Jump to content

MySQL Query Problems

angelfish723

By angelfish723
in MySQL Help

 Share

Recommended Posts

angelfish723 Newbie

angelfish723

Posted
Posted

I am creating a website where there will be about 125 users. They will each be given their username and password (actually, all passwords will be the exact same, only the username will vary). So there is no registration step, they just go to the website they are given, where they will see a login form with fields for username and password, enter in what they were given, and they should be able to enter the password protected area. I'm connecting to the database just fine, but I think my problem lies in the query. Below is my PHP code (with placeholders for the database information), as well as a screen shot of the table in my database (which only has 2 users in it right now, for testing purposes). If anyone is able to help me, that would be greatly appreciated!

 

<?php
//Start session
session_start();

//Include database connection details
require_once('config.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Connect to mysql server
$link = mysql_connect('host','username', 'password');
if(!$link) {
	die('Failed to connect to server: ' . mysql_error());
}

//Select database
$db = mysql_select_db('database');
if(!$db) {
	die("Unable to select database");
}

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

//Input Validations
if($login == '') {
	$errmsg_arr[] = 'Login ID missing';
	$errflag = true;
}
if($password == '') {
	$errmsg_arr[] = 'Password missing';
	$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: login-form.php");
	exit();
}
	//Create query
$sql = "SELECT * FROM users WHERE user = 'username' AND pass = 'password'"; 
$result = mysql_query($sql);

//Check whether the query was successful or not
if($result) {
	if(mysql_num_rows($result) == 1) {
		//Login Successful
		$_SESSION['user'] = $username;
		$_SESSION['pass'] = $password;
		//$_SESSION['full_names'] = $full_names;

		header("location: member-index.php");
		exit();
	}else {
		//Login failed
		header("location: login-failed.php");
		exit();
	}
}else {
	die("Query failed");
}
?>

 

THANKS!

 

[attachment deleted by admin]

Link to comment
Share on other sites
angelfish723 Newbie

angelfish723

Posted
  • Author
Posted

Oh yes, I'm sorry... I did have that in there, I just copied the wrong file. So my query section looks like this:

 

//Create query
$sql = "SELECT * FROM users WHERE user = '$username' AND pass = '$password'"; 
$result=mysql_query($sql);

//Check whether the query was successful or not
if($result) {
	if(mysql_num_rows($result) == 1) {
		//Login Successful
		$_SESSION['user'] = $username;
		$_SESSION['pass'] = $password;
		$_SESSION['full_names'] = $full_names;

		header("location: member-index.php");
		exit();
	}else {
		//Login failed
		header("location: login-failed.php");
		exit();
	}
}else {
	die("Query failed");
}

 

And it just takes me to the Login Failed page...

Link to comment
Share on other sites
kickstart Member

kickstart

Posted
Posted

Hi

 

Can't spot anything in that fragment of code. I would suggest that possibly $username or $password are not set (in your first code fragment it looks like you have used $username or $login), as nothing in there explicitly setting values to them (you could have register globals turned on but this isn't recommended).

 

All the best

 

Keith

Link to comment
Share on other sites
angelfish723 Newbie

angelfish723

Posted
  • Author
Posted

What happens is I don't get redirected to the page that is password protected. I only get the Login Failed page.

 

Also, I tried to log in without entering a username or password, to see if I would get any errors (i.e. Login I.D. missing, or Password missing) but that doesn't come up either. It just basically refreshes the login page... which is what it's supposed to do, but it's supposed to come up with an error message for the user. So I'm wondering if there's a problem within that section of code, which is below:

 

//Input Validations
if($username == '') {
	$errmsg_arr[] = 'Login ID missing';
	$errflag = true;
}
if($password == '') {
	$errmsg_arr[] = 'Password missing';
	$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: login-form.php");
	exit();
}

 

Link to comment
Share on other sites
mikosiko Newbie

mikosiko

Posted
Posted

just a simple debug to start...

 

in your first code.... under this lines

 

	$sql = "SELECT * FROM users WHERE user = '$username' AND pass = '$password'"; 
$result=mysql_query($sql);

 

add this 

        echo "Rows : " . mysql_num_rows($result);

 

and tell us what do you get

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.