Jump to content

[SOLVED] If..then trouble on login page


gladwell

Recommended Posts

This is the bare bones of a login page I'm writing. Everything is working except that the echo statement in the else clause is always on the page. I expected it to only appear when an incorrect u/p combo is entered and login.php is presented again. What's wrong with the way I've written the conditional statement?

 

<?php

 

if (isset($_POST['submit'])) {

}

$username = $_POST['username'];

$password = $_POST['password'];

 

$query = "SELECT * FROM table WHERE username like '$username' AND password like '$password'";

if ($result = mysql_query ($query)){

 

if ($row = mysql_fetch_array ($result)) { //username and password are in the database

 

header('Location: http://url_here/index.php');

exit;

 

}

 

else//username and password not in database.

  echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';

 

}

 

}

 

?>

Here's the form code:

 

<form action = "<?php echo $_SERVER['PHP_SELF'];?>" method="POST">

<fieldset>

<p>Username: <input type = "text" name ="username" size ="10" maxlength="20" ></p>

<p>Password: <input type = "password" name ="password" size ="20" maxlength ="20" /></p>

<div align="center"><input type ="submit" name="submit" value="Login" /></p></div>

</fieldset>

</form> 

 

 

Link to comment
https://forums.phpfreaks.com/topic/163362-solved-ifthen-trouble-on-login-page/
Share on other sites

Shouldn't your code be this:

 

<?php

if (isset($_POST['submit'])) {
}
$username = $_POST['username'];
$password = $_POST['password'];

$query = "SELECT * FROM table WHERE username like '$username' AND password like '$password'";

if ($result = mysql_query ($query)){

if ($row = mysql_fetch_array ($result)) { //username and password are in the database

header('Location: http://url_here/index.php');
exit;
} 
else  //username and password not in database.
   echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';

}



?>

Here's the form code:

<form action = "<?php echo $_SERVER['PHP_SELF'];?>" method="POST">

<fieldset>
<p>Username: <input type = "text" name ="username" size ="10" maxlength="20" ></p>
<p>Password: <input type = "password" name ="password" size ="20" maxlength ="20" /></p>
<div align="center"><input type ="submit" name="submit" value="Login" /></p></div>
</fieldset>
</form> 

try this:

 

<?php 
if (isset($_POST['submit'])) {
	$username = $_POST['username'];
	$password = $_POST['password'];

	$query = "SELECT * FROM table WHERE username = '$username' AND password = '$password'";

	$result = mysql_query($query);

	if (mysql_num_rows($result) == 1) {
		if ($row = mysql_fetch_array ($result)) { //username and password are in the database
			header('Location: http://url_here/index.php');
			exit; 
		} else {  //username and password not in database. 
   			echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';
   		}
   	}
}
?>

 

don't use the "LIKE" when checking use the "=" instead since the username and password are unique

That took care of the echo statement always showing on the page, but now I get this error message:

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource

 

I originally had  mysql_num_rows() in the query but couldn't get passed this error message, so I changed it to what is shown in my original post. I have read that this error is thrown when something is wrong with the query. But I don't think anything is wrong with the query since it works when I change the function to ($row = mysql_fetch_array ($result)).

With mysql_num_rows(), you need the result (as a variable) inbetween the parentheses.

 

http://us2.php.net/function.mysql-num-rows

 

Of course, that is what you did.  So, that appears to mean that your query did not work.  So, add a echo mysql_error($link_variable_name) to figure out what the problem is.

It is.  And I said you did that...

With mysql_num_rows(), you need the result (as a variable) inbetween the parentheses.

 

http://us2.php.net/function.mysql-num-rows

 

Of course, that is what you did.

 

Now, the rest of my quote:

So, that appears to mean that your query did not work.  So, add a echo mysql_error($link_variable_name) to figure out what the problem is.

The error message is the same. Do I have the mysql_errno in the right place?

 

$result = mysql_query($query);

	if (mysql_num_rows($result) == 1) {
		if ($row = mysql_fetch_array ($result)) { //username and password are in the database
			header('Location: http://url_here/index.php');
			exit; 

		} else {  //username and password not in database. 
   			echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';

		echo mysql_errno($conn) . ": " . mysql_error($conn) . "\n";
   		}
   	}

Changed the location and am now getting this error message

 

Cannot modify header information - headers already sent

 

with a reference to line 10 of the code which is this

 

echo mysql_errno($conn) . ": " . mysql_error($conn) . "\n";

 

I originally had this error message which I fixed by moving the script into the <head></head> section of the page.

 

 

No, not solved. I'm currently getting the header error:

 

Cannot modify header information - headers already sent

 

with a reference to line 10 of the code (below) which is the mysql_errno function I added to get more information on the error.

