Apache/2.2.12 (Ubuntu) MySQL client version: 5.1.37 PHP extension: mysqli PHP Version 5.2.10-2ubuntu6.4 I'm doing the tutorial from this site: http://www.trap17.com/index.php/Php-Simple-Login-Tutorial_t7887.html This is register.php <?php // dbConfig.php is a file that contains your // database connection information. This // tutorial assumes a connection is made from // this existing file. include ("dbConfig.php"); //Input vaildation and the dbase code if ( $_GET["op"] == "reg" ) { $bInputFlag = false; foreach ( $_POST as $field ) { if ($field == "") { $bInputFlag = false; } else { $bInputFlag = true; } } // If we had problems with the input, exit with error if ($bInputFlag == false) { die( "Problem with your registration info. " ."Please go back and try again."); } // Fields are clear, add user to database // Setup query $q = "INSERT INTO `user_info` (`username`,`password`,`email`) " ."VALUES('".$_POST["username"]."') " ."PASSWORD('".$_POST["password"]."') " ."'".$_POST["email"]."')"; // Run query $r = mysql_query($q); // Make sure query inserted user successfully if ( !mysql_insert_id() ) { die("Error: User not added to database."); } else { // Redirect to thank you page. Header("Location: register.php?op=thanks"); } } // end if //The thank you page elseif ( $_GET["op"] == "thanks" ) { echo "<h2>Thanks for registering!</h2>"; } //The web form for input ability else { echo "<form action=\"?op=reg\" method=\"POST\">\n"; echo "Username: <input name=\"username\" MAXLENGTH=\"16\"><br />\n"; echo "Password: <input type=\"password\" name=\"password\" MAXLENGTH=\"16\"><br />\n"; echo "Email Address: <input name=\"email\" MAXLENGTH=\"25\"><br />\n"; echo "<input type=\"submit\">\n"; echo "</form>\n"; } // EOF ?> ---------------------------------------------------------------- This is login.php <?php session_start(); // dBase file include "dbConfig.php"; if ($_GET["op"] == "login") { if (!$_POST["username"] || !$_POST["password"]) { die("You need to provide a username and password."); } // Create query $q = "SELECT * FROM `user_info` " ."WHERE `username`=VALUES('".$_POST["username"]."') " ."AND `password`=PASSWORD('".$_POST["password"]."') " ."LIMIT 1"; // Run query $r = mysql_query($q); if ( $obj = @mysql_fetch_object($r) ) { // Login good, create session variables $_SESSION["valid_id"] = $obj->id; $_SESSION["valid_user"] = $_POST["username"]; $_SESSION["valid_time"] = time(); // Redirect to member page Header("Location: members.php"); } else { // Login not successful die("Sorry, could not log you in. Wrong login information."); } } else { //If all went right the Web form appears and users can log in echo "<form action=\"?op=login\" method=\"POST\">"; echo "Username: <input name=\"username\" size=\"15\"><br />"; echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />"; echo "<input type=\"submit\" value=\"Login\">"; echo "</form>"; } ?> Problem: All users registered through registration page, can't login/get error message. When the password is first written to the db from the registration.php it's assigned a unique number. The problem seems to be in aligning how it's validated by the login.php script. If I manually enter a new user field with the password written directly into the phpMyAdmin, then the login accepts the manually entered user and password at login.php and transfers to the members page. All others get the Error: "Sorry, could not log you in. Wrong login information." Can someone please enlighten me as to why registration.php seems to write to the db and the login.php can read/validate from the manual input field but not know what the key to understanding the password's uniquely generated id assigned by the actual registration.php to the password field? Thanks, David
