Login validation not working

[ntroycondo]

I'm a total php beginer and this is likely a simple issue...

 

My form.php Posts to checklogin.php but regardless of good or bad user name checklogin fails and goes to the else:

 

else {

echo "Wrong Username or Password";

 

What is the best way to debug?

 

Thanks in advance for any guidance.

[.Stealth]

What are you using to validate? You'll be best off posting the validation part of your script.

[aeroswat]

If you are checking a mysql_query then you should do the following

 

1) manually query with the same login information that is being passed in your phpMyAdmin

 

2) echo the variable that stores the login information to confirm that variables are being passed correctly

[ntroycondo]

Here's the checklogin.php code:

 

<?php

require 'db_config_inc.php';

 

$host="xxxxx"; // Host name

$username="xxxxx"; // Mysql username

$password="xxxxx"; // Mysql password

$db_name="xxxxx"; // Database name

$tbl_name="xxxxx"; // Table name

 

// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect");

mysql_select_db("$db_name")or die("cannot select DB");

 

// username and password sent from form

$user_name=$_POST['user_name'];

$password_1=$_POST['password_1'];

 

// To protect MySQL injection (more detail about MySQL injection)

$user_name = stripslashes($user_name);

$password_1 = stripslashes($password_1);

$user_name = mysql_real_escape_string($user_name);

$password_1 = mysql_real_escape_string($password_1);

 

$sql="SELECT * FROM $tbl_name WHERE username='$user_name' and password='$password_1'";

$result=mysql_query($sql);

 

// Mysql_num_row is counting table row

//$count=mysql_num_rows($result);

// If result matched $user_name and $password_1, table row must be 1 row

 

if($count==1){

// Register $user_name, $password_1 and redirect to file "login_success.php"

session_register("user_name");

session_register("password_1");

header("location:login_success.php");

}

else {

echo "Wrong Username or Password";

}

?>

[Destramic]

well you could start with removing the comment tags on

 

//$count=mysql_num_rows($result);

 

to:

$count=mysql_num_rows($result);

 

see how you get on with that....if no luck echo $count just below and see what value you get...post back if any problems

[ntroycondo]

took out the comments on //$count=mysql_num_rows($result);

and get:

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /.../....checklogin.php  on line 29

Wrong Username or Password

 

added

echo $count on next line and get:

Parse error: syntax error, unexpected T_IF, expecting ',' or ';' in /.../..../checklogin.php on line 33

[jcbones]

echo $count; //<- must have semicolon;

 

Your query is failing:

//replace 
$result=mysql_query($sql);
//with
$result=mysql_query($sql) or die(mysql_error());

[ntroycondo]

added:

$result=mysql_query($sql) or die(mysql_error());

 

and get:

Unknown column 'username' in 'where clause'

 

Double check my tbl_name and that looks good.