jusjus7
-
Posts
38 -
Joined
-
Last visited
Never
Posts posted by jusjus7
-
-
Now try this
<?php session_start(); //ini_set('session.bug_compat_42',0); //ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //Add isset if (isset($_POST['UsersID'])){ //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; $result = mysql_query($sql); $result2=mysql_fetch_row($result); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result2[0]; $_SESSION['U_YearID']=$result2[1]; if($_SESSION['U_YearID']==1){ header("location:login_success.php"); exit; } if($_SESSION['U_YearID']==2){ header("location:login_success2.php"); exit; } if($_SESSION['U_YearID']==4){ header("location:login_success4.php"); exit; } } else { echo "Wrong Username or Password"; } } ?>YES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
You my sir are a genius
Thank you soooo much i can finally click solved!! -
Notice EDIT above.
i get 1 displayed on the page
-
Change to this line
$result=mysql_fetch_row($sql);
i get this
Warning: mysql_fetch_row() expects parameter 1 to be resource, string given in C:\xampp\htdocs\Site1\test\checklogin2.php on line 29
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp\htdocs\Site1\test\checklogin2.php on line 32
Wrong Username or Password
-
Is the name of the page we're working on called checklogin2.php?
yes it goes from loginre1.php to checklogin2.php and from there it should go to login_success.php, login_success2.php or login_success4.php (depending on user year)
-
Then that's where the error is, in the checklogin2.php script.
yep but i cant seem to figure out where i have been looking at this code all day and nothing seems to look wrong (to me)
<?php session_start(); ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; //echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1){ header("Location:login_success.php"); exit; } if($_SESSION['U_YearID']==2){ header("Location:login_success2.php"); exit; } if($_SESSION['U_YearID']==4){ header("Location:login_success4.php"); exit; } } else { echo "Wrong Username or Password"; } ?> -
And your DB table users has the field called `U_YearID`?
yep
# Column Type Collation Attributes Null Default Extra Action
1 UsersID varchar(7) latin1_swedish_ci No None Change Drop More
2 U_Password varchar(10) latin1_swedish_ci No None Change Drop More
3 U_YearID varchar(1) latin1_swedish_ci No None Change Drop More
4 U_FirstName tinytext latin1_swedish_ci No None Change Drop More
5 U_LastName tinytext latin1_swedish_ci No None Change Drop More
6 CompanyID
-
And when you put in a correct password and username, you get a blank screen? What happens to the URL in the address bar? Does it stay the same, or does it change?
it changes to the checklogin2.php address
-
but when i put a wrong username or password it does tell me its wrong!!
-
How about some simple testing to see if query is working.
<?php session_start(); //ini_set('session.bug_compat_42',0); //ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //Add isset if (isset($_POST['UsersID'])){ //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; //echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" /* $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1){ header("location:login_success.php"); exit; } if($_SESSION['U_YearID']==2){ header("location:login_success2.php"); exit; } if($_SESSION['U_YearID']==4){ header("location:login_success4.php"); exit; } */ echo "{$result[1]}"; } else { echo "Wrong Username or Password"; } } ?>hmm it doesnt seem to be working as i still get a blank page :/ so its the query :s
-
Add error reporting to the top of your page. Maybe that will shed some light.
<?php session_start(); error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);
nope nothing happens it just gives me a blank checklogin.php page :/ could it be the if statements are not properly written?
as i took off the error reporting thing you said this has come up again :/
Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0
-
Add error reporting to the top of your page. Maybe that will shed some light.
<?php session_start(); error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);
nope nothing happens it just gives me a blank checklogin.php page :/ could it be the if statements are not properly written?
-
The leading semicolon indicates a comment, so you need to find the line that isn't commented for each of the directives, and set those as above. That should be where you keep those values set while developing.
so one of the semicolons is wrongly placed?
-
Have you echoed out the session to see if it's being set?
yes i did and nothing still got blank page
-
all i get is a blank page back!
-
You need to use table fields as in
$sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'";
NOT
$sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'";
That is what i am using
$sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'";
<?php session_start(); ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; //echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1){ header("location:login_success.php"); exit; } if($_SESSION['U_YearID']==2){ header("location:login_success2.php"); exit; } if($_SESSION['U_YearID']==4){ header("location:login_success4.php"); exit; } } else { echo "Wrong Username or Password"; } ?> -
You need to enable error reporting at its highest level. In your php.ini file, find the following directives, and set them as below. Then restart Apache, run the script again and see what, if any, errors are reported.
error_reporting = -1
display_errors = On
this is what i have found
error_reporting
; Default Value: E_ALL & ~E_NOTICE
; Development Value: E_ALL | E_STRICT
; Production Value: E_ALL & ~E_DEPRECATED
is this what i need to change?
-
no all i keep getting is a blank page :/
-
As Pikachu2000 pointed out, you can't send anything to the browser before setting any sessions. This includes echoing out the $sql. Comment out that line or remove it.
I commented it out and i dont get that sql "error" any more but all i get is a blank page...any ideas would it could be and why its not taking me to any page?
-
That isn't an error. It's the output from
echo $sql;.You need to include session_start() at the beginning of the script.
The header() redirects will never work if there is has already output sent to the browser, such as
echo $sql;Still nothing i have added session_start() at the top of the php code and still getting that :/
session_start(); ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> -
i have put it bk in
<?php ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?>and i get this error
SELECT UsersID,U_YearID FROM users WHERE UsersID='aa101' and U_Password='000123456'
-
i have put it bk in
<?php ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?>and i get this error
-
This is all the code i am using right now
<?php ini_set('session.bug_compat_42',0); ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT * FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1) header("location:login_success.php"); if($_SESSION['U_YearID']==2) header("location:login_success2.php"); if($_SESSION['U_YearID']==4) header("location:login_success4.php"); } else { echo "Wrong Username or Password"; } ?> -
$sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; echo $sql; $result=mysql_query($sql);
Nope :/ i get this error now
SELECT UsersID, U_YearID FROM users WHERE UsersID='aa101' and U_Password='000123456'
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\Site1\test\checklogin1.php on line 31
Wrong Username or Password
-
echo out your sql statement it will help you solve that
sorry i know i am sounding really dumb but how do i do that? where to i type echo by the select by the from or at the where end?
Redirect logging in users to different pages
in PHP Coding Help
Posted
ok i will look into that tomorrow as its 1am in the UK right now and i have been at this all day! lol thanks again!!!