GameYin Posted May 1, 2008 Share Posted May 1, 2008 www.gameyin.com/login.php <?php session_start(); include 'config.php'; $user = $_POST['username']; $pass = $_POST['password']; $query = mysql_query("SELECT * FROM Users WHERE Username = '$user' AND Password = '$pass' LIMIT 1") or die(mysql_error()); $row = mysql_fetch_array($query); if($user != "" && $pass != "" || mysql_num_rows($query) > 0 || $row['Activated'] > 0) { $_SESSION["status"] = "Logged"; $_SESSION['username'] = $user; $_SESSION['password'] = $pass; header("Location: index.php"); exit; } else { $_SESSION["status"] = "Not logged"; $_SESSION['username'] = Guest; echo "Something went wrong"; } ?> Go to that website and type in ANYTHING for the username and password. It is just accepting anything. The HTML form is on that link I gave you. HELP! Why isn't it selecting the DB Username? Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/ Share on other sites More sharing options...
PFMaBiSmAd Posted May 1, 2008 Share Posted May 1, 2008 As long as the password and user are filled in, the following part of the if() statement is true - if($user != "" && $pass != "" || You should validate input before performing the query. Then only use the results of the query to determine if there was a match in the database. Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-531034 Share on other sites More sharing options...
jonsjava Posted May 1, 2008 Share Posted May 1, 2008 <?php session_start(); include 'config.php'; $user = $_POST['username']; $pass = $_POST['password']; $query = mysql_query("SELECT * FROM Users WHERE Username = '$user' AND Password = '$pass' LIMIT 1") or die(mysql_error()); $row = mysql_fetch_array($query); if($user != "" && $pass != ""){ if (mysql_num_rows($query) > 0 && $row['Activated'] > 0) { $_SESSION["status"] = "Logged"; $_SESSION['username'] = $user; $_SESSION['password'] = $pass; header("Location: index.php"); exit; } } else { $_SESSION["status"] = "Not logged"; $_SESSION['username'] = Guest; echo "Something went wrong"; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-531037 Share on other sites More sharing options...
jonsjava Posted May 1, 2008 Share Posted May 1, 2008 modified version: <?php session_start(); include 'config.php'; $user = addslashes($_POST['username']); $pass = addslashes($_POST['password']); if (strlen($user) > 0 && strlen($pass) >0){ $query = mysql_query("SELECT * FROM Users WHERE Username = '$user' AND Password = '$pass' LIMIT 1") or die(mysql_error()); $row = mysql_fetch_array($query); if (mysql_num_rows($query) > 0 && $row['Activated'] > 0) { $_SESSION["status"] = "Logged"; $_SESSION['username'] = $user; $_SESSION['password'] = $pass; header("Location: index.php"); exit; } } else { $_SESSION["status"] = "Not logged"; $_SESSION['username'] = Guest; echo "Something went wrong"; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-531040 Share on other sites More sharing options...
PFMaBiSmAd Posted May 1, 2008 Share Posted May 1, 2008 addslashes() does not escape all the special characters that can break a query (which is why the magic quotes settings are being removed from php6 as they are ineffective.) Only use mysql_real_escape_string() Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-531050 Share on other sites More sharing options...
jonsjava Posted May 1, 2008 Share Posted May 1, 2008 got me there. Lazy coding today. the fixed version: <?php session_start(); include 'config.php'; $user = mysql_real_escape_string($_POST['username']); $pass = mysql_real_escape_string($_POST['password']); if (strlen($user) > 0 && strlen($pass) >0){ $query = mysql_query("SELECT * FROM Users WHERE Username = '$user' AND Password = '$pass' LIMIT 1") or die(mysql_error()); $row = mysql_fetch_array($query); if (mysql_num_rows($query) > 0 && $row['Activated'] > 0) { $_SESSION["status"] = "Logged"; $_SESSION['username'] = $user; $_SESSION['password'] = $pass; header("Location: index.php"); exit; } } else { $_SESSION["status"] = "Not logged"; $_SESSION['username'] = Guest; echo "Something went wrong"; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-531054 Share on other sites More sharing options...
GameYin Posted May 1, 2008 Author Share Posted May 1, 2008 Ok I'll try that version when I get home. I'm in English 11 right now. Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-531074 Share on other sites More sharing options...
GameYin Posted May 2, 2008 Author Share Posted May 2, 2008 It is staying on loginaction.php. It's not redirecting and I know I typed in the right information. What's up? Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-531940 Share on other sites More sharing options...
GameYin Posted May 2, 2008 Author Share Posted May 2, 2008 Wow, why does noone respond to my topics. What is up with this? Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-531949 Share on other sites More sharing options...
DarkWater Posted May 2, 2008 Share Posted May 2, 2008 This is FREE HELP, not PAID CODING. Don't be arrogant. Try using an absolute URL. Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532023 Share on other sites More sharing options...
GameYin Posted May 2, 2008 Author Share Posted May 2, 2008 Sorry. Hectic day over at another forum and I'm taking it out over here lol. I assume you mean with the header location? Edit: Didn't work. Any other ideas? Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532028 Share on other sites More sharing options...
