Mat_dennison Posted February 1, 2011 Share Posted February 1, 2011 Hi Im doing a login for a website I've built and Im having troubles, The connection to the actual database works fine, no errors, but when trying to verify data in the database to log on and get to a secure area i just get the incorrect username or password that i created for when details are incorrect. heres the code where the problem lies Any help would be appreciated <?php session_start(); require("db_connect.php"); $username = $_POST['uname']; $password = $_POST['pword']; $sql = "SELECT * FROM login_details WHERE username='$username' AND password='$password'"; $results = mysql_query($sql, $connect); $numofrows = mysql_num_rows($results); if ($numofrows == 1) { $_SESSION['username'] = $row['username']; $_SESSION['loggedin'] = true; header ("Location: secure_page.php"); die(); } else { $_SESSION['error']= "Icorrect Username Or Password"; header("Location: login.php"); die(); } ?> Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 1, 2011 Share Posted February 1, 2011 What have you done to debug it? Have you echoed the query string to make sure it holds the values you'd expect it to hold? Quote Link to comment Share on other sites More sharing options...
Mat_dennison Posted February 1, 2011 Author Share Posted February 1, 2011 I am still learning PHP atm, so im not sure how you would go about holding the values Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 1, 2011 Share Posted February 1, 2011 First, change the line that executes the query to: $results = mysql_query($sql, $connect) or die( "<br>Query string: $sql<br>Failed with error: " . mysql_error() ); Quote Link to comment Share on other sites More sharing options...
Mat_dennison Posted February 1, 2011 Author Share Posted February 1, 2011 ok ive done that Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 1, 2011 Share Posted February 1, 2011 And what happened? Any error messages returned? Whit screen? Or . . .? Quote Link to comment Share on other sites More sharing options...
Mat_dennison Posted February 1, 2011 Author Share Posted February 1, 2011 it just come up with the incorrect username password message Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 1, 2011 Share Posted February 1, 2011 OK. Let's echo the query regardless of whether there's an error or not then. Add the indicated line, and post it's output. $sql = "SELECT * FROM login_details WHERE username='$username' AND password='$password'"; echo "<br>Query string: $sql<br>"; // <---- Add that line $results = mysql_query($sql, $connect); Quote Link to comment Share on other sites More sharing options...
Mat_dennison Posted February 1, 2011 Author Share Posted February 1, 2011 still the same problem there, incorrect user.... Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 1, 2011 Share Posted February 1, 2011 And what was the output of the line that you added, starting with "Query string: . . . " ? Quote Link to comment Share on other sites More sharing options...
Mat_dennison Posted February 1, 2011 Author Share Posted February 1, 2011 sorry my bad, didnt know wat you meant first hand, screen was white and this is all that come up Query string: SELECT * FROM login_details WHERE username='Mat' AND password='pie' Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 1, 2011 Share Posted February 1, 2011 Now paste that in to phpMyAdmin (assuming you use it) and see what, if any results are returned from it. Quote Link to comment Share on other sites More sharing options...
Mat_dennison Posted February 1, 2011 Author Share Posted February 1, 2011 there are no results shown up also i tried the other username on the database, and it worked, but using mine, got everything exactly the same as the database and it comes with the "incorrect...." message Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted February 1, 2011 Share Posted February 1, 2011 obviously, there is no record in the table login_details WHERE username='Mat' AND password='pie' Perhaps there is a difference in capitalization or spelling, or there is additional space(s) on the values in the table. Quote Link to comment Share on other sites More sharing options...
Mat_dennison Posted February 1, 2011 Author Share Posted February 1, 2011 i've found out wat was stopping it from working in the code there was this if ($numofrows == 1) { this has been 1 the whole time when i changed it to 0 if ($numofrows == 0) { both worked and when changed to 2 only mine worked, Quote Link to comment Share on other sites More sharing options...
Mat_dennison Posted February 1, 2011 Author Share Posted February 1, 2011 is this a problem to be left at 0? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 1, 2011 Share Posted February 1, 2011 Then that indicates a problem with the integrity of the data. A username/password SELECT query should only ever match exactly zero or exactly one record. If it matches zero, the record doesn't exist, which isn't a problem. If it matches one record, the password and username pair exist, and were entered correctly. If more than one match is found, the results should be considered ambiguous, and the login process should be halted immediately. After all, if more than one user has the same username/password combination, that is a serious design flaw. Quote Link to comment Share on other sites More sharing options...
Mat_dennison Posted February 1, 2011 Author Share Posted February 1, 2011 Excelent, thanks very much for all your help much appreciated Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.