Login script missing something simple

I know it is somethign simple I am missing but I cannot figure it. I double checked everything and I dont know what I am missing. I am trying to create a login form using email, then of course going to dashboard page. I keep getting “wrong details”

Can someone please help me see what I am missing?

index.php (where form is)

include_once 'dbconnect.php';

 header("Location: dashoard.php");
 $email = mysql_real_escape_string($_POST['email']);
 $upass = mysql_real_escape_string($_POST['pass']);
 $res=mysql_query("SELECT * FROM staff WHERE email='$email'");
  $_SESSION['user'] = $row['user_id'];
  header("Location: dashboard.php");
<script>alert('wrong details');</script>

Login Form

    <form method="post">
    <div id="username_input"> 
    <div id="username_inputleft"></div>
        <div id="username_inputmiddle">
        <input name="email" type="text" id="myusername" placeholder="Email Address">
        <img id="url_user" src="images/mailicon.png" alt="">      
        </div><!--ends username_inputmiddle-->
        <div id="username_inputright"></div>                   
    </div><!--ends username_input-->

    <div id="password_input">
    <div id="password_inputleft"></div>
        <div id="password_inputmiddle">       
        <input name="pass" type="password" id="mypassword" placeholder="Password">
        <img id="url_password" src="images/passicon.png" alt="">        
        </div><!--ends password_inputmiddle-->
    	<div id="password_inputright"></div>
    </div><!--ends password_input-->

<div id="submit"> 
<input type="image" src="images/submit.png" name="btn-login" value="Login">      

DB Structure

if your password contains escapable data, then its MD5 will be different from the hash in the DB (unless you did the same when saving the password hash).

note: MD5 is not a safe hash algorithm for user passwords, in your case a rainbow table would get you a valid password for each user. better use the bcrypt password hashes available through password_hash().

additionally, mysql functions are deprecated, better use PDO or MySQLi.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.