1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 3:14 am Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Login authentication issues

         

Gilead

5:38 pm on Nov 25, 2011 (gmt 0)

10+ Year Member



For the life of me I can't figure out why this doesn't work.
Add new admin:
<form method="POST" action="addadmin.php" onsubmit="return Form1_Validator(this)" name="theForm" language="JavaScript">
First Name:<input type="text" name="firstname" value=""><br />
Last Name:<input type="text" name="lastname" value=""><br />
Login Name:<input type="text" name="username" value=""><br />
Password:<input type="text" name="password" value=" <?php echo $password ?>"><br />
Access Level:<select size=1 name="accesslevel">
<option selected value="Admin">Admin</option>
<option selected value="SuperUser">SuperUser</option>
</select><br />
Email:<input type="text" name="email" value=""><br />
<input type="submit" name="submit" value="Add Admin"><input type="reset">
</form>

addadmin:
include ('config.php');
$table_name ="authorize";

//make query to database
$sql ="SELECT * FROM $table_name WHERE username= '.$_SESSION[username].'";
$result = @mysql_query($sql) or die(mysql_error());

$firstname=mysql_real_escape_string((addcslashes($_POST['firstname'], "%_")));
$lastname=mysql_real_escape_string((addcslashes($_POST['lastname'], "%_")));
$login=mysql_real_escape_string((addcslashes($_POST['username'], "%_")));
$password=mysql_real_escape_string((addcslashes($_POST['password'], "%_")));
$access_level=$_POST['accesslevel'];
$email=mysql_real_escape_string((addcslashes($_POST['email'], "%_")));

//get the number of rows in the result set
$num = mysql_num_rows($result);
echo $firstname;
echo '<br />';
echo $lastname;
echo '<br />';
echo $login;
echo '<br />';
echo $password;
echo '<br />';
echo $access_level;
echo '<br />';
echo $email;
echo '<br />';
if ($num != 0){

echo "<P>We apologize, that username already exists.</P>";
echo "<P><a href=\"#\" onClick=\"history.go(-1)\">Try Another Username.</a></p>";
echo "$_POST[username]";
exit;

}else{

//or add it to the database
$sql_add = "INSERT INTO $table_name (firstname, lastname, username, password, access_level, email) VALUES ('$firstname', '$lastname', '$login',
'$password', '$access_level', '$email');";

$result = @mysql_query($sql_add) or die(mysql_error());
echo 'Admin Added&nbsp;';
echo $_POST[username];
}

It seems to work just fine, until you try to log in with the credentials. Every time it says wrong username or password.
The entry is there in the database, but only those that I add through cpanel are accepted.
It used to be, I could add an admin level admin and it would work, so something has changed.
Can someone PLEASE help!
Thanks!

Demaestro

5:57 pm on Nov 25, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Does the authentication method use encrypting?

If you aren't sure try adding a user through cpanel, then try adding a user via your method (Give them both the same password)

Open up the DB directly and look at the values in the password fields for those new accounts. Do they match? If not then it is using encryption and you will have to encrypt the password before you save it to the database.

Gilead

6:00 pm on Nov 25, 2011 (gmt 0)

10+ Year Member



Never Mind! I figured it out!
Thanks!
Just changed the variable name of the value going into the database to match the database field name.


Why should it matter if you have a different variable name than the database field? That was the problem.

[edited by: Gilead at 6:06 pm (utc) on Nov 25, 2011]

Leosghost

6:02 pm on Nov 25, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Solutions you find yourself are always worth posting the details of.. :-))..for those who come to the thread after you, and who may have similar problems..

rocknbil

5:56 pm on Nov 28, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Why should it matter if you have a different variable name than the database field?


It's also a **really good idea** to not have the publicly visible field names the same as your database field names.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 3:14 am Apr 28, 2026