Login page = makes me scream.

[freddyw]

so I have a page for people to register. It works perfectly. People register and the all the info goes straight into a Postgres database. Brilliant.

 

I've created a login page but that wont work. I have errors all over the place. When i dont have errors it just wont work. I think I've created a log in page way too complicated than it ever needed to be. I've been looking for help from every corner on the internet and in the end it has had to be scrapped.

 

This is my registration page...

 

<html>
    <head><title> Register </title></head>
        <body>
<?php
  if(isset($_POST['first_name'])){  
    $first_name =   pg_escape_string($_POST['first_name']);
    $last_name =    pg_escape_string($_POST['last_name']);
    $username =   pg_escape_string($_POST['username']);
    $password =    pg_escape_string($_POST['password']);

    if ( ( !$first_name ) or (!$last_name) or (!$username) or (!$password) ){
      die("Missing some values");
    }

    $conn = @pg_connect("host=**********.****.**.** user=****** password=********** dbname=******");
  $psql = "INSERT INTO users(first_name,last_name,username,password) VALUES ('$first_name','$last_name','$username','$password ')";   
    $result = pg_query($psql) or die ("Could not execute query");
    if ( $result ) {
      echo "Congratulations, You can now log into Sporticket with the username and password you supplied. You will be redirected to the home page in 5 Seconds";
    
    
header('Refresh: 5; URL=http:*************.**.**/**********/index.html');

exit;
    
    } 
    
    
    
    
    
    
    else {
      echo "Failed to add user";
    }
  }else{
        
        $form ="Please enter your details below to register with Sporticket";
        $form.="<form action=\"\"";
        $form.=" method=\"post\"> First Name: ";
        $form.="<input type=\"text\" name=\"first_name\"";
        $form.=" <br>Last Name: ";
        $form.="<input type=\"text\" name=\"last_name\"";
        $form.=" <br>Username: ";
        $form.=" <input type=\"text\" name=\"username\"";
        $form.=" <br>Password: ";
        $form.=" <input type=\"password\" name=\"password\"";
        $form.=" <br>";
        $form.=" <input type=\"submit\" value=\"Submit\">";
        $form.="</form>";
     
     echo $form;
  }
?>
        </body>
</html>

 

That works.

 

Here is the html for my login page

 

<html>
    <head><title>Log In</title></head>
        <body>Please Enter Your Login Details</body>
            <form action = "login.php" method = "post">
                Username:<br>
                <input type = "text" name = "username">
                <br><br>
                Password:<br>
                <input type = "password" name = "password">
                <br><br>
                <input type = "submit" value = "Log in">
            </form>
        </body>
</html>

 

 

as you can see, that need the script called login.php

 

Ive scrapped the original i had as i made it too complicated and became passed fixable. Im using Postgres so no mysql commands can help me. and im with PHP v5

 

can anybody give me some pointers as to how to go about craeting the simplest login script. Security isnt as important as simplicity for the time being.

[MatthewJ]

Very quick with no thoughts of security

 

<?php
if(isset($_POST['username'])) {

$psql = "SELECT * FROM table WHERE username = '".$_POST['username']."' AND password = '".$_POST['password']."'";
$result = pg_query($psql);
$count = pg_num_rows($result);

if($count < 1) {

	echo "Wrong username or password";

} else {

	echo "Successfully logged in";
}

}
?>

[freddyw]

thanks.

 

Its something that simple i was looking for.

 

However Im new to PHP and was guided with the scripting for my reg page.

 

I am going to need this line

 

$conn = @pg_connect("host=**********.****.**.** user=****** password=********** dbname=******");

 

to connect to the database.

 

and then use variable $conn to match the username to the password. im not sure how to fit that in though.

 

Thanks for your help so far

i appreciate the time you put in

[MatthewJ]

<?php
if(isset($_POST['username'])) {
    $conn = @pg_connect("host=**********.****.**.** user=****** password=********** dbname=******");
   $psql = "SELECT * FROM users WHERE username = '".$_POST['username']."' AND password = '".$_POST['password']."'";
   $result = pg_query($psql, $conn);
   $count = pg_num_rows($result);
   
   if($count < 1) {
      
      echo "Wrong username or password";
      
   } else {
      
      echo "Successfully logged in";
   }
   
}
?>

[freddyw]

Thanks.

 

Im closer with this code than i was with my original.

(probably because when i building php its like playing darts with a blindfold on)

 

Im unsure why its throwing these errors though

 

Warning: pg_query(): supplied argument is not a valid PostgreSQL link resource in /home2/webusers/07/344740/public_html/sporticket/login2.php on line 5

 

Warning: pg_num_rows(): supplied argument is not a valid PostgreSQL result resource in /home2/webusers/07/344740/public_html/sporticket/login2.php on line 6

 

any thoughts?

[Ninjakreborn]

You also need to close up the ="" for the form.  That can break it in certain browsers.

So instead of whatever = "whatever" you might want to try whatever="whatever".

 

[freddyw]

I've done that. still get the errors.

[MatthewJ]

It sounds like the connection is being denied by the db for some reason... Remove the @ symbol from pg_connect and see if it is throwing a warning/error

[freddyw]

i removed the @

 

the username and password are correct, i dont know why its throwing this error.

 

any clues anyone?