camster Posted August 13, 2009 Share Posted August 13, 2009 I recently switched my hosting of my php/mysql website. I successfully recreated and connected the database on the new hosting, all the data for members is displaying, and I'm able to login to my Super Admin. It appears everything is working fine except the login for members keeps coming up as wrong username or password even though I am sure it's been correct. I really have no idea where to pinpoint the problem so thought I would show the code for the login page here and maybe someone can direct me to where I should look. Any help would be great! Thanks Camster <?php session_start(); if($_SESSION['AUTH']=="OK") { header("Location:addIntro.php"); exit; } $submit=$_POST['Signin']; $uid=$_POST['userid']; $password=$_POST['password']; $mesg=""; //echo "<pre>"; //print_r($_POST); if($submit) { include "../connections/db.php"; $sql="select GID from golfer where UserId='$uid' and UserPwd='$password'"; echo $sql; $conn=mysql_query($sql); $rowscnt=mysql_num_rows($conn); if($rowscnt!=0) { $resc=mysql_fetch_object($conn); $_SESSION['GID']=$resc->GID; $_SESSION['USER']=$uid; $_SESSION['AUTH']="OK"; header("Location:addIntro.php"); //echo "done"; exit; } else { //echo "whats wrong"; $mesg= "The User ID or Password is incorrect. Please retype the User ID and Password"; } } ?> Quote Link to comment Share on other sites More sharing options...
Bjom Posted August 13, 2009 Share Posted August 13, 2009 try this: echo get_magic_quotes_gpc(); if it returns "1" then this is the problem... can you use .htaccess files? then this will turn them off: php_flag magic_quotes_gpc Off if not you need to use stripslashes() also do a vardump on the variables containint the values that get sent to your db and make sure THOSE are correct - and compare again... Quote Link to comment Share on other sites More sharing options...
camster Posted August 14, 2009 Author Share Posted August 14, 2009 Thanks for the suggestions but unfortunately for me this is way over my head. Not sure what to do with the echo code? do I insert it somewhere? and not sure if I can use .htaccess. Maybe someone can explain with a little more detail? Thanks Quote Link to comment Share on other sites More sharing options...
Bjom Posted August 14, 2009 Share Posted August 14, 2009 did you try inserting it somewhere? if not, why not? how do you expect to learn stuff if you don't try it? Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted August 14, 2009 Share Posted August 14, 2009 when you echo $sql, are the parameters match EXACTLY as they should be in the DB? Quote Link to comment Share on other sites More sharing options...
camster Posted August 15, 2009 Author Share Posted August 15, 2009 well Bjom what is it you think I should do, try inserting and testing one line at a time for every line on each php page and see what happens? Thanks for setting me up for your little lecture. FYI I did research on your suggestion in google and several php/mysql sites but couldnt find anything relevant. So sorry for asking. Quote Link to comment Share on other sites More sharing options...
Bjom Posted August 15, 2009 Share Posted August 15, 2009 here and here if you don't like being "lectured" read the manual first and ask then. As for echoing "every single line". Well yes, if nothing else helps. But there are IDEs which have line by line execution functionality. And: you are very welcome. Bjom Quote Link to comment Share on other sites More sharing options...
camster Posted August 15, 2009 Author Share Posted August 15, 2009 Bjom.....if you don't like the questions people ask than simply dont reply. You dont know me, you dont know what I've researched or anything else about me. So take your condescending BS somewhere else. Quote Link to comment Share on other sites More sharing options...
Bjom Posted August 16, 2009 Share Posted August 16, 2009 echo get_magic_quotes_gpc(); This is one line of code, retrieving info that is vital for analyzing your problem. As should be obvious with either a quick glance at the code, the manual or if it is not obvious then simply from trying it, you can put it anywhere. It does not appear that you even tried this. Your comment about "echoing everything" when all you need to echo is get_magic_quotes_gpc() also points to this direction. Just read the answers, act upon them and stop whining. Bjom Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 16, 2009 Share Posted August 16, 2009 A) Did you do what mrMarcus asked in his post so that you know what the query actually is and that there is an entry in the database that EXACTLY matches the values? The code you posted has an echo $sql; statement in it. What is the output from that and when you examine the data in the database directly do the values match? B) magic_quotes_gpc has nothing to do with your code not working unless you are using a username or a password that has single/double quotes in it and magic_quotes_gpc is already off. C) However, your code is not doing anything to prevent sql injection. You should be using mysql_real_escape_string on all string data that comes from a form that is put into a query. If magic_quotes_gpc is ON, you would want to use stripslashes on the data first before using mysql_real_escape_string on it. D) Add the following two lines of code immediately after the first opening <?php tag to see if there are any php detected errors - ini_set("display_errors", "1"); error_reporting(E_ALL); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.