I have this php code from my login.php
if (isset($_POST['logIn'])) {
$errmsg = "";
$logname = mysqli_real_escape_string($dbc, trim($_POST['usernameIn']));
$logpassword = mysqli_real_escape_string($dbc, trim($_POST['passwordIn']));
$query = "SELECT user_id, username FROM members WHERE username = '$logname' AND password = SHA('$logpassword')";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
$row = mysqli_fetch_array($data);
setcookie('user_id', $row['user_id'], time() + (60 * 60 * 24 * 30)); //expires after 30 days
setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30));
$home = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';
header('Location: ' . $home);
}
else {
$errmsg = '<p class="errormsg">Username or password is incorrect.</p>';
}
}
And for some reason, it always ends up setting $errmsg in the else statement. I am sure that I'm entering information (username,password) that is correct and exists in the database.
I insert my values (from a signup script) using this query:
$query = "INSERT INTO members (username, password, email) VALUES ('$username', SHA('$password'), '$email')";
Anyone see the problem with this script? Thanks!