daveeboi Posted July 16, 2008 Share Posted July 16, 2008 I currently have a problem with my login page basically when checking my user login details. I am entering details for a test user that I know is the correct username and password yet I'm still being dirested to my failed login page. My code in the checklogin.php is : <?php ob_start(); $host="my host name"; // Host name $username="my username"; // Mysql username $password="my pword"; // Mysql password $db_name="my db name"; // Database name $tbl_name ="my reg members table";//table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['myusername'] = "$myusername"; $_SESSION["mypassword"] = "$mypassword"; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ob_end_flush(); ?> Anything glaringly obvious that I'm totally missing? Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/ Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 i can't seem to find a problem with the code.. are you sure there is only one entry in the databse? Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591527 Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 try to verify the username and password by directly see if they equal one another rather then counting the rows from the database.. if it works that way then you know for sure there is more then one entry.. other wise I guess you could just look at the DB if you can do that. Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591529 Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 Yeah, I entered it myself and double checked throu myphpadmin after it failed to work as intended. Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591530 Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 also if this wasnt done while submitting your username and password orginally there maybe differences in them thats making the login fail.. // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); also is the query failing?? run the query through an if statement to see if its really successfull <?php if($sql) { echo("SUCCESS!!"); } else { echo("FAIL!!!".mysql_error()); } ?> Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591532 Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 I tried it without the stripslashes etc and it still gave the same output. I'll test the query. Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591539 Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 The sql function works, I think it's something to do with the line // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row See anything there? Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591550 Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 nothing wrong with that line Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591552 Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 I'd also tried setting $count == 0 before entering the count rows statement but that didn't work for me either. Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591557 Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 I think i might have found the problem... try this change $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; to this $sql="SELECT * FROM $tbl_name WHERE username=' ".myusername." ' and password=' ".$mypassword ." ' "; Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591559 Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 When I was testing parts of the code earlier I'd found that the previous error came from the SESSION part in my login success.php but afetr entering your ammended code part there I am still getting an error but now it's the error from the checklogin.php I posted earlier "Worng username or password". I'm confused ??? Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591570 Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 now that i'm looking for it i found these too $_SESSION['myusername'] = "$myusername"; $_SESSION["mypassword"] = "$mypassword"; written in the above fashion makes them STRINGS we want them to be parsed not outputted change to : $_SESSION['myusername'] = $myusername; $_SESSION["mypassword"] = $mypassword; Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591575 Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 Ok, with the code using the line $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; I get the error from my login_success.php file from the if(!isset($_SESSION['myusername'])) line I have there. If I use this line of code in the file $sql="SELECT * FROM $tbl_name WHERE username=' ".myusername." ' and password=' ".$mypassword ." ' "; I get the 'Wrong username or password' error from the checklogin.php file. Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591583 Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 The ccode as is just now is : <?php ob_start(); $host="--------"; // Host name $username="-------"; // Mysql username $password="------"; // Mysql password $db_name="------"; // Database name $tbl_name ="registered_members";//table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['myusername'] = $myusername; $_SESSION['mypassword'] = $mypassword; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ob_end_flush(); ?> Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591587 Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 you still need to change this line <?php $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; ?> its going into the database as (result) SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' it should be like this: <?php $sql="SELECT * FROM ". $tbl_name ." WHERE username=' ". $myusername ." ' and password=' ". $mypassword ." '"; ?> and would go to the database as this SELECT * FROM value_of_tbl_name WHERE username='value_of_myusername' and password='value_of_mypassword' Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591598 Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 Thanks for the help. I just tried that line as well and again got the 'worng username or password' message when it definitely is not either! Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591606 Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 other then that man i don't know what to tell you.. try echoing out those values.. in several places within the script and see what they come out to Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591609 Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 Ok, thanks anyway for trying. Really can't understand it myself, it looks fine to me. Might just take the easy way out and download a working script and alter it accordingly and just put this one down to unsolved mystery. Thanks again. Link to comment https://forums.phpfreaks.com/topic/115026-my-login-page-problem/#findComment-591611 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.