Jump to content


Photo

Please help me with this login script.. I CAN'T proceeed without this working


  • Please log in to reply
3 replies to this topic

#1 kee2ka4

kee2ka4
  • Members
  • PipPipPip
  • Advanced Member
  • 68 posts

Posted 19 September 2006 - 12:50 PM

Hi! I have a login script that I want to use for my website. Bascially the Login Script requires the UserID and the Password for the user to Login, and this script works fine when I enter the userid and password..

However I need a login script to take the users Email address and Password to login therefore I have edited all the variables and stuff so that the form takes the email address instead of the User id however I keep getting the following sql error message:

Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@hotmail.com' at line 1

The code for this login script is:

<?php
	header("Expires: Thu, 17 May 2001 10:17:17 GMT");    // Date in the past
  	header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
	header ("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1
	header ("Pragma: no-cache");                          // HTTP/1.0
	session_start();
	
	if (!isset($_SESSION['SESSION'])) require ( "../../include/session_init.php");
	
	// reset session variables...
	$_SESSION['USERID'] = "";
	$_SESSION['LOGGEDIN'] = false;
	$_SESSION['EMAIL'] = "";
	$_SESSION['FNAME'] = "";
	$_SESSION['LNAME'] = "";

	// initialize variables...
	$userid = "";
	$passwd = "";
	$email = "";
	
	// make sure post parameters were sent...
	if (isset($HTTP_POST_VARS["email"])) $email = addslashes($HTTP_POST_VARS["email"]);
	if (isset($HTTP_POST_VARS["passwd"])) $passwd = addslashes($HTTP_POST_VARS["passwd"]);
	
	$_SESSION['EMAIL'] = $email;
	
	// form variables must have something in them...
	if ($email == "" || $passwd == "") { header("Location: ../login_system.php?flg=red&email=".$email); exit; }
	
	// check in database...
	  $query = "SELECT * FROM tbl_users WHERE cEmail = ".$email;
	 
	 //echo $query;
	  mysql_pconnect($_SESSION['MYSQL_SERVER1'],$_SESSION['MYSQL_LOGIN1'],$_SESSION['MYSQL_PASS1'])
                   or die("Unable to connect to SQL server");
  	  mysql_select_db($_SESSION['MYSQL_DB1']) or die("Unable to select database");
	  
	
		$result = mysql_query($query) or die("Invalid query: " . mysql_error());
		
		// if userid is not present in DB go back to login page...
		if (mysql_affected_rows() != 1) { header("Location: ../login_system.php?flg=red&email=".$email);; exit; }
		
		// check for password, active state, user type, and then send to appropriate section...
		if ($row = mysql_fetch_assoc($result)) {
			// echo $row['sPassword'] . "<br>" . md5($passwd);
			if (strcmp($row['sPassword'], md5($passwd)) != 0) { header("Location: ../login_system.php?flg=red&email=".$email); exit; }
				
			// set standard session variables...
			$_SESSION['LOGIN_TYPE'] = $user_type;
			$_SESSION['USERID'] = $userid;
			$_SESSION['EMAIL'] = $email;
			$_SESSION['LOGGEDIN'] = true;
			$_SESSION['FNAME'] = $row['sFName'];
			$_SESSION['LNAME'] = $row['sLName'];
			
			header("Location: ../account.php");
			exit;

		} else {
			header("Location: ../login_system.php?flg=red&email=".$email); exit;
		}		

?>

Could someone Please help me... or Point me in the right direction... Regards kee2ka4

#2 HuggieBear

HuggieBear
  • Members
  • PipPipPip
  • Advanced Member
  • 1,899 posts
  • LocationEngland, UK

Posted 19 September 2006 - 01:05 PM

Try changing this line....

   // check in database...
   $query = "SELECT * FROM tbl_users WHERE cEmail = ".$email;
to
   // check in database...
   $query = "SELECT * FROM tbl_users WHERE cEmail = '$email'";

Regards
Huggie
Advice to MySQL users: Get phpMyAdmin and test your queries work there first, take half the hassle out of diagnosis, also check the reserved words list.

Links: PHP Docs :: RegEx's :: MySQL :: DevGuru :: w3schools

#3 kee2ka4

kee2ka4
  • Members
  • PipPipPip
  • Advanced Member
  • 68 posts

Posted 19 September 2006 - 01:15 PM

Mate you were spot on... Thanks very much man... Really Appreciate your Help... ;D

Kind Regards, Kee2ka4

#4 HuggieBear

HuggieBear
  • Members
  • PipPipPip
  • Advanced Member
  • 1,899 posts
  • LocationEngland, UK

Posted 19 September 2006 - 01:19 PM

You're more than welcome.  If your value is a string it should have single quotes around it.  They aren't required for integers.

Huggie
Advice to MySQL users: Get phpMyAdmin and test your queries work there first, take half the hassle out of diagnosis, also check the reserved words list.

Links: PHP Docs :: RegEx's :: MySQL :: DevGuru :: w3schools




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users