Jump to content

[SOLVED] PHP code not finding username from MySQL database

puponpup

By puponpup
in MySQL Help

 Share

Recommended Posts

puponpup Newbie

puponpup

Posted
Posted

Can anyone see what's wrong with this code?  It's not getting any rows from the database (the line with the Invalid Login msg is running).  The database has three columns of data: id int(4), username varchar(64), and password varchar(64).  There is a username and password in the database and the password has been md5 encrypted.  It also doesn't work if I don't even check for the correct password.

 

include 'db-lookup.php';

$loginName = mysql_real_escape_string($_POST['usrnme']);

if ($_POST['Submit']=='Login')
{
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,username FROM login WHERE username='$loginName'"; 

$result = mysql_query($sql) or die (mysql_error()); 
$num = mysql_num_rows($result);

    if ( $num != 0 & password == $md5pass) { 

        // A matching row was found - the user is authenticated. 
       session_start(); 
   list($user_id,$loginName) = mysql_fetch_row($result);
	// this sets variables in the session 
	$_SESSION['user']= $loginName;  


	if (isset($_GET['ret']) && !empty($_GET['ret']))
	{
	header("Location: $_GET[ret]");
	} else
	{
	header("Location: myaccount.php");
	}
	//echo "Logged in...";
	exit();
    } 

header("Location: login.php?msg=Invalid Login");
//echo "Error:";
exit();		
}

 

Thanks.

 

 

Link to comment
Share on other sites
puponpup Newbie

puponpup

Posted
  • Author
Posted

I think this is your issue:

 

    if ( $num != 0 & password == $md5pass) {

 

Should be:

 

    if ( $num != 0 && password == $md5pass) {

 

Thanks for checking on that; however, it's not the issue.  Even when I only look for the username - and only have if ($num != 0) - it doesn't find anything.

Link to comment
Share on other sites
puponpup Newbie

puponpup

Posted
  • Author
Posted

This is obviously not related to the mysql query... please confirm if this solved the issue, or I'll move it to the appropriate forum.

 

I'm pretty sure it does have to do with the query, because as I said in my first post, it doesn't work even if I don't check for the password.

Link to comment
Share on other sites
Chicken Little Newbie

Chicken Little

Posted
Posted

A quick comment:

Should

$loginName = mysql_real_escape_string($_POST['usrnme']);

 

be

$loginName = mysql_real_escape_string($_POST['username']);

 

note 'username' versus 'usrnme'

 

and further down

 

header("Location: $_GET[ret]");

 

be

header("Location: $_GET['ret']");

 

note the single quotes for ret

Link to comment
Share on other sites
puponpup Newbie

puponpup

Posted
  • Author
Posted

A quick comment:

Should

$loginName = mysql_real_escape_string($_POST['usrnme']);

 

be

$loginName = mysql_real_escape_string($_POST['username']);

 

note 'username' versus 'usrnme'

 

I actually made my post variable be usrnme (one of those bot-proof methods so bots don't try to post a million times to my page).

and further down

 

header("Location: $_GET[ret]");

 

be

header("Location: $_GET['ret']");

 

note the single quotes for ret

 

I'll check about that (but I wasn't getting an error and it wouldn't affect my original problem so if people could still check about that, that would be great, thanks!).

Link to comment
Share on other sites
xtopolis Member

xtopolis

Posted
Posted

First, check if it's a mysql problem:

On your MYSQL console or PHPMYADMIN page, try performing your query with data that will work.  If the query works, this is a PHP problem.

 

Secondly, put "breakpoints" in your code so you can see exactly where it's failing.

<?php
include 'db-lookup.php';

$loginName = mysql_real_escape_string($_POST['usrnme']);

if ($_POST['Submit']=='Login')
{
      die("Made it!");// BREAKPOINT
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,username FROM login WHERE username='$loginName'";
//...rest of code
?>

Continue moving the die() down until you don't see it, while also echoing the variables as you go to verify they are what you expect.  I'm guessing $_POST['Submit'] doesn't == 'Login'... but it's impossible to tell with the code you gave us.

Link to comment
Share on other sites
puponpup Newbie

puponpup

Posted
  • Author
Posted

 

Continue moving the die() down until you don't see it, while also echoing the variables as you go to verify they are what you expect.  I'm guessing $_POST['Submit'] doesn't == 'Login'... but it's impossible to tell with the code you gave us.

 

Thank you all!  I used phpmyadmin and found that it was a problem with the php.  Used die() along with the $loginName to find out that it wasn't finding that.  In the end, it was a stupid html problem - I thought the id value from the form inputs was the post variable and not the name value.  So, in the end, it was "usrnme" which was the problem even though not because of any spelling mistakes.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.