Jump to content

[SOLVED] If..then trouble on login page

gladwell

By gladwell
in PHP Coding Help

 Share

Recommended Posts

gladwell Newbie

gladwell

Posted
Posted

This is the bare bones of a login page I'm writing. Everything is working except that the echo statement in the else clause is always on the page. I expected it to only appear when an incorrect u/p combo is entered and login.php is presented again. What's wrong with the way I've written the conditional statement?

 

<?php

 

if (isset($_POST['submit'])) {

}

$username = $_POST['username'];

$password = $_POST['password'];

 

$query = "SELECT * FROM table WHERE username like '$username' AND password like '$password'";

if ($result = mysql_query ($query)){

 

if ($row = mysql_fetch_array ($result)) { //username and password are in the database

 

header('Location: http://url_here/index.php');

exit;

 

}

 

else//username and password not in database.

  echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';

 

}

 

}

 

?>

Here's the form code:

 

<form action = "<?php echo $_SERVER['PHP_SELF'];?>" method="POST">

<fieldset>

<p>Username: <input type = "text" name ="username" size ="10" maxlength="20" ></p>

<p>Password: <input type = "password" name ="password" size ="20" maxlength ="20" /></p>

<div align="center"><input type ="submit" name="submit" value="Login" /></p></div>

</fieldset>

</form> 

 

 

Link to comment
Share on other sites
will35010 Regular Member

will35010

Posted
Posted

Shouldn't your code be this:

 

<?php

if (isset($_POST['submit'])) {
}
$username = $_POST['username'];
$password = $_POST['password'];

$query = "SELECT * FROM table WHERE username like '$username' AND password like '$password'";

if ($result = mysql_query ($query)){

if ($row = mysql_fetch_array ($result)) { //username and password are in the database

header('Location: http://url_here/index.php');
exit;
} 
else  //username and password not in database.
   echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';

}



?>

Here's the form code:

<form action = "<?php echo $_SERVER['PHP_SELF'];?>" method="POST">

<fieldset>
<p>Username: <input type = "text" name ="username" size ="10" maxlength="20" ></p>
<p>Password: <input type = "password" name ="password" size ="20" maxlength ="20" /></p>
<div align="center"><input type ="submit" name="submit" value="Login" /></p></div>
</fieldset>
</form>

Link to comment
Share on other sites
exhaler Member

exhaler

Posted
Posted

try this:

 

<?php 
if (isset($_POST['submit'])) {
	$username = $_POST['username'];
	$password = $_POST['password'];

	$query = "SELECT * FROM table WHERE username = '$username' AND password = '$password'";

	$result = mysql_query($query);

	if (mysql_num_rows($result) == 1) {
		if ($row = mysql_fetch_array ($result)) { //username and password are in the database
			header('Location: http://url_here/index.php');
			exit; 
		} else {  //username and password not in database. 
   			echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';
   		}
   	}
}
?>

 

don't use the "LIKE" when checking use the "=" instead since the username and password are unique

Link to comment
Share on other sites
gladwell Newbie

gladwell

Posted
  • Author
Posted

That took care of the echo statement always showing on the page, but now I get this error message:

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource

 

I originally had  mysql_num_rows() in the query but couldn't get passed this error message, so I changed it to what is shown in my original post. I have read that this error is thrown when something is wrong with the query. But I don't think anything is wrong with the query since it works when I change the function to ($row = mysql_fetch_array ($result)).

Link to comment
Share on other sites
947740 Regular Member

947740

Posted
Posted

It is.  And I said you did that...

With mysql_num_rows(), you need the result (as a variable) inbetween the parentheses.

 

http://us2.php.net/function.mysql-num-rows

 

Of course, that is what you did.

 

Now, the rest of my quote:

So, that appears to mean that your query did not work.  So, add a echo mysql_error($link_variable_name) to figure out what the problem is.

Link to comment
Share on other sites
gladwell Newbie

gladwell

Posted
  • Author
Posted

The error message is the same. Do I have the mysql_errno in the right place?

 

$result = mysql_query($query);

	if (mysql_num_rows($result) == 1) {
		if ($row = mysql_fetch_array ($result)) { //username and password are in the database
			header('Location: http://url_here/index.php');
			exit; 

		} else {  //username and password not in database. 
   			echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';

		echo mysql_errno($conn) . ": " . mysql_error($conn) . "\n";
   		}
   	}

Link to comment
Share on other sites
gladwell Newbie

gladwell

Posted
  • Author
Posted

Changed the location and am now getting this error message

 

Cannot modify header information - headers already sent

 

with a reference to line 10 of the code which is this

 

echo mysql_errno($conn) . ": " . mysql_error($conn) . "\n";

 

I originally had this error message which I fixed by moving the script into the <head></head> section of the page.

 

 

Link to comment
Share on other sites
gladwell Newbie

gladwell

Posted
  • Author
Posted

No, not solved. I'm currently getting the header error:

 

Cannot modify header information - headers already sent

 

with a reference to line 10 of the code (below) which is the mysql_errno function I added to get more information on the error.

 

echo mysql_errno($conn) . ": " . mysql_error($conn) . "\n";

 

Before I posted my original question, I was getting a header error that I fixed, I believe because I moved the location of the script.