DarkWater Posted May 2, 2008 Share Posted May 2, 2008 Yes, with the headers. What browser are you using? Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532029 Share on other sites More sharing options...
GameYin Posted May 2, 2008 Author Share Posted May 2, 2008 Opera, Also I noticed something. When I enter details to signin, it still stays at loginaction.php, but if I hit back button once, it has logout and usercp links at the top. If I go to index.php from there, (do some highlighting) and you will see "Guest" Just as my code wanted. So apparently my details aren't going good at the database portion. Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532033 Share on other sites More sharing options...
DarkWater Posted May 2, 2008 Share Posted May 2, 2008 Replace: $query = mysql_query("SELECT * FROM Users WHERE Username = '$user' AND Password = '$pass' LIMIT 1") or die(mysql_error()); With: $sql="SELECT * FROM Users WHERE Username = '$user' AND Password = '$pass' LIMIT 1"; echo $sql; $query = mysql_query($sql) or die(mysql_error()); Then take that output and run it in the MySQL client. You can remove the echo $sql; later. Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532038 Share on other sites More sharing options...
GameYin Posted May 2, 2008 Author Share Posted May 2, 2008 Tried that code instead. Didn't work. Just "displayed" teh query. Noticed you forgot mysql_query so I added it. The error now is.. Resource id #3You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #3' at line 1 Current code <?php session_start(); include 'config.php'; $user = mysql_real_escape_string($_POST['username']); $pass = mysql_real_escape_string($_POST['password']); if (strlen($user) > 0 && strlen($pass) >0){ $sql=mysql_query("SELECT * FROM Users WHERE Username = '$user' AND Password = '$pass' LIMIT 1"); echo $sql; $query = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($query); if (mysql_num_rows($query) > 0 && $row['Activated'] > 0) { $_SESSION["status"] = "Logged"; $_SESSION['username'] = $user; $_SESSION['password'] = $pass; header("Location: http://www.gameyin.com/index.php"); exit; } } else { $_SESSION["status"] = "Not logged"; $_SESSION['username'] = Guest; echo "Something went wrong"; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532040 Share on other sites More sharing options...
DarkWater Posted May 2, 2008 Share Posted May 2, 2008 When I ask you to put something into your code, please put it in exactly as I posted it. You wouldn't have that error if you just did what I said...=/ Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532042 Share on other sites More sharing options...
revraz Posted May 2, 2008 Share Posted May 2, 2008 He didn't forget the mysql_query, it's on his 3rd line. By you adding it you are getting an error as you shown below. This is why I stopped replying to your questions a long time ago, you don't want to follow anyone's advice. Tried that code instead. Didn't work. Just "displayed" teh query. Noticed you forgot mysql_query so I added it. The error now is.. Resource id #3You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #3' at line 1 Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532048 Share on other sites More sharing options...
DarkWater Posted May 2, 2008 Share Posted May 2, 2008 The code that I posted was EXPECTED to echo the query so you could see what values are being put in and try it in the MySQL client. Sheesh. Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532050 Share on other sites More sharing options...
GameYin Posted May 2, 2008 Author Share Posted May 2, 2008 <?php session_start(); include 'config.php'; $user = mysql_real_escape_string($_POST['username']); $pass = mysql_real_escape_string($_POST['password']); if (strlen($user) > 0 && strlen($pass) >0){ $sql="SELECT * FROM Users WHERE Username = '$user' AND Password = '$pass' LIMIT 1"; echo $sql; $query = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_array($query); if (mysql_num_rows($query) > 0 && $row['Activated'] > 0) { $_SESSION["status"] = "Logged"; $_SESSION['username'] = $user; $_SESSION['password'] = $pass; header("Location: index.php"); exit; } } else { $_SESSION["status"] = "Not logged"; $_SESSION['username'] = Guest; echo "Something went wrong"; } ?> No idea what you wanted...? Confused about copy and paste lol. www.gameyin.com/loginaction.php Look at it. That's waht it looks like. This is my current code btw. Redo my code I don't understand you. Edit: www.gameyin.com/login.php user: GameYin pass:gameyin THEN, you will see what I'm talking about Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532052 Share on other sites More sharing options...
DarkWater Posted May 2, 2008 Share Posted May 2, 2008 That's exactly what I wanted you to do. NOW take what it echos (the query WITH VALUES) and run it in the MySQL client. Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532055 Share on other sites More sharing options...
BlueSkyIS Posted May 2, 2008 Share Posted May 2, 2008 Replace: $query = mysql_query("SELECT * FROM Users WHERE Username = '$user' AND Password = '$pass' LIMIT 1") or die(mysql_error()); With: $sql="SELECT * FROM Users WHERE Username = '$user' AND Password = '$pass' LIMIT 1"; echo $sql; $query = mysql_query($sql) or die(mysql_error()); Then take that output and run it in the MySQL client. You can remove the echo $sql; later. Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532058 Share on other sites More sharing options...
