puponpup Posted January 1, 2009 Share Posted January 1, 2009 Can anyone see what's wrong with this code? It's not getting any rows from the database (the line with the Invalid Login msg is running). The database has three columns of data: id int(4), username varchar(64), and password varchar(64). There is a username and password in the database and the password has been md5 encrypted. It also doesn't work if I don't even check for the correct password. include 'db-lookup.php'; $loginName = mysql_real_escape_string($_POST['usrnme']); if ($_POST['Submit']=='Login') { $md5pass = md5($_POST['pwd']); $sql = "SELECT id,username FROM login WHERE username='$loginName'"; $result = mysql_query($sql) or die (mysql_error()); $num = mysql_num_rows($result); if ( $num != 0 & password == $md5pass) { // A matching row was found - the user is authenticated. session_start(); list($user_id,$loginName) = mysql_fetch_row($result); // this sets variables in the session $_SESSION['user']= $loginName; if (isset($_GET['ret']) && !empty($_GET['ret'])) { header("Location: $_GET[ret]"); } else { header("Location: myaccount.php"); } //echo "Logged in..."; exit(); } header("Location: login.php?msg=Invalid Login"); //echo "Error:"; exit(); } Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/139140-solved-php-code-not-finding-username-from-mysql-database/ Share on other sites More sharing options...
ucffool Posted January 2, 2009 Share Posted January 2, 2009 I think this is your issue: if ( $num != 0 & password == $md5pass) { Should be: if ( $num != 0 && password == $md5pass) { Quote Link to comment https://forums.phpfreaks.com/topic/139140-solved-php-code-not-finding-username-from-mysql-database/#findComment-727727 Share on other sites More sharing options...
fenway Posted January 2, 2009 Share Posted January 2, 2009 This is obviously not related to the mysql query... please confirm if this solved the issue, or I'll move it to the appropriate forum. Quote Link to comment https://forums.phpfreaks.com/topic/139140-solved-php-code-not-finding-username-from-mysql-database/#findComment-727874 Share on other sites More sharing options...
puponpup Posted January 3, 2009 Author Share Posted January 3, 2009 I think this is your issue: if ( $num != 0 & password == $md5pass) { Should be: if ( $num != 0 && password == $md5pass) { Thanks for checking on that; however, it's not the issue. Even when I only look for the username - and only have if ($num != 0) - it doesn't find anything. Quote Link to comment https://forums.phpfreaks.com/topic/139140-solved-php-code-not-finding-username-from-mysql-database/#findComment-728570 Share on other sites More sharing options...
puponpup Posted January 3, 2009 Author Share Posted January 3, 2009 This is obviously not related to the mysql query... please confirm if this solved the issue, or I'll move it to the appropriate forum. I'm pretty sure it does have to do with the query, because as I said in my first post, it doesn't work even if I don't check for the password. Quote Link to comment https://forums.phpfreaks.com/topic/139140-solved-php-code-not-finding-username-from-mysql-database/#findComment-728577 Share on other sites More sharing options...
xtopolis Posted January 3, 2009 Share Posted January 3, 2009 password is missing a $ ? password - > $password Quote Link to comment https://forums.phpfreaks.com/topic/139140-solved-php-code-not-finding-username-from-mysql-database/#findComment-728582 Share on other sites More sharing options...
puponpup Posted January 3, 2009 Author Share Posted January 3, 2009 password is missing a $ ? password - > $password Thanks, I'll change that. But can all subsequent posts ignore the password part of the code? Like I said, it doesn't work even without that part. Quote Link to comment https://forums.phpfreaks.com/topic/139140-solved-php-code-not-finding-username-from-mysql-database/#findComment-728594 Share on other sites More sharing options...
Chicken Little Posted January 3, 2009 Share Posted January 3, 2009 A quick comment: Should $loginName = mysql_real_escape_string($_POST['usrnme']); be $loginName = mysql_real_escape_string($_POST['username']); note 'username' versus 'usrnme' and further down header("Location: $_GET[ret]"); be header("Location: $_GET['ret']"); note the single quotes for ret Quote Link to comment https://forums.phpfreaks.com/topic/139140-solved-php-code-not-finding-username-from-mysql-database/#findComment-728647 Share on other sites More sharing options...
puponpup Posted January 3, 2009 Author Share Posted January 3, 2009 A quick comment: Should $loginName = mysql_real_escape_string($_POST['usrnme']); be $loginName = mysql_real_escape_string($_POST['username']); note 'username' versus 'usrnme' I actually made my post variable be usrnme (one of those bot-proof methods so bots don't try to post a million times to my page). and further down header("Location: $_GET[ret]"); be header("Location: $_GET['ret']"); note the single quotes for ret I'll check about that (but I wasn't getting an error and it wouldn't affect my original problem so if people could still check about that, that would be great, thanks!). Quote Link to comment https://forums.phpfreaks.com/topic/139140-solved-php-code-not-finding-username-from-mysql-database/#findComment-728823 Share on other sites More sharing options...
xtopolis Posted January 3, 2009 Share Posted January 3, 2009 First, check if it's a mysql problem: On your MYSQL console or PHPMYADMIN page, try performing your query with data that will work. If the query works, this is a PHP problem. Secondly, put "breakpoints" in your code so you can see exactly where it's failing. <?php include 'db-lookup.php'; $loginName = mysql_real_escape_string($_POST['usrnme']); if ($_POST['Submit']=='Login') { die("Made it!");// BREAKPOINT $md5pass = md5($_POST['pwd']); $sql = "SELECT id,username FROM login WHERE username='$loginName'"; //...rest of code ?> Continue moving the die() down until you don't see it, while also echoing the variables as you go to verify they are what you expect. I'm guessing $_POST['Submit'] doesn't == 'Login'... but it's impossible to tell with the code you gave us. Quote Link to comment https://forums.phpfreaks.com/topic/139140-solved-php-code-not-finding-username-from-mysql-database/#findComment-728849 Share on other sites More sharing options...
puponpup Posted January 4, 2009 Author Share Posted January 4, 2009 Continue moving the die() down until you don't see it, while also echoing the variables as you go to verify they are what you expect. I'm guessing $_POST['Submit'] doesn't == 'Login'... but it's impossible to tell with the code you gave us. Thank you all! I used phpmyadmin and found that it was a problem with the php. Used die() along with the $loginName to find out that it wasn't finding that. In the end, it was a stupid html problem - I thought the id value from the form inputs was the post variable and not the name value. So, in the end, it was "usrnme" which was the problem even though not because of any spelling mistakes. Quote Link to comment https://forums.phpfreaks.com/topic/139140-solved-php-code-not-finding-username-from-mysql-database/#findComment-729164 Share on other sites More sharing options...
fenway Posted January 4, 2009 Share Posted January 4, 2009 Thank you all! I used phpmyadmin and found that it was a problem with the php. Yup. Quote Link to comment https://forums.phpfreaks.com/topic/139140-solved-php-code-not-finding-username-from-mysql-database/#findComment-729262 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.