 

If I use this script 

$query = "SELECT * FROM table WHERE username like '$username' AND password like '$password'";

if ($result = mysql_query ($query)){

if ($row = mysql_fetch_array ($result)) { //username and password are in the database

header('Location: http://url_here/index.php');
exit;
} 
else  //username and password not in database.
   echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';

}

 

I get everything I want except that the echo message displays all the time, which I figure indicates I have a problem with the conditional statement.

 

If I use this code

<?php 
if (isset($_POST['submit'])) {
	$username = $_POST['username'];
	$password = $_POST['password'];

	$query = "SELECT * FROM table WHERE username = '$username' AND password = '$password'";

	$result = mysql_query($query);

	if (mysql_num_rows($result) == 1) {
		if ($row = mysql_fetch_array ($result)) { //username and password are in the database
			header('Location: http://url_here/index.php');
			exit; 
		} else {  //username and password not in database. 
   			echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';
   		}
   	}
}
?>

 

The echo message disappears, but I then get this error message:

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource

 

 

Link to comment
Share on other sites
947740 Regular Member

947740

Posted
Posted

Okay...try this and let me know what happens:

<?php 
if (isset($_POST['submit'])) {
	$username = $_POST['username'];
	$password = $_POST['password'];

	$query = "SELECT * FROM table WHERE username = '$username' AND password = '$password'";

	if($result = mysql_query($query)) {

		if (mysql_num_rows($result) == 1) {
			if ($row = mysql_fetch_array ($result)) { //username and password are in the database
				header('Location: http://url_here/index.php');
				exit; 
			} else {  //username and password not in database. 
	   			echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';
   			}
	   	}
	}
	else {
	echo mysql_errno($conn) . ": " . mysql_error($conn) . "\n";
	}
}

?>

Link to comment
Share on other sites
gladwell Newbie

gladwell

Posted
  • Author
Posted

Sorry for the delay in responding to your suggestion 947740-had to go to work.

 

This is interesting. I'm no longer getting any error messages, but when the login page reloads after an invalid u/p, the echo statement doesn't appear.

Link to comment
Share on other sites
947740 Regular Member

947740

Posted
Posted

After looking at this script again, I realized there is a fundamental design flaw.  Your 

		if (mysql_num_rows($result) == 1) {

statement is what actually determines if there is a match in the database.

 

So, if there is not a match, nothing will show up, unless there is an error.  Try this:

 

<?php 

if (isset($_POST['submit'])) {


$username = $_POST['username'];

$password = $_POST['password'];

$query = "SELECT * FROM table WHERE username = '$username' AND password = '$password'";

if($result = mysql_query($query)) {

	if (mysql_num_rows($result) == 1) { //username and password are in the database

		header('Location: http://url_here/index.php');

	}
	else {	//username and password not in database. 

	echo '<p><font color="red">The username and password combination you entered does not match those on file. Please try again.</font></p>';

	}
}


else {

echo mysql_errno($conn) . ": " . mysql_error($conn) . "\n";

}
}

?>

Link to comment
Share on other sites
gladwell Newbie

gladwell

Posted
  • Author
Posted

That did it. Thanks. To be sure I understand why it works,

removing 

($row = mysql_fetch_array ($result))

enables the error message to appear. mysql_fetch_array($result) is the wrong tool for the job in this script, and its presence was enough to prevent the error message from echoing?

Link to comment
Share on other sites
947740 Regular Member

947740

Posted
Posted

Short answer: yes.

 

Well, that statement was always going to return true, unless the query itself failed.  That is because unless there is a connection error or something along those lines, $result will always return a value, and $row will always be set to that value.  So, regardless if the user data is correct, your script would think that the user was logged in.

 

mysql_num_rows(), however makes sure that there is 1 row of data matching the login data, which actually does ensure that the user is logged in.

 

Hope that makes sense.

Link to comment
Share on other sites
gladwell Newbie

gladwell

Posted
  • Author
Posted

Thanks. I'm trying to use session_start() to pass the first name of the logged in user to the redirect page.

 

Here's what I have

$query = "SELECT firstname FROM table WHERE username = '$username' AND password = '$password'";

if($result = mysql_query($query)) {

	if (mysql_num_rows($result) == 1) { //username and password are in the database
		session_start();
		$_SESSION['firstname'] = $row[1];
		header('Location: http://url_here_index.php');

	}

 

and then this code at the top of the redirect page 

<?php 
session_start();
echo "Welcome, $_SESSION['firstname']"?>;

 

I have also tried passing $_SESSION['firstname'] as a hidden variable, but that didn't echo either. Can you recommend a way to do this?

 

The error message get with this script is Parse error: syntax error, unexpected T_STRING, expecting ',' or ';'

Link to comment
Share on other sites
947740 Regular Member

947740

Posted
Posted

On the page with:

 

$query = "SELECT firstname FROM table WHERE username = '$username' AND password = '$password'";

if($result = mysql_query($query)) {

	if (mysql_num_rows($result) == 1) { //username and password are in the database
		session_start();
		$_SESSION['firstname'] = $row[1];
		header('Location: http://url_here_index.php');

	}

 

Put session_start() right after the opening <?php like so:

<?php
session_start();

 

Do you have error reporting turned off in php.ini?  You should have gotten an  error...

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.