current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

This code works on my computer, but when I run it on my web host's server, it doesn't. The output is "Incorrect password or email", even though I'm using the correct password. I thought I had made a mistake with the passwords, but the code won't output $r['email'] or $r['passwordHash'], at the top of the while loop. If I use mysql_result on $sql, I get the data out, so something weird must be happening with mysql_fetch_array. Am I missing something here, or is this more likely a unique problem I should address with my host's support staff?

$query = "SELECT * FROM users WHERE user='$email'";
$sql = mysql_query($query);
    while($r = mysql_fetch_array($sql)) {
        echo $r['email'];
        echo $r['passwordhash'];

        if($passwordHash == $r['passwordhash']) {

            $_SESSION['user_id'] = $email;
            echo "started session";
        }
        else {
            echo "Incorrect password or email";
        }       
    }
share|improve this question
3  
What is $passwordHash? –  BoltClock Feb 11 '11 at 16:53
    
did you managed to get it work? –  Damien Pirsy Feb 11 '11 at 23:28

2 Answers 2

up vote 1 down vote

Use $sql = mysql_query($query) or die (mysql_error()) to check if there's something going wrong with the query.

Alternatively, you could try mysql_fetch_assoc (since I see you're most using associative arrays), to rule out a possible 'bug' of mysql_fetch_array (I doubt that but you could give it a try).

And check that $email is not empty. If it's passed through a sanitizing function (as it should have before being put into the query), see if that function have actually returned a value or just NULL or an empty string.

And, btw, why are you using a while loop? Are you supposed to get more than one record (and passwords) with the same e-mail address?

share|improve this answer
up vote 0 down vote

One thing to check real quick would be PHP and MySQL version on your computer versus the web server. How are you handling the hashes, because that could also cause an issue.

Are you doing something like the following?

$password = md5($password);

If so, are you converting correctly on the web server side?

$password = $_POST['password'];
$passwordHash = md5($password);
unset($password);

$query = "SELECT * FROM users WHERE user='$email'";
$sql = mysql_query($query);
    while($r = mysql_fetch_array($sql)) {
        echo $r['email'];
        echo $r['passwordhash'];

        if($passwordHash == $r['passwordhash']) {

            $_SESSION['user_id'] = $email;
            echo "started session";
        }
        else {
            echo "Incorrect password or email";
        }       
    }
share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.