have checked over and over again. I can't seem to find the problem. Any help is much appreciated.

PHP:

if(isset($_SESSION['user'])!="")
{
header("Location: index-user.php");
}

if(isset($_POST['btn-login']))
{
$email = mysql_real_escape_string($_POST['email']);
$upass = mysql_real_escape_string($_POST['pass']);

$email = trim($email);
$upass = trim($upass);

$res=mysql_query("SELECT user_id, user_name, user_pass FROM users WHERE user_email='$email'");
$row=mysql_fetch_array($res);

$count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row

if($count == 1 && $row['user_pass']==md5($upass))
{
    $_SESSION['user_name'] = $row['user_id'];
    header("Location: index-user.php");
}
else
{
    ?>
<script>alert('Email or password invalid.');</script>
    <?php
}

}
?>

HTML:

<input class="loginmodal-input" type="text" name="email" placeholder="Email" required>
<input class="loginmodal-input" type="password" name="upass" placeholder="Password" required>
<button type="submit" name="btn-login" id="login-btn" class="login btn-block loginmodal-submit">Login</button>
<button class="login-btn-2 btn btn-lg btn-block" type="button" aria-label="Close" value="Cancel" data-dismiss="modal"> Cancel</button>

MySQL Info: user_id user_name user_email user_pass

The password would be alphanumerical. Identical macth would check for type & value. — Sougata Bose, Jan 27 '16 at 08:11
You're using $_POST['pass'], but you only have a 'upass' field — Reinder Wit, Jan 27 '16 at 08:12
so replace `$count == 1 && $row['user_pass']==md5($upass))` with `$row['user_pass'] === md5($upass)` ? — About Leros, Jan 27 '16 at 08:12

score 1 · Accepted Answer · answered Jan 27 '16 at 08:13

1

The value of $upass is empty, because there is no form field with name 'pass'.

Change this:

$upass = mysql_real_escape_string($_POST['pass']);

into this:

$upass = mysql_real_escape_string($_POST['upass']);

answered Jan 27 '16 at 08:13

Reinder Wit

6,490
1
25
36

it's now allows one to log in, however the header is redirecting back tot he login page. Despite being redirected to a different page (index.php) – About Leros Jan 27 '16 at 08:25
It's hard to tell why it's redirecting without knowing what's inside those pages. I notice you are setting a $_SESSION['user_name'] but you are checking against $_SESSION['user'] – Reinder Wit Jan 27 '16 at 08:39
meaning I should change it to `$_SESSION['user_name']` ? – About Leros Jan 27 '16 at 16:53
I can't tell for sure, cause I don't know how everything else is setup, but that could be the issue yes – Reinder Wit Jan 28 '16 at 07:51

score 1 · Answer 2 · answered Jan 27 '16 at 08:13

1

you should try this :

$upass = mysql_real_escape_string($_POST['upass']);

upass is name of your input.

answered Jan 27 '16 at 08:13

Emmanuel

9
1

php not allowing login

2 Answers2