Jump to content

member login not working

camster

By camster
in PHP Coding Help

 Share

Recommended Posts

camster Newbie

camster

Posted
Posted

I recently switched my hosting of my php/mysql website. I successfully recreated and connected the database on the new hosting, all the data for members is displaying, and I'm able to login to my Super Admin. It appears everything is working fine except the login for members keeps coming up as wrong username or password even though I am sure it's been correct. I really have no idea where to pinpoint the problem so thought I would show the code for the login page here and maybe someone can direct me to where I should look. Any help would be great!

 

Thanks

Camster

 

<?php

session_start();

if($_SESSION['AUTH']=="OK")

{

header("Location:addIntro.php");

exit;

}

$submit=$_POST['Signin'];

$uid=$_POST['userid'];

$password=$_POST['password'];

$mesg="";

//echo "<pre>";

//print_r($_POST);

 

if($submit)

{

include "../connections/db.php";

$sql="select GID from golfer where UserId='$uid' and UserPwd='$password'";

echo $sql;

$conn=mysql_query($sql);

$rowscnt=mysql_num_rows($conn);

if($rowscnt!=0)

{

$resc=mysql_fetch_object($conn);

$_SESSION['GID']=$resc->GID;

$_SESSION['USER']=$uid;

$_SESSION['AUTH']="OK";

header("Location:addIntro.php");

//echo "done";

exit;

}

else

{

//echo "whats wrong";

$mesg= "The User ID or Password is incorrect. Please retype the User ID and Password";

}

}

 

?>

Link to comment
Share on other sites
Bjom Newbie

Bjom

Posted
Posted

try this:

 

echo get_magic_quotes_gpc();

if it returns "1" then this is the problem...

 

can you use .htaccess files?

then this will turn them off:

php_flag magic_quotes_gpc Off

 

if not you need to use stripslashes()

 

also do a vardump on the variables containint the values that get sent to your db and make sure THOSE are correct - and compare again...

Link to comment
Share on other sites
camster Newbie

camster

Posted
  • Author
Posted

Thanks for the suggestions but unfortunately for me this is way over my head. Not sure what to do with the echo code? do I insert it somewhere? and not sure if I can use .htaccess. Maybe someone can explain with a little more detail?

 

Thanks

Link to comment
Share on other sites
camster Newbie

camster

Posted
  • Author
Posted

well Bjom what is it you think I should do, try inserting and testing one line at a time for every line on each php page and see what happens?  Thanks for setting me up for your little lecture.

FYI I did research on your suggestion in google and several php/mysql sites but couldnt find anything relevant. So sorry for asking.

Link to comment
Share on other sites
Bjom Newbie

Bjom

Posted
Posted

here

and here

 

if you don't like being "lectured" read the manual first and ask then.

As for echoing "every single line". Well yes, if nothing else helps. But there are IDEs which have line by line execution functionality.

 

And: you are very welcome.

 

:)

 

Bjom

Link to comment
Share on other sites
Bjom Newbie

Bjom

Posted
Posted
echo get_magic_quotes_gpc();

 

This is one line of code, retrieving info that is vital for analyzing your problem.

As should be obvious with either a quick glance at the code, the manual or if it is not obvious then simply from trying it, you can put it anywhere.

It does not appear that you even tried this. Your comment about "echoing everything" when all you need to echo is get_magic_quotes_gpc() also points to this direction.

 

Just read the answers, act upon them and stop whining.

 

Bjom

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

A) Did you do what mrMarcus asked in his post so that you know what the query actually is and that there is an entry in the database that EXACTLY matches the values? The code you posted has an echo $sql; statement in it. What is the output from that and when you examine the data in the database directly do the values match?

B) magic_quotes_gpc has nothing to do with your code not working unless you are using a username or a password that has single/double quotes in it and magic_quotes_gpc is already off.

C) However, your code is not doing anything to prevent sql injection. You should be using mysql_real_escape_string on all string data that comes from a form that is put into a query. If magic_quotes_gpc is ON, you would want to use stripslashes on the data first before using mysql_real_escape_string on it.

D) Add the following two lines of code immediately after the first opening <?php tag to see if there are any php detected errors -

ini_set("display_errors", "1");
error_reporting(E_ALL);

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.