 

echo mysql_errno($conn) . ": " . mysql_error($conn) . "\n";

 

Before I posted my original question, I was getting a header error that I fixed, I believe because I moved the location of the script.

 

If I use this script

$query = "SELECT * FROM table WHERE username like '$username' AND password like '$password'";

if ($result = mysql_query ($query)){

if ($row = mysql_fetch_array ($result)) { //username and password are in the database

header('Location: http://url_here/index.php');
exit;
} 
else  //username and password not in database.
   echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';

}

 

I get everything I want except that the echo message displays all the time, which I figure indicates I have a problem with the conditional statement.

 

If I use this code

<?php 
if (isset($_POST['submit'])) {
	$username = $_POST['username'];
	$password = $_POST['password'];

	$query = "SELECT * FROM table WHERE username = '$username' AND password = '$password'";

	$result = mysql_query($query);

	if (mysql_num_rows($result) == 1) {
		if ($row = mysql_fetch_array ($result)) { //username and password are in the database
			header('Location: http://url_here/index.php');
			exit; 
		} else {  //username and password not in database. 
   			echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';
   		}
   	}
}
?>

 

The echo message disappears, but I then get this error message:

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource

 

 

Okay...try this and let me know what happens:

<?php 
if (isset($_POST['submit'])) {
	$username = $_POST['username'];
	$password = $_POST['password'];

	$query = "SELECT * FROM table WHERE username = '$username' AND password = '$password'";

	if($result = mysql_query($query)) {

		if (mysql_num_rows($result) == 1) {
			if ($row = mysql_fetch_array ($result)) { //username and password are in the database
				header('Location: http://url_here/index.php');
				exit; 
			} else {  //username and password not in database. 
	   			echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';
   			}
	   	}
	}
	else {
	echo mysql_errno($conn) . ": " . mysql_error($conn) . "\n";
	}
}

?>

After looking at this script again, I realized there is a fundamental design flaw.  Your

		if (mysql_num_rows($result) == 1) {

statement is what actually determines if there is a match in the database.

 

So, if there is not a match, nothing will show up, unless there is an error.  Try this:

 

<?php 

if (isset($_POST['submit'])) {


$username = $_POST['username'];

$password = $_POST['password'];

$query = "SELECT * FROM table WHERE username = '$username' AND password = '$password'";

if($result = mysql_query($query)) {

	if (mysql_num_rows($result) == 1) { //username and password are in the database

		header('Location: http://url_here/index.php');

	}
	else {	//username and password not in database. 

	echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';

	}
}


else {

echo mysql_errno($conn) . ": " . mysql_error($conn) . "\n";

}
}

?>

That did it. Thanks. To be sure I understand why it works,

removing

($row = mysql_fetch_array ($result)) 

enables the error message to appear. mysql_fetch_array($result) is the wrong tool for the job in this script, and its presence was enough to prevent the error message from echoing?

Short answer: yes.

 

Well, that statement was always going to return true, unless the query itself failed.  That is because unless there is a connection error or something along those lines, $result will always return a value, and $row will always be set to that value.  So, regardless if the user data is correct, your script would think that the user was logged in.

 

mysql_num_rows(), however makes sure that there is 1 row of data matching the login data, which actually does ensure that the user is logged in.

 

Hope that makes sense.

Thanks. I'm trying to use session_start() to pass the first name of the logged in user to the redirect page.

 

Here's what I have

$query = "SELECT firstname FROM table WHERE username = '$username' AND password = '$password'";

if($result = mysql_query($query)) {

	if (mysql_num_rows($result) == 1) { //username and password are in the database
		session_start();
		$_SESSION['firstname'] = $row[1];
		header('Location: http://url_here_index.php');

	}

 

and then this code at the top of the redirect page

<?php 
session_start();
echo "Welcome, $_SESSION['firstname']"?>;

 

I have also tried passing $_SESSION['firstname'] as a hidden variable, but that didn't echo either. Can you recommend a way to do this?

 

The error message get with this script is Parse error: syntax error, unexpected T_STRING, expecting ',' or ';'

On the page with:

 

$query = "SELECT firstname FROM table WHERE username = '$username' AND password = '$password'";

if($result = mysql_query($query)) {

	if (mysql_num_rows($result) == 1) { //username and password are in the database
		session_start();
		$_SESSION['firstname'] = $row[1];
		header('Location: http://url_here_index.php');

	}

 

Put session_start() right after the opening <?php like so:

<?php
session_start();

 

Do you have error reporting turned off in php.ini?  You should have gotten an  error...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.