PHP Login Issues

VicHost · October 24, 2010

Hi folks, me again.

I am trying to create the login for the admin section of my project, but facing issues again.

I can't seem to get the code to check to see if the username and password submitted through the login form is correct as per what is in the database.

Here is the form:

<form action="authenticate.php" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150"> </td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

The authenticate.php:

<?php
session_start(); // Start a new session
require('../config/config.php'); // Holds all of our database connection information

// Get the data passed from the form
$username = $_POST['user'];
$password = $_POST['password'];

// Do some basic sanitizing
$username = stripslashes($username);
$password = stripslashes($password);

$sql = "select * from users where username = '$username' and password = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );

$count = 0;

while ($line = mysql_fetch_assoc($result)) {
 $count++;
}
?>

The errors I get:

Warning: mysql_query() [function.mysql-query]: Access denied for user 'danoid'@'localhost' (using password: NO) in /home/danoid/public_html/admin/authenticate.php on line 14

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/danoid/public_html/admin/authenticate.php on line 14
Access denied for user 'danoid'@'localhost' (using password: NO)

Any one got any ideas?

Pikachu2000 · October 24, 2010

The error is pretty self explanatory; you have something wrong with your database credentials. Misspelled username, password, capitalization, etc.

PFMaBiSmAd · October 24, 2010

What's your code that is connecting to the database server and selecting a database to use?

VicHost · October 24, 2010

$dbhandle = mysql_connect($host, $user, $password)
  or die("Unable to connect to MySQL");

Not sure if that's what you mean?

PFMaBiSmAd · October 24, 2010

^^^ And your sure that code is being executed?

VicHost · October 24, 2010

Yeah it was.

I found a few uppercases in the login file and authenticate file and now all I get is "No database selected"

Has me stumped. LOL

PFMaBiSmAd · October 24, 2010

all I get is "No database selected"

^^^ That error is also pretty self explanatory: You must select a database to use. Are you actually reading any of the error messages you are getting?

VicHost · October 24, 2010

Maybe I should point out that I am new to this and quite often the error messages tell me nothing, which is why I have posted here.

If you are not in the mood to help mate, just don't. No pressure.

From what I can tell, I have select a database.

Pikachu2000 · October 24, 2010

After the mysql_connect() succeeds, you need to issue a mysql_select_db(), specifying the database name within the parentheses, of course.

VicHost · October 24, 2010

Hi mate,

The config file connects to the database. This file is called upon by the authenticate.php file to make sure that it is also being connected there.

In the authenticate.php file, I am selecting the database:

$sql = "select * from users where username = '$username' and password = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );

Pikachu2000 · October 24, 2010

No you aren't, you're specifying the table name in the query string.

The config file connects to the database server. It then needs to select the database to use. The query string then specifies which table within the database is queried.

VicHost · October 24, 2010

Thanks mate.

Can anyone give me the correct thing to use and where? Just to get me going. Would really appreciate it.

timmah1 · October 24, 2010

Your configuration file needs to know what database to connect to to be able to connect to the table.

You have everything right BUT the database.

$mysql_link = mysql_connect("localhost", "USERNAME", "PASSWORD");   
    mysql_select_db("DATABASE") or die("Could not select database");

VicHost · October 25, 2010

Ok I have done what you said and now getting the following error when I click Login:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in

revraz · October 25, 2010

Repost your code, I don't even see a reference to mysql_num_rows in your current posts.

VicHost · October 25, 2010

Ive been trying to follow some tuts on the net but getting nowhere pretty darn quick.

Here is my login.php:

<?
// Use session variable on this page. This function must put on the top of page.
session_start();

////// Logout Section. Delete all session variable.
session_destroy();

$message="";

////// Login Section.
$Login=$_POST['Login'];
if($Login){ // If clicked on Login button.
$username=$_POST['username'];
$md5_password=md5($_POST['password']); // Encrypt password with md5() function.

// Connect database
require "../config/config.php";

// Check matching of username and password.
$mysql_link = mysql_connect("localhost", "$db_username", "$db_password");   
    mysql_select_db("$db_database") or die("Could not select database");
if(mysql_num_rows($result)!='0'){ // If match.
session_register("username"); // Craete session username.
header("location:index.php"); // Re-direct to index.php
exit;
}else{ // If not match.
$message="--- Incorrect Username or Password ---";
}

} // End Login authorize check.
?>

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<? echo $message; ?>
<form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>">
<table>
<tr>
<td>User : </td>
<td><input name="username" type="text" id="username" /></td>
</tr>
<tr>
<td>Password : </td>
<td><input name="password" type="password" id="password" /></td>
</tr>
</table>
<input name="Login" type="submit" id="Login" value="Login" />
</form>
</body>
</html>

My config file:

<?php 
//MODIFY THIS.

