daveeboi Posted July 16, 2008 Share Posted July 16, 2008 I currently have a problem with my login page basically when checking my user login details. I am entering details for a test user that I know is the correct username and password yet I'm still being dirested to my failed login page. My code in the checklogin.php is : <?php ob_start(); $host="my host name"; // Host name $username="my username"; // Mysql username $password="my pword"; // Mysql password $db_name="my db name"; // Database name $tbl_name ="my reg members table";//table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['myusername'] = "$myusername"; $_SESSION["mypassword"] = "$mypassword"; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ob_end_flush(); ?> Anything glaringly obvious that I'm totally missing? Quote Link to comment Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 i can't seem to find a problem with the code.. are you sure there is only one entry in the databse? Quote Link to comment Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 try to verify the username and password by directly see if they equal one another rather then counting the rows from the database.. if it works that way then you know for sure there is more then one entry.. other wise I guess you could just look at the DB if you can do that. Quote Link to comment Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 Yeah, I entered it myself and double checked throu myphpadmin after it failed to work as intended. Quote Link to comment Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 also if this wasnt done while submitting your username and password orginally there maybe differences in them thats making the login fail.. // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); also is the query failing?? run the query through an if statement to see if its really successfull <?php if($sql) { echo("SUCCESS!!"); } else { echo("FAIL!!!".mysql_error()); } ?> Quote Link to comment Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 I tried it without the stripslashes etc and it still gave the same output. I'll test the query. Quote Link to comment Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 The sql function works, I think it's something to do with the line // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row See anything there? Quote Link to comment Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 nothing wrong with that line Quote Link to comment Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 I'd also tried setting $count == 0 before entering the count rows statement but that didn't work for me either. Quote Link to comment Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 I think i might have found the problem... try this change $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; to this $sql="SELECT * FROM $tbl_name WHERE username=' ".myusername." ' and password=' ".$mypassword ." ' "; Quote Link to comment Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 When I was testing parts of the code earlier I'd found that the previous error came from the SESSION part in my login success.php but afetr entering your ammended code part there I am still getting an error but now it's the error from the checklogin.php I posted earlier "Worng username or password". I'm confused ??? Quote Link to comment Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 now that i'm looking for it i found these too $_SESSION['myusername'] = "$myusername"; $_SESSION["mypassword"] = "$mypassword"; written in the above fashion makes them STRINGS we want them to be parsed not outputted change to : $_SESSION['myusername'] = $myusername; $_SESSION["mypassword"] = $mypassword; Quote Link to comment Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 Ok, with the code using the line $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; I get the error from my login_success.php file from the if(!isset($_SESSION['myusername'])) line I have there. If I use this line of code in the file $sql="SELECT * FROM $tbl_name WHERE username=' ".myusername." ' and password=' ".$mypassword ." ' "; I get the 'Wrong username or password' error from the checklogin.php file. Quote Link to comment Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 The ccode as is just now is : <?php ob_start(); $host="--------"; // Host name $username="-------"; // Mysql username $password="------"; // Mysql password $db_name="------"; // Database name $tbl_name ="registered_members";//table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Define $myusername and $mypassword $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['myusername'] = $myusername; $_SESSION['mypassword'] = $mypassword; header("location:login_success.php"); } else { echo "Wrong Username or Password"; } ob_end_flush(); ?> Quote Link to comment Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 you still need to change this line <?php $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; ?> its going into the database as (result) SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' it should be like this: <?php $sql="SELECT * FROM ". $tbl_name ." WHERE username=' ". $myusername ." ' and password=' ". $mypassword ." '"; ?> and would go to the database as this SELECT * FROM value_of_tbl_name WHERE username='value_of_myusername' and password='value_of_mypassword' Quote Link to comment Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 Thanks for the help. I just tried that line as well and again got the 'worng username or password' message when it definitely is not either! Quote Link to comment Share on other sites More sharing options...
ag3nt42 Posted July 16, 2008 Share Posted July 16, 2008 other then that man i don't know what to tell you.. try echoing out those values.. in several places within the script and see what they come out to Quote Link to comment Share on other sites More sharing options...
daveeboi Posted July 16, 2008 Author Share Posted July 16, 2008 Ok, thanks anyway for trying. Really can't understand it myself, it looks fine to me. Might just take the easy way out and download a working script and alter it accordingly and just put this one down to unsolved mystery. Thanks again. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.