ThE_GuN Posted August 6, 2011 Share Posted August 6, 2011 It's been a while since I've written any PHP, and I was writing a simple loggin... but I seam to have done something wrong... <?php error_reporting(0); session_start(); // Connects to the database require 'database.php'; $db = mysql_connect( "$location", "$dbuser", "$dbpass" ); mysql_select_db( "$database" ); if (!isset($_SESSION['log'])) { $bads = array("'","<",">",",","$",";",":","."); $user = $_POST['user']; $user = str_replace($bads,"",$user); $pass = $_POST['pass']; $pass = str_replace($bads,"",$pass); $pass = md5($pass); if( isset( $user ) & isset( $pass ) & ctype_alnum($user) ) { $sql = "select * from users where user = '$user' and pass = '$pass';"; $rs = mysql_query($sql, $db); if( mysql_num_rows($rs) == 1 ) { $_SESSION['log'] = $user; break; } else { echo "Wrong username or password, please try again!"; mysql_close(); } } ?> <H2 ALIGN="CENTER">Roleplay Login</H2> <FORM ACTION="index.php" METHOD="POST"> <TABLE WIDTH="200" BORDER="0" ALIGN="CENTER"> <TR> <TD>Username</TD> <TD WIDTH="105"><INPUT NAME="user" TYPE="text" SIZE="15"></TD> </TR> <TR> <TD>Password</TD> <TD WIDTH="105"><INPUT NAME="pass" TYPE="PASSWORD" SIZE="15"></TD> </TR> <TR> <TD COLSPAN="2"><DIV ALIGN="CENTER"><INPUT TYPE="submit" VALUE="Login"></TD> </TR> </TABLE> </FORM> <? } if (isset($_SESSION['log'])) { } ?> It gets the info, and I do get the correct SQL sentance in $sql, but $rs seams to end up blank or not working... I'm sure its something simple I've overlooked. Quote Link to comment https://forums.phpfreaks.com/topic/244040-my-logging-script-not-working/ Share on other sites More sharing options...
manix Posted August 6, 2011 Share Posted August 6, 2011 Try having just this $rs = mysql_query($sql); sometimes the second parameter has been an issue in my practice and it's not really that necessary I guess. ALSO don't do that $sql = "select * from users where user = '$user' and pass = '$pass';"; Instead have this $sql = "select * from users where user = '$user';" assuming your usernames are escaped and then fetch the array checking the password Quote Link to comment https://forums.phpfreaks.com/topic/244040-my-logging-script-not-working/#findComment-1253246 Share on other sites More sharing options...
TeNDoLLA Posted August 6, 2011 Share Posted August 6, 2011 $sql = "select * from users where user = '$user';" More like should be $sql = "select * from users where user = '$user'"; You gonna need that semicolon in the end of you will get parse error from PHP. Quote Link to comment https://forums.phpfreaks.com/topic/244040-my-logging-script-not-working/#findComment-1253249 Share on other sites More sharing options...
skwap Posted August 6, 2011 Share Posted August 6, 2011 Try below code <?php error_reporting(0); session_start(); // Connects to the database require 'database.php'; $db = mysql_connect( "$location", "$dbuser", "$dbpass" ); mysql_select_db( "$database" ); if (!isset($_SESSION['log'])) { $bads = array("'","<",">",",","$",";",":","."); $user = $_POST['user']; $user = str_replace($bads,"",$user); $pass = $_POST['pass']; $pass = str_replace($bads,"",$pass); $pass = md5($pass); if(isset($user) & isset($pass) & ctype_alnum($user)) { $sql = mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass'")); if($sql > "0") { $_SESSION['log'] = $user; break; } else { echo "Wrong username or password, please try again!"; mysql_close(); } } ?> <H2 ALIGN="CENTER">Roleplay Login</H2> <FORM ACTION="index.php" METHOD="POST"> <TABLE WIDTH="200" BORDER="0" ALIGN="CENTER"> <TR> <TD>Username</TD> <TD WIDTH="105"><INPUT NAME="user" TYPE="text" SIZE="15"></TD> </TR> <TR> <TD>Password</TD> <TD WIDTH="105"><INPUT NAME="pass" TYPE="PASSWORD" SIZE="15"></TD> </TR> <TR> <TD COLSPAN="2"><DIV ALIGN="CENTER"><INPUT TYPE="submit" VALUE="Login"></TD> </TR> </TABLE> </FORM> <? } if (isset($_SESSION['log'])) { } ?> Quote Link to comment https://forums.phpfreaks.com/topic/244040-my-logging-script-not-working/#findComment-1253251 Share on other sites More sharing options...
radiations3 Posted August 6, 2011 Share Posted August 6, 2011 You won't get any login issues if you use DREAMWEAVER... Quote Link to comment https://forums.phpfreaks.com/topic/244040-my-logging-script-not-working/#findComment-1253253 Share on other sites More sharing options...
ThE_GuN Posted August 6, 2011 Author Share Posted August 6, 2011 Okay, thanks for all the help... as I said I had a feeling it was something really silly... and it was... I added: if (!$db) { die('Could not connect: ' . mysql_error()); } to my connection... and the problem was that I hadn't managed to get a connection to the database... mostly because the host used a diffrent internal address for the sql server... so localhost didn't work as I'm used to. Quote Link to comment https://forums.phpfreaks.com/topic/244040-my-logging-script-not-working/#findComment-1253266 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.