$db_hostname = "localhost";       //mostly this is localhost if mysql server is running on the same machine as script.
$db_username = "danoid_site";        //database username here
$db_password = "changed_for_security";   //database password here 
$db_database = "danoid_site"; //the name of the database where you want the script installed in. 

//this are the logins for the admin part. Change them for security. 
$login = "admin";  //your login for the admin section.
$pass = "changed_for_security";   //your login for the admin section.

//set the page color here.
$backcolor = "5482C8";

//NO MODIFIYNG BELOW THIS

function database_connect(){
    global $host, $database, $user, $password;

    $link = @mysql_connect("$host","$user","$password"); 
$sql_error = mysql_error();

    if (!$link) { 
        echo "Connection with the database couldn't be made.<br>";
	echo "$sql_error"; 
        exit;
    }
  
   if (!@mysql_select_db("$database")) {; 
        echo "The database couldn't be selected.";
        exit;
    }
   return $link;
}
?>

revraz · October 25, 2010

Either you chopped it up or it's a horrible tutorial:

$mysql_link = mysql_connect("localhost", "$db_username", "$db_password");

mysql_select_db("$db_database") or die("Could not select database");

if(mysql_num_rows($result)!='0'){ // If match.

You are not even doing a query before you check to see if rows are returned.

VicHost · October 25, 2010

I put in what you provided mate and I just get:

Parse error: syntax error, unexpected $end in /home/danoid/public_html/admin/login.php on line 61

revraz · October 25, 2010

I didn't put in anything, I pasted what your code was and pointed out there is no Query being made.

VicHost · October 25, 2010

It was obviously a disaster of a tutorial.

revraz · October 25, 2010

Basically you are missing the mysql_query and the sql call portion of the code.

VicHost · October 25, 2010

Ok, got it working.

It logs me in etc so that's awesome.

Now, two other issues have arisen:

1. It will not let me in if I change the password in phpmyadmin to md5 encryption

login.php:

<?
//always start the session before anything else!!!!!!
session_start();

if(isset($_POST['username']) && $_POST['password']){

$username = $_POST['username']; //name of the text field for usernames
$password = $_POST['password']; //likewise here just for the password


//connect to the db
include "../config/config.php";
mysql_connect("$db_hostname", "$db_username", "$db_password") or die(mysql_error());
mysql_select_db("$db_database") or die(mysql_error());
//run the query to search for the username and password the match
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($query) or die("Unable to verify user because : " . mysql_error());
//this is where the actual verification happens
    if(mysql_num_rows($result) == 1){
    //the username and password match
    //so set true to yes
    $true=yes;
    //and then move them to the index page or the page to which they need to go
    header('Location: index.php?confirm=$true');
    }else{
    $err = 'Incorrect username / password.' ;
    }
    //then just above your login form or where ever you want the error to be displayed you just put in
    echo "$err";
    }


echo "<html>";
echo "<head>";
echo "</head>";
echo "<body>";
echo "<form action=\"\" method=\"POST\">";
echo "<p>username:"; 
echo "<input name=\"username\" size=\"13\" />";
echo "</p>";
echo "<p>password:";
echo "<input type=\"password\" name=\"password\" size=\"13\" />";
echo "</p>";
echo "<input type=\"submit\" name=\"login\" value=\"Login\" />";
echo "</form>";
echo "</body>";
echo "</html>";
?>

2. If I have the following in the beginning of my index.php I am redirected back to the login page, rather than logged in to the admin cp.

if(!isset($_SESSION) || $_SESSION !== true){
header('Location: login.php');
}


echo "You are currently logged in";

Without it, I can login fine.

Any ideas?

revraz · October 25, 2010

Don't use MD5 in mysql, use it in PHP instead.

VicHost · October 25, 2010

Thanks mate.

I have never done this before mate.

I tried to add it:

$query = "SELECT * FROM users WHERE username = '$username' AND password = 'MD5('$password')'";

But getting this error now:

Unable to verify user because : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'password removed')'' at line 1

Pikachu2000 · October 25, 2010

$query = "SELECT * FROM users WHERE username = '$username' AND password = 'MD5($password)'";

Sign In

PHP Login Issues

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information