Jump to content

[SOLVED] PHP code not finding username from MySQL database


Recommended Posts

Can anyone see what's wrong with this code?  It's not getting any rows from the database (the line with the Invalid Login msg is running).  The database has three columns of data: id int(4), username varchar(64), and password varchar(64).  There is a username and password in the database and the password has been md5 encrypted.  It also doesn't work if I don't even check for the correct password.

 

include 'db-lookup.php';

$loginName = mysql_real_escape_string($_POST['usrnme']);

if ($_POST['Submit']=='Login')
{
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,username FROM login WHERE username='$loginName'"; 

$result = mysql_query($sql) or die (mysql_error()); 
$num = mysql_num_rows($result);

    if ( $num != 0 & password == $md5pass) { 

        // A matching row was found - the user is authenticated. 
       session_start(); 
   list($user_id,$loginName) = mysql_fetch_row($result);
	// this sets variables in the session 
	$_SESSION['user']= $loginName;  


	if (isset($_GET['ret']) && !empty($_GET['ret']))
	{
	header("Location: $_GET[ret]");
	} else
	{
	header("Location: myaccount.php");
	}
	//echo "Logged in...";
	exit();
    } 

header("Location: login.php?msg=Invalid Login");
//echo "Error:";
exit();		
}

 

Thanks.

 

 

I think this is your issue:

 

    if ( $num != 0 & password == $md5pass) {

 

Should be:

 

    if ( $num != 0 && password == $md5pass) {

 

Thanks for checking on that; however, it's not the issue.  Even when I only look for the username - and only have if ($num != 0) - it doesn't find anything.

This is obviously not related to the mysql query... please confirm if this solved the issue, or I'll move it to the appropriate forum.

 

I'm pretty sure it does have to do with the query, because as I said in my first post, it doesn't work even if I don't check for the password.

A quick comment:

Should

$loginName = mysql_real_escape_string($_POST['usrnme']);

 

be

$loginName = mysql_real_escape_string($_POST['username']);

 

note 'username' versus 'usrnme'

 

and further down

 

header("Location: $_GET[ret]");

 

be

header("Location: $_GET['ret']");

 

note the single quotes for ret

A quick comment:

Should

$loginName = mysql_real_escape_string($_POST['usrnme']);

 

be

$loginName = mysql_real_escape_string($_POST['username']);

 

note 'username' versus 'usrnme'

 

I actually made my post variable be usrnme (one of those bot-proof methods so bots don't try to post a million times to my page).

and further down

 

header("Location: $_GET[ret]");

 

be

header("Location: $_GET['ret']");

 

note the single quotes for ret

 

I'll check about that (but I wasn't getting an error and it wouldn't affect my original problem so if people could still check about that, that would be great, thanks!).

First, check if it's a mysql problem:

On your MYSQL console or PHPMYADMIN page, try performing your query with data that will work.  If the query works, this is a PHP problem.

 

Secondly, put "breakpoints" in your code so you can see exactly where it's failing.

<?php
include 'db-lookup.php';

$loginName = mysql_real_escape_string($_POST['usrnme']);

if ($_POST['Submit']=='Login')
{
      die("Made it!");// BREAKPOINT
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,username FROM login WHERE username='$loginName'";
//...rest of code
?>

Continue moving the die() down until you don't see it, while also echoing the variables as you go to verify they are what you expect.  I'm guessing $_POST['Submit'] doesn't == 'Login'... but it's impossible to tell with the code you gave us.

 

Continue moving the die() down until you don't see it, while also echoing the variables as you go to verify they are what you expect.  I'm guessing $_POST['Submit'] doesn't == 'Login'... but it's impossible to tell with the code you gave us.

 

Thank you all!  I used phpmyadmin and found that it was a problem with the php.  Used die() along with the $loginName to find out that it wasn't finding that.  In the end, it was a stupid html problem - I thought the id value from the form inputs was the post variable and not the name value.  So, in the end, it was "usrnme" which was the problem even though not because of any spelling mistakes.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.