rafal Posted September 21, 2014 Share Posted September 21, 2014 (edited) Hallo everybody, i have the following code. but i get allways this error while the user exist in the database. User not found! what do i do wrong? thank you very much for your help Rafal <html> <head> <?php $connection = mysql_connect("db.xyz.com", "username", "password") or die ("connection fehler"); mysql_select_db("db0123456789") or die ("database fehler"); $email = $_POST["inp_email"]; $pwd = $_POST["inp_pwd"]; if($email && $pwd) { $chkuser = mysql_query("SELECT email FROM gbook WHERE email = '($email)' "); $chkuserare = mysql_num_rows($chkuser); echo $email; echo $pwd; if ($chkuserare !=0) { $chkpwd = mysql_query("SELECT pwd FROM gbook WHERE email = '($email)' "); $pwddb = mysql_fetch_assoc($chkpwd); if ($pwd != $pwddb["pwd"]) { echo "password is wrong!"; } else { echo "login successed"; } } else { echo "User not found!"; } } else { echo "Pleas enter your email and password!"; } mysql_close($connection); ?> </head> <body> <form action="login.php" method="post"> Email <input type="text" name="inp_email"><br> Password <input type="text" name="inp_pwd"><br> <input type="submit" name="submit" value="login"> </form> </body> </html> Edited September 21, 2014 by rafal Quote Link to comment Share on other sites More sharing options...
ginerjm Posted September 21, 2014 Share Posted September 21, 2014 Why do you wrap your query args in parentheses? Are you really seeking an email of (me @ domain . com) or do you want me @ domain . com? (Spaces added by me) And why do you do two queries? This s/b all done with one query. And you should be using some kind of security to scramble your password and not be storing it in your db un-scrambled. Plus - why make your db connection before you are sure to need it? Plus - you should really check the query results before fetching a row - there might not be any rows there if the query fails.(You should always verify that the query ran before checking for row count or fetching results) Quote Link to comment Share on other sites More sharing options...
rafal Posted September 25, 2014 Author Share Posted September 25, 2014 dear gingerjm, thank you very much for your help, i did some changes. i show you my result. is it now ok, or still i have errors? thanks Rafal <html> <head> <?php SESSION_START(); $connection = mysql_connect("db.xyz.com", "username", "password") or die ("connection error"); mysql_select_db("database") or die ("database error"); $email = $_POST["inp_email"]; $pwd = $_POST["inp_pwd"]; if($email && $pwd) { $chkuser = mysql_query("SELECT email FROM gbook WHERE email = '$email' "); $chkuserare = mysql_num_rows($chkuser); if ($chkuserare !=0) { $chkpwd = mysql_query("SELECT pwd FROM gbook WHERE email = '$email'"); $pwddb = mysql_fetch_assoc($chkpwd); if (md5($pwd) != $pwddb["pwd"]) { echo "Password is wrong!"; } else { echo "login successed"; $_SESSION['username'] = $email; header ('Location:list.php'); } } else { echo "user not found!"; } } else { echo "enter Email and Password!"; } mysql_close($connection); ?> </head> <body style="font-family: arial;margin: 10; padding: 0" bgcolor="silver"> <font color="black"> <br> <form action="login.php" method="post"> <b>Login</b><br><br> <table> <tr><td> Email:<br><input type="text" name="inp_email"><br> Password:<br><input type="text" name="inp_pwd"><br> <br> <input type="submit" name="submit" value="login"> </td></tr> </table> </form> </font> </body> </html> Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted September 25, 2014 Share Posted September 25, 2014 is it now ok, or still i have errors? No. Use only one query as ginerjm already mentioned to fetch the data from both email and pwd columns. "SELECT email, pwd FROM gbook WHERE email = '$email'" Quote Link to comment Share on other sites More sharing options...
rafal Posted September 25, 2014 Author Share Posted September 25, 2014 dear jazzman1, thank you very much. Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted September 25, 2014 Share Posted September 25, 2014 Perhaps you already got this figured out, but mysql_fetch_assoc() returns the next row in the result set...otherwise it returns false. So basically your first query could be dropped altogether. You can do something like this instead: $result = mysql_query("SELECT pwd FROM gbook WHERE email = '$email' "); if($row = mysql_fetch_assoc($result)) { if(md5($pwd) != $row['pwd']) { //... You'll also want to check out the mysql_real_escape_string() function to help protect your database from SQL injection attacks. More information can be found here: http://php.net/manual/en/function.mysql-real-escape-string.php Side note: In case you're not aware, md5() should not be used for hashing passwords. More information can be found in the PHP manual: http://php.net/manual/en/faq.passwords.php#faq.passwords.fasthash 1 Quote Link to comment Share on other sites More sharing options...
rafal Posted October 18, 2014 Author Share Posted October 18, 2014 thank you very much cyberRobot and jazzman1problem solved. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.