Barak Posted November 28, 2008 Share Posted November 28, 2008 Hello there, I wrote alil script - login system. now the register works great, but when I try to get it to work with login, I don't know why but it's always makes it as wrong password/username. I hoped you could look at the 2 files I will upload and you might find something I can't see. Just notice the script is very simple without any security cause I took it all off so I can see why the login script doesn't work. I will really apperacite any help. This is the register.php file: <?php $host="localhost"; //your host $user="root"; //your username $password="password"; //your password $db="db"; //your DB where you stored the tables $message=""; $con=mysql_connect($host,$user,$password); if (!$con) { die('Could not connect: ' . mysql_error()); } $Register=$_POST['Register']; if($Register) { mysql_select_db($db, $con); // checks if user or pass is missing. if ((!$_POST[user]) || (!$_POST[pass]) ) { $message="--- You missed some part ---"; } else { //if nothing's missing, the query starts checking if theres such user. $sql = mysql_query( "SELECT * FROM A WHERE Username ='$_POST[user]'" ); if( mysql_num_rows($sql) > 0 ) { // if the user is already exists. it shows an error. $message="Sorry, the name is already in our database."; } else { // if its all ok, then the query starts setting the info into the table. $pass=md5($_POST[pass]); $sql="INSERT INTO A SET Username='$_POST[user]', Password='$pass', FirstName='$_POST[first]', LastName='$_POST[last]' "; if (!mysql_query($sql)) { echo "dang it!"; die ('ERROR: ' . mysql_error()); } else { $message="Thanks! now you can login."; header("location:a_login.php"); // Re-direct to main.php } } } } mysql_close($con); ?> <html> <body> <?php echo $message; ?> <form action="<?php echo $PHP_SELF; ?>" method="post"> Username: <input type="text" name="user" /><br /> Password: <input type="password" name="pass" /><br /> Firstname: <input type="text" name="first" /><br /> Lastname: <input type="text" name="last" /><br /> <input type="submit" name="Register" /> </form> </body> </html> This is the login.php: <?php // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; $host="localhost"; //your host $user="root"; //your username $password="password"; //your password $db="db"; //your DB where you stored the tables $con=mysql_connect($host,$user,$password); if (!$con) { die('Could not connect: ' . mysql_error()); } ////// Login Section. $Login=$_POST['Login']; if($Login) { // If clicked on Login button. // username and password sent from form $myusername=$_POST[user]; $ppassword=$_POST[pass]; $mypassword=md5($ppassword); $sql="SELECT * FROM A WHERE UserName=$_POST[user] AND Password=$mypassword"; $query=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($sql); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ $message="matches username and pass"; } else { $message="no match"; } } mysql_close($con); ?> <html> <body> <?php echo $message; ?> <form action="<?php echo $PHP_SELF; ?>" method="post"> Username: <input type="text" name="user" /><br /> Password: <input type="password" name="pass" /><br /> <input name="Login" type="submit" id="Login" value="Login" /> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
Mark Baker Posted November 28, 2008 Share Posted November 28, 2008 Quote your strings in the SQL query $sql="SELECT * FROM A WHERE UserName='".$_POST[user]."' AND Password='".$mypassword."'"; And remember to escape your $_POST values before using them in the query Quote Link to comment Share on other sites More sharing options...
Barak Posted November 28, 2008 Author Share Posted November 28, 2008 Thanks I've updated what you were telling me. Still there's a problem, not matter what it shows the message 'not' (as it doesn't find a match with username and pass). updated code: (of login.php) <?php // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; $host="localhost"; //your host $user="root"; //your username $password="password"; //your password $db="db"; //your DB where you stored the tables $con=mysql_connect($host,$user,$password); if (!$con) { die('Could not connect: ' . mysql_error()); } ////// Login Section. $Login=$_POST['Login']; if($Login) { // If clicked on Login button. // username and password sent from form $myusername=$_POST[user]; $ppassword=$_POST[pass]; $mypassword=md5($ppassword); $sql="SELECT * FROM A WHERE UserName='".$myusername."' AND Password='".$mypassword."'"; $query=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($sql); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $message="logged"; } else { $message="not"; } } mysql_close($con); ?> <html> <body> <?php echo $message; ?> <form action="<?php echo $PHP_SELF; ?>" method="post"> Username: <input type="text" name="user" /><br /> Password: <input type="password" name="pass" /><br /> <input name="Login" type="submit" id="Login" value="Login" /> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
Mark Baker Posted November 28, 2008 Share Posted November 28, 2008 Quote your named index keys as well. $myusername=$_POST['user']; $ppassword=$_POST['pass']; Double check your database to be sure that the user record is there in table A Display the actual SQL select query, to be sure that it looks sensible, and see if it will run via phpmyadmin Quote Link to comment Share on other sites More sharing options...