GameYin Posted May 2, 2008 Author Share Posted May 2, 2008 MySQL returned an empty result set (i.e. zero rows). (Query took 0.0234 sec) Does my register code work??? <?php include 'config.php'; if(isset($_POST['submit'])) { $first = addslashes(trim($_POST['firstname'])); $surname = addslashes(trim($_POST['surname'])); $username = addslashes(trim($_POST['username'])); $email = addslashes(trim($_POST['email'])); $pass = addslashes(trim($_POST['password'])); $conf = addslashes(trim($_POST['confirm'])); $ip = $_SERVER['REMOTE_ADDR']; $date = date("d, m y"); if ( $_POST['password'] == $_POST['confirm'] ) {}else{ echo '<script type="text/javascript">alert("Your passwords were not the same, please enter the same password in each field.");</script>'; echo '<script type="text/javascript">history.back(1);</script>'; exit; } $password = md5($pass); if ((((( empty($first) ) || ( empty($surname) ) || ( empty($username) ) || ( empty($email) ) || ( empty($password) ))))) { echo '<script type="text/javascript">alert("One or more fields was left empty, please try again.");</script>'; echo '<script type="text/javascript">history.back(1);</script>'; exit; } if((!strstr($email , "@")) || (!strstr($email , "."))) { echo '<script type="text/javascript">alert("You entered an invalid email address. Please try again.");</script>'; echo '<script type="text/javascript">history.back(1);</script>'; exit; } $q = mysql_query("SELECT * FROM Users WHERE Username = '$username'") or die(mysql_error()); if(mysql_num_rows($q) > 0) { echo '<script type="text/javascript">alert("The username you entered is already in use, please try again.");</script>'; echo '<script type="text/javascript">history.back(1);</script>'; exit; } $name = $first . ' ' . $surname; $actkey = mt_rand(1, 500).'f78dj899dd'; $act = sha1($actkey); $query = mysql_query("INSERT INTO Users (Username, Password, Name, Email, Date, IP, Actkey) VALUES ('$username','$password','$name','$email','$date','$ip','$act')") or die(mysql_error()); $send = mail($email , "Registration Confirmation" , "Thank you for registering with Gameyin.\n\nYour username and password is below, along with details on how to activate your account.\n\nUser: ".$username."\nPass: ".$pass."\n\nClick the link below to activate your account:\nhttp://www.gameyin.com/activate.php?id=".$act."\n\nThanks", "FROM: [email protected]"); if(($query)&&($send)) { echo '<p>Thank you for registering, you will recieve an email soon with your login details and your activation link so that you can activate your account.</p> <p><a href="login.php">Click here</a> to login once you have activated.</p>'; } else { echo ' <p>We are sorry, there appears to be a problem with our script at the moment.</p> <p>Your data was not lost. Username: '.$username.' | Password: '.$pass.' | Email: '.$email.' | Full name: '.$name.'</p> <p>Please try again later.</p>'; } } else { ?> <p>Welcome to the registration, fill out the form below and hit Submit. All fields are required,so fill them all out! <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post"> <table> <tr> <td><p>First name</p></td> <td><input name="firstname" type="text" id="firstname" /></td> </tr> <tr> <td><p>Surname</p></td> <td><input name="surname" type="text" id="surname" /></td> </tr> <tr> <td><p>Email Address</p></td> <td><input name="email" type="text" id="email" /></td> </tr> <tr> <td><p>Username</p></td> <td><input name="username" type="text" id="username" /></td> </tr> <tr> <td><p>Password</p></td> <td><input name="password" type="password" id="password" /></td> </tr> <tr> <td><p>Confirm Password</p></td> <td><input name="confirm" type="password" id="confirm" /></td> </tr> <tr> <td><p>Register</p></td> <td><input name="submit" type="submit" class="textBox" value="Submit" /></td> </tr> </table> </form> <p>Upon confirmation of your details, you will be sent an email containing your username, password and details on how to activate your account so as to be able to use this website. </p></div> <? } mysql_close($l); ?> That's all from my register. Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532060 Share on other sites More sharing options...
DarkWater Posted May 2, 2008 Share Posted May 2, 2008 Why don't you check for yourself? Run "SELECT * FROM users" in your MySQL client and see if everything was put in correctly. Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532062 Share on other sites More sharing options...
GameYin Posted May 2, 2008 Author Share Posted May 2, 2008 SQL query: SELECT * FROM users LIMIT 0 , 30 MySQL said: #1146 - Table 'gameyinc_members.users' doesn't exist WOW, Now I'm REALLY confused. Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532063 Share on other sites More sharing options...
GameYin Posted May 2, 2008 Author Share Posted May 2, 2008 You misspelled my table name. It's Users. Not users. I picked that up. I have a whole list of the users. Passwords are hashed. Could that be the problem? For example, one of the password were 3ee80237eb604ba79992f1e67b189c72 Quote Link to comment https://forums.phpfreaks.com/topic/103719-solved-not-selecting-from-db-login/#findComment-532068 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.