Login problem...

Well i will try to tell you my problem...
i have a website that requires registration,so which is the problem...
every member makes the registration thats ok...so far,
when the member try to login have the error * Password or login incorrect*
this happening  to my login.php page
I upload to the server my back up and nothing happened!!!
Could someone give a solution to my problem?


P.S i don't know PHP

[Join us @ facebook]

Don't worry, we know php, but you have to post some code to understand what the problem is....

yes and some URL's where we can test it...

Ok Tell me what exactly do you need and i will post it to you!!
My website url is www.thetoptraffic.com

[Join us @ facebook]

Post the php code of the login.php page

Code:

<?php
unset($login,$pwrd,$id);
session_start();
session_register("login","pwrd","id");

if($logout==1){
session_destroy();
header("Location: ".$PHP_SELF);
}

require('config_inc.php');
require('error_inc.php');


//require('error_inc.php');
//require('config_inc.php');


if(auth($login,$pwrd)!=0){
header("Location: $path/user_menu.php");
}

if($REQUEST_METHOD=="POST"){
if(isset($lo)){
$log=htmlspecialchars($log);
$passwrd=htmlspecialchars($passwrd);
$au=auth($log,$passwrd);
if($au>0){
$login=$log;   
$pwrd=$passwrd;
$id=$au;
header("Location: user_menu.php?PHPSESSID=".$PHPSESSID);
}else{
require('header_inc.php');
print "<p>".$err[1]."</p>";
}
}
}else{
require('header_inc.php');
}        
?>       
<form name="form1" method="post" action="" >
  <table border="0" cellspacing="2" cellpadding="0" align="center">
    <tr align="center">
             
      <td height="20" align=right><b>Log In</b></td>
      <td height="20">&nbsp;</td>
            </tr>
            <tr>
             
      <td align="right">Your Name:</td>
             
      <td align="left" height="20">
        <input type="text" name="log" size="15">
      </td>
            </tr>
            <tr>
             
      <td align="right">Password:</td>
             
      <td align="left" height="20">
        <input type="password" name="passwrd" size="15">
      </td>
            </tr>
            <tr>
             
      <td align="right" valign="top">&nbsp;</td>
             
      <td align="left" height="20">
        <input type="submit" name="lo" value="Log In">
        <br>
<a href="forgot.php"><font color=blue size=1>Forgot your password?</font></a>
              </td>
            </tr>
          </table>
       </form>
<?php
require('footer_inc.php');
?>

[Join us @ facebook]

There should be a function called auth in your site's files.

Find it (propably in the config_inc.php file) and post the code here.

You will identify it by this :

function auth (......

does this script worked before?

check also in your php configuration the value for register_globals

function auth($log,$pass){
        global $t_user;
        $query = "select id from ".$t_user." where email=\"".$log."\" and pass=\"".$pass."\" ";
        $result = MYSQL_QUERY($query);
        if(mysql_num_rows($result)>0){
                $id=mysql_result($result,0,"id");
                @mysql_free_result($result);
                return $id;
        }else{
                @mysql_free_result($result);
                return 0;

ok guys I am a big idiot!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I just noticed that for usename you need   (where email=\"".$log."\" and pass=\"".$pass."\" "
the email not only the name 
ok I am sorry...
Thank you Nikolas and Olaf 

[Join us @ facebook]

Hehe, it's ok.

BTW change this :

$query = "select id from ".$t_user." where email=\"".$log."\" and pass=\"".$pass."\" ";

to this :

$query = "select id from ".$t_user." where email=\"".addslashes($log)."\" and pass=\"".addslashes($pass)."\" LIMIT 1";

* The script is insecure.....

Ohh thanks men!
I knew it that i had to change this line ,but i wanted to check you...

[Join us @ facebook]

Ohh thanks men!
I knew it that i had to change this line ,but i wanted to check you...

Hehehe.

[Guest]

[62.865]

Yahoo crawler, Googlebot, Markirosyan, Msnbot