Barak Posted November 28, 2008 Author Share Posted November 28, 2008 I tried to do something, I only tried to verify the Username, and then again always it's getting it not logged. But, I also made an Echo part which asks for the user=username, and it gets me the right username.. which is wierd. there is the file again with all the fixes and what I tried to do: <?php // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; $host="localhost"; //your host $user="root"; //your username $password="p"; //your password $db="my_db"; //your DB where you stored the tables $con=mysql_connect($host,$user,$password); if (!$con) { die('Could not connect: ' . mysql_error()); } // username and password sent from form $myusername=$_POST['user']; ////// Login Section. $Login=$_POST['Login']; if ($Login) { $sql=mysql_query("SELECT * FROM A WHERE UserName='".$myusername."'"); // Mysql_num_row is counting table row $count=mysql_num_rows($sql); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $message="logged"; } else { $message="not $myusername"; } } mysql_close($con); ?> <html> <body> <?php echo $message; ?> <form action="<?php echo $PHP_SELF; ?>" method="post"> Username: <input type="text" name="user" /><br /> <input name="Login" type="submit" id="Login" value="Login" /> </form> </body> </html> Edit: I looked out at the logs, and I think I found the problem! omg: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\\site\\login.php on line 32, referer: http://localhost/a_login.php Quote Link to comment Share on other sites More sharing options...
Barak Posted November 28, 2008 Author Share Posted November 28, 2008 Sorry for the double post, though I couldn't find the modify button again. anyways, I figured out it was a problem with the mysql_num_row() function, though I have no idea how to fix this. I have read about it abit, but there's no correction anyone gave for it, so I'd appreaciate if you could help me out with this so I can continue writing the script. Thank you for your time. Barak Quote Link to comment Share on other sites More sharing options...
revraz Posted November 28, 2008 Share Posted November 28, 2008 It's not a problem with mysql_num_rows, it's a problem with your query. Your query fails so there is no resource to pass to the function. echo $sql before you do the query, what is the output? add mysql_error() after your query to see if a error is reported. Quote Link to comment Share on other sites More sharing options...
Barak Posted November 28, 2008 Author Share Posted November 28, 2008 When I run echo $sql it shows the right username.. which means it gets it right. This is the last updated code, tell me exactly what do you want me to change/add, it will be more accurate like that: <?php // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; $PHP_SELF="#"; $host="localhost"; //your host $user="root"; //your username $password="pass"; //your password $db="my_db"; //your DB where you stored the tables $con=mysql_connect($host,$user,$password); if (!$con) { die('Could not connect: ' . mysql_error()); } ////// Login Section. $Login=$_POST['Login']; if ($Login) { // username and password sent from form $myusername=$_POST['user']; $sql="SELECT * FROM A WHERE username=$myusername"; echo $myusername; $result=mysql_query($sql); // Mysql_num_row is counting table row // If result matched $myusername and $mypassword, table row must be 1 row $count=mysql_num_rows($result); if ($count==1) { // Register $myusername, $mypassword and redirect to file "login_success.php" $message="logged"; } else { $message="not"; } } // close Login mysql_close($con); ?> <html> <body> <?php echo $message; ?> <form action="<?php echo $PHP_SELF; ?>" method="post"> Username: <input type="text" name="user" /><br /> <input name="Login" type="submit" id="Login" value="Login" /> </form> </body> </html> And now this is the log, it shows some errors with the Login Button, and with the mysql_num_rows.. dunno what to do, look at it: [Fri Nov 28 20:01:55 2008] [error] [client 127.0.0.1] PHP Notice: Undefined index: Login in C:\\site\\a_login.php on line 24 [Fri Nov 28 20:01:56 2008] [error] [client 127.0.0.1] PHP Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\\site\\a_login.php on line 33, referer: http://localhost/a_login.php Thank you for your time! - Barak Quote Link to comment Share on other sites More sharing options...
