cbear2021 Posted March 31, 2009 Share Posted March 31, 2009 hi there - I'm having a lot of trouble getting my login script to work. I've created a database in mysql with a users table, and a registration page/script - which works fine, created some test users and they've been inserted no problems into the database. However, When I try to login using these credentials, I keep getting the error (that i've echo'd in my if statement) sorry your account cannot be found, despite the fact I know it's in there. My only clue is - when I try to register someone with the same credentials, it's telling me the email is already in the database, so it's leading me to think there's something wrong with my code for checking against a password. My code is below: dbconnect.php: <?php $dbhost = "xxxxxx.db"; // name of the host $dbname = "xxxx"; // database name $dbuser = "xxxx"; // username for database $dbpass = "xxxx"; // database password // function to connect to the database $dbonnect = @mysql_connect($dbhost, $dbuser, $dbpass); // if php cannot connect to the database, then output the following error message and // stop the script from running any further if(!dbconnect) { echo '<p> oops...unable to connect to the databse sever at the moment. Please try again</p>'; exit(); } // if php cannot connect to the database, then output the error message and exit // NOTE ---- the @ sign suppresses any standard mysql error message and allows us // to output our own. if (!@mysql_select_db($dbname)) { echo'<p> Unable to connect to the database right now, please try again</p>'; exit(); } ?> register.php: <?php include 'dbconnect.php'; ?> <?php // check if email exists in the table $checkemail = mysql_query("SELECT * FROM `users` WHERE email = '$_POST[email]'"); //if there is a row which matches the email print the email address exists if(mysql_num_rows($checkemail) == 1) { echo "email adddress already exists in database! Please go back and try again"; exit(); } elseif(mysql_num_rows($checkemail) == 0) //if there is no matching row in the table { $email = mysql_real_escape_string($_POST['email']); $Fname = mysql_real_escape_string($_POST['Fname']); $Lname = mysql_real_escape_string($_POST['Lname']); $password = md5(mysql_real_escape_string($_POST['password'])); $location = mysql_real_escape_string($_POST['location']); $age = $_POST['age']; $gender = $_POST['gender']; $register = mysql_query("INSERT INTO `users` (email, firstname, lastname, age, password, location, gender) VALUES ('$email', '$Fname', '$Lname', $age, '$password', '$location', '$gender')") or die("MySQL Error: " . mysql_error()); // run the query } if($register) //if the query turns out to be true then print success etc { echo "<h2> Success! </h2>"; echo "<p> Your account was successfully created!"; } else // otherwise, return the error message { echo "<h2> Error </h2>"; echo "<p> Sorry, your registration failed. Please go back and try again. </p>"; } ?> login.php: <?php include 'dbconnect.php'; ?> <?php if((empty($_POST['email'])) && (empty($_POST['password']))) { echo "You have not entered any login details. please go back and try again"; exit(); } //checks if the email and password have been submitted elseif((!empty($_POST['email'])) && (!empty($_POST['password']))) { $email = mysql_real_escape_string($_POST['email']); //removed any unwanted characters from the users input $password = md5(mysql_real_escape_string($_POST['password'])); //created a md5 hash of the users password - used to check // the database for the same md5 hash } //echo "2nd stage"; //Query - select everything from table users where email is equal to var email and likewise with password $query = ("SELECT * FROM users WHERE email='$email' AND password='$password'"); //echo "3rd stage"; //store that info into a result and process the query $result = mysql_query($query, $dbonnect); echo "4th stage"; // if the query cannot execute for some reason, assign invalid query to the message and print the error message along with the query // then quit the script if (!$result) { $message = 'Invalid query: ' . mysql_error() . "\n"; $message .= 'Whole query: ' . $query; die($message); exit(); } //echo "5th stage"; // if a matching row is found.... if(mysql_num_rows($result) == 1) { // start the session session_start(); $row = mysql_fetch_array($result); $_SESSION['user']= $email; $_SESSION['Fname'] = $row['firstname']; echo "Welcome".$_SESSION['Fname']; echo "<p>Now taking you to the members area</p>"; } //echo "6th stage"; //if the number of rows is equal to zero then.... if(mysql_num_rows($result) == 0) { echo "sorry, your account could not be found. Please register or try again"; exit(); } //echo"7th stage"; ?> And this is my SQL table (created in phpmyadmin): CREATE TABLE IF NOT EXISTS `users` ( `user_id` int(11) NOT NULL auto_increment, `email` varchar(255) NOT NULL, `firstname` varchar(50) NOT NULL, `lastname` varchar(50) NOT NULL, `password` varchar(32) NOT NULL, `location` varchar(50) NOT NULL, `age` mediumint(2) NOT NULL, `gender` varchar(12) NOT NULL, PRIMARY KEY (`user_id`), UNIQUE KEY `email` (`email`), KEY `lastname` (`lastname`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 COMMENT='table of users' AUTO_INCREMENT=2 ; Any help would be much appreciated, as I've been stuck on this for a few days now and I need to get it working asap. Cheers Link to comment https://forums.phpfreaks.com/topic/151967-solved-unable-to-locate-user-in-mysql-db-using-login-script/ Share on other sites More sharing options...
cbear2021 Posted March 31, 2009 Author Share Posted March 31, 2009 Sorry - just to say - I forgot to comment out one of the "stage X" debug lines in the login script. Link to comment https://forums.phpfreaks.com/topic/151967-solved-unable-to-locate-user-in-mysql-db-using-login-script/#findComment-798040 Share on other sites More sharing options...
lonewolf217 Posted March 31, 2009 Share Posted March 31, 2009 i believe your query is failing because of this $query = ("SELECT * FROM users WHERE email='$email' AND password='$password'"); take away the parenthesis and try again also, you seem to be confused about this $dbonnect = @mysql_connect($dbhost, $dbuser, $dbpass); sometimes you reference it as $dbonnect and sometimes as $dbconnect Link to comment https://forums.phpfreaks.com/topic/151967-solved-unable-to-locate-user-in-mysql-db-using-login-script/#findComment-798051 Share on other sites More sharing options...
revraz Posted March 31, 2009 Share Posted March 31, 2009 In login.php, echo $query and compare the variables to what is in the DB and see if they match. Also, check the actual number of rows returned, if its 2, then it will fail as well since you are only checking 0 and 1. I know you have email set to unique, but doesn't hurt to just take a quick look at that. Use mysql_error() after each query to see if any errors are being generated. And Parenthesis are fine around the query. Link to comment https://forums.phpfreaks.com/topic/151967-solved-unable-to-locate-user-in-mysql-db-using-login-script/#findComment-798061 Share on other sites More sharing options...
cbear2021 Posted March 31, 2009 Author Share Posted March 31, 2009 Well, I echo'd the query - and the passwords don't match. the password I used was test - all in lower case, which is what I signed the the test account with (used test for all values except age and location). also - How can I check the number of rows returned? Link to comment https://forums.phpfreaks.com/topic/151967-solved-unable-to-locate-user-in-mysql-db-using-login-script/#findComment-798073 Share on other sites More sharing options...
cbear2021 Posted March 31, 2009 Author Share Posted March 31, 2009 Thanks for your help guys, I managed to get it working. I have no idea why the md5 hashes didn't match for my test user, but they work for all the other users I've since created. Thanks so much for your help Link to comment https://forums.phpfreaks.com/topic/151967-solved-unable-to-locate-user-in-mysql-db-using-login-script/#findComment-798121 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.