elflacodepr Posted July 18, 2008 Share Posted July 18, 2008 Hello all, I need help with this login system, the problem is I don't know how to retrieve data correctly from DB I have an idea but still not working. Also I'm not sure if arrays in login systems work same way I did....till blows my head everytime I work with them...any help is appreciated. Here is the script: <?php if(isset($_POST['Login'])){ $username = mysql_real_escape_string($_POST['username']); $userpass = mysql_real_escape_string($_POST['password']); include 'library/config.php'; include 'library/open.php'; // Query $sql = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'") or die ('Error, cannot continue'); $row = mysql_fetch_array($sql); if(mysql_num_rows($sql) == 0) die("<br />Invalid user or password!<br />"); else session_start(); $_SESSION["username"]=$row["username"]; $_SESSION["username"]=$row["password"]; header("LOCATION: admin/admin.php"); include 'library/closedb.php'; } ?> Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted July 18, 2008 Share Posted July 18, 2008 change $row = mysql_fetch_array($sql); to $row = mysql_fetch_assoc($sql); Quote Link to comment Share on other sites More sharing options...
elflacodepr Posted July 18, 2008 Author Share Posted July 18, 2008 ok I did that and still nothing works correctly, when I click the "login" button it still redirecting me even if I type the wrong password Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted July 18, 2008 Share Posted July 18, 2008 Try it like this, you've got some of the orders mixed around. And session_start() should ALWAYS be at the top. Oh and you were using $password not $userpass. <?php session_start(); //ALWAYS!!! if(isset($_POST['Login'])){ $username = mysql_real_escape_string($_POST['username']); $userpass = mysql_real_escape_string($_POST['password']); include 'library/config.php'; include 'library/open.php'; // Query $sql = mysql_query("SELECT * FROM `users` WHERE `username`='{$username}' AND `password`='{$userpass}'") or die ('Error, cannot continue'); if(mysql_num_rows($sql) == 0){ die("<br />Invalid user or password!<br />"); }else{ $row = mysql_fetch_array($sql); //you can use array $_SESSION['username'] = $row['username']; $_SESSION['username'] = $row['password']; header("LOCATION: admin/admin.php"); include 'library/closedb.php'; } ?> Quote Link to comment Share on other sites More sharing options...
elflacodepr Posted July 18, 2008 Author Share Posted July 18, 2008 oh..all fixed thanks for that! now the problem is, I get stuck in the validate script (which is the one of above) when I try to Login, if I fill the login info, it redirects me to the validating script even if the password is wrong, all it shows it a blank page ??? Quote Link to comment Share on other sites More sharing options...
JasonLewis Posted July 18, 2008 Share Posted July 18, 2008 Can you please rephrase that? I don't understand what you're after... Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted July 18, 2008 Share Posted July 18, 2008 so u want it to show an error if the password is wrong? Quote Link to comment Share on other sites More sharing options...
elflacodepr Posted July 18, 2008 Author Share Posted July 18, 2008 ok, I have 2 files, the Login and Validate: Login.php <html> <head>Login</head> <body> <table> <tr> <td> <form action="validate.php" method="POST"> User: <input type="text" name="username"><br /> Password: <input type="password" name="password"> <input type="submit" value="Login"> </form> </td> </tr> </body> </html> Validate.php <?php session_start(); //ALWAYS!!! if(isset($_POST['Login'])){ $username = mysql_real_escape_string($_POST['username']); $userpass = mysql_real_escape_string($_POST['password']); include 'library/config.php'; include 'library/open.php'; // Query $sql = mysql_query("SELECT * FROM `users` WHERE `username`='{$username}' AND `password`='{$userpass}'") or die ('Error, cannot continue'); if(mysql_num_rows($sql) == 0){ die("<br />Invalid user or password!<br />"); }else{ $row = mysql_fetch_array($sql); //you can use array $_SESSION['username'] = $row['username']; $_SESSION['username'] = $row['password']; header("LOCATION: admin/admin.php"); include 'library/closedb.php'; } } ?> What I mean is, after I fill the login info(username and password) it is supposed to check all info using Validate.php script, once is checked and everything is correct it must redirect me to "admin/admin.php". but it doesn't, it simply shows a blank page after I click the Login button(inlogin.php) I hope I could make ya the map so u want it to show an error if the password is wrong? Yes thats what I want, but it doesn't work at all, as I can type anything and it redirects me ??? Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted July 18, 2008 Share Posted July 18, 2008 ok, first off try header("Location:/admin/admin.php"); if that doesnt redirect try using an abosulte url, also are u getting any errors if not turn error reporting on error_reporting(E_ALL); Quote Link to comment Share on other sites More sharing options...
paulman888888 Posted July 18, 2008 Share Posted July 18, 2008 Could you use AJAX? I think that would be very good. Target _hidenframe in your form. And if the password and username is correct, use javascript redirect. Its an idea. If it helps or not is a different thing. Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted July 18, 2008 Share Posted July 18, 2008 they can disable javascript Quote Link to comment Share on other sites More sharing options...
paulman888888 Posted July 18, 2008 Share Posted July 18, 2008 they can disable javascript It still works though because newgrounds use it. Quote Link to comment Share on other sites More sharing options...
elflacodepr Posted July 18, 2008 Author Share Posted July 18, 2008 nothing works still same blank page can any one try it on your personal server and tell me if it do the same? :'( Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted July 18, 2008 Share Posted July 18, 2008 try debugging , echo all the variables, and post your new code here Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.