revraz Posted November 28, 2008 Share Posted November 28, 2008 Again, use mysql_error after your querries. I also stated to echo $sql, not $myusername. You are missing single quotes around $myusername sql="SELECT * FROM A WHERE username= '$myusername'"; Quote Link to comment Share on other sites More sharing options...
Barak Posted November 29, 2008 Author Share Posted November 29, 2008 This is the file a_login.php: <?php // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. session_destroy(); $message=""; $PHP_SELF=""; $host="localhost"; //your host $user="root"; //your username $password="pass"; //your password $db="my_db"; //your DB where you stored the tables $con=mysql_connect($host,$user,$password); if (!$con) { die('Could not connect: ' . mysql_error()); } ////// Login Section. $Login=$_POST['Login']; if ($Login) { // username and password sent from form $myusername=$_POST['user']; $sql="SELECT * FROM A WHERE username='$myusername',$db"; echo $myusername; $result=mysql_query($sql); // Mysql_num_row is counting table row // If result matched $myusername and $mypassword, table row must be 1 row $count=mysql_num_rows($result); if ($count==1) { // Register $myusername, $mypassword and redirect to file "login_success.php" $message="logged"; } else { die('Could not connect: ' . mysql_error()); } } // close Login mysql_close($con); ?> <html> <body> <?php echo $message; ?> <form action="<?php echo $PHP_SELF; ?>" method="post"> Username: <input type="text" name="user" /><br /> <input name="Login" type="submit" id="Login" value="Login" /> </form> </body> </html> "Could not connect: No database selected" Dunno why... kinda wierd.. Any ideas? Quote Link to comment Share on other sites More sharing options...
revraz Posted November 29, 2008 Share Posted November 29, 2008 Why is it wierd, your code never connects to the DB. Quote Link to comment Share on other sites More sharing options...
Barak Posted December 6, 2008 Author Share Posted December 6, 2008 Yep I figured it out and fixed it a week ago, now I have another problem. I use sessions cause I want members to stay logged in. Now it creates a sessions when there's a succesefull login, and even creates a file @ Temp folder on my homemade server. Now when I go to another page and try to use that session, it doesn't work. Any help will be appreacited files - login: <?php require_once("config.php"); session_start(); $message=""; $PHP_SELF=""; ////// Login Section. $Login=$_POST['Login']; if ($Login) { mysql_select_db("my_db", $con); // username and password sent from form $ppassword=$_POST['pass']; $mypassword=md5($ppassword); $myusername=$_POST['user']; $sql="SELECT * FROM A WHERE username='".$myusername."' AND Password='".$mypassword."'"; $result=mysql_query($sql); // Mysql_num_row is counting table row // If result matched $myusername and $mypassword, table row must be 1 row $count=mysql_num_rows($result); if ($count==1) { // Register $myusername, $mypassword and redirect to file $_SESSION['user']= $myusername; header("Location: myaccount.php"); } else { $message="Wrong Username/Password!"; } } // close Login ?> <html> <body> <form action="<?php echo $PHP_SELF; ?>" method="post"> Username: <input type="text" name="user" /><br /> Password: <input type="password" name="pass" /><br /> <input name="Login" type="submit" id="Login" value="Login" /> <?php echo $message; ?> </form> </body> </html> "myaccount page" - just a test page of sessions: <?php session_start(); if (!isset($_SESSION['user'])) { die ("Access Denied"); } ?> <h2>My Account </h2> <?php if (isset($_SESSION['user'])) { ?> <p>Logged as <?php echo $_SESSION['user']; ?> | <a href="settings.php">Settings</a> | <a href="logout.php">Logout</a> </p> <?php } ?> Quote Link to comment Share on other sites More sharing options...
revraz Posted December 7, 2008 Share Posted December 7, 2008 Make sure you have error reporting and display turned on to see if you are getting any errors. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.