Jump to content

simple form checking a user

mallen

By mallen
in PHP Coding Help

 Share

Recommended Posts

mallen Regular Member

mallen

Posted
Posted

I have this simple form checking a user and password from database. At first I was just checking a hard coded value.  Now I want to check it against the  database. Is there anything in my code that is keeping it form working? You can point to me and I can try to figure it out?

 

Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in ......

Warning: mysql_real_escape_string(): A link to the server could not be established in....

Warning: mysql_real_escape_string(): Access denied for user ''@'localhost' (using password: NO) in ....

Warning: mysql_real_escape_string(): A link to the server could not be established in ....

 

<?php 
session_start();
error_reporting(E_ALL ^ E_NOTICE);

include('../includes/dev.connection.inc.php'); 


?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Test Page</title>
</head>

<body>
<?php
$username = mysql_real_escape_string(trim($_POST['user']));
$password = mysql_real_escape_string(trim($_POST['password']));

$con =  dbConnect();
$sql = "SELECT * FROM users WHERE username = '$username' and password = '$password'";

$result = $con->query($sql) or die(mysql_error());
echo $row['username']; 
$row = $result->fetch_assoc();


if(!empty($_POST['submit'])){


	if($username == "") {
	print "Please enter your username";
	}elseif($password == "") {
	print "Please enter your password";

		}elseif($username == $row['username'] && $password == $row['password'] ){ // I Think this line is giving me the error
		// Check if username and password were submitted
		if (!isset($_SESSION['user'])){

		session_regenerate_id();
		//assign user's name to session

		}

		$_SESSION['user'] = $_POST['user'];

}
}
?>
<?php

if(($_SESSION['user'] == "" )|| (!isset($_SESSION['user']))){	
?>
<form action="login9.php" method="post">
    <table width="200" border="0">
    <tr>
    <td width="71">User:</td>
    <td width="113"><label for="user"></label>
    <input type="text" name="user" id="user" /></td>
    </tr>
    <tr>
    <td>Password:</td>
    <td><label for="password"></label>
    <input type="password" name="password" id="password" /></td>
    </tr>
    <tr>
    <td> </td>
    <td><input type="submit" name="submit" value="Log in" /></td>
  </tr>
</table>
</form>

<?php }else{ print "Hello, ".$_SESSION['user']; }?>

</body>
</html>

Link to comment
https://forums.phpfreaks.com/topic/244173-simple-form-checking-a-user/
Share on other sites
MasterACE14 Advanced Member

MasterACE14

Posted
Posted

you have to call dbConnect(); in either dev.connection.inc.php or somewhere before $username in your script above.

 

for example:

include('../includes/dev.connection.inc.php');
$con = dbConnect();

would be fine.

 

however if you're including dev.connection.inc.php on all pages that require a database connection, I would just put it inside that file instead.

 

Although at the end of the day, it need not be a function for your purposes at all.

 

dev.connection.inc.php could just be this:

<?php
$con = mysqli_connect('localhost', 'root','xxxx', 'development')
or die ('Cannot connect to MySQL server');
?>

mallen Regular Member

mallen

Posted
  • Author
Posted

Yes I know but I use the same connection for other pages i work on.

 

I moved the $con =  dbConnect();  line. Still not working.

 

<?php
$con =  dbConnect();
$username = mysql_real_escape_string(trim($_POST['user']));
$password = mysql_real_escape_string(trim($_POST['password']));


$sql = "SELECT * FROM users WHERE username = '$username' and password = '$password'";

$result = $con->query($sql) or die(mysql_error());
echo $row['username']; 
$row = $result->fetch_assoc();


if(!empty($_POST['submit'])){


	if($username == "") {
	print "Please enter your username";
	}elseif($password == "") {
	print "Please enter your password";

		}elseif($username == $row['username'] && $password == $row['password'] ){
		// Check if username and password were submitted
		if (!isset($_SESSION['user'])){

		session_regenerate_id();
		//assign user's name to session

		}

		$_SESSION['user'] = $_POST['user'];

}
}
?>
<?php

if(($_SESSION['user'] == "" )|| (!isset($_SESSION['user']))){	
?>
<form action="login9.php" method="post">
    <table width="200" border="0">
    <tr>
    <td width="71">User:</td>
    <td width="113"><label for="user"></label>
    <input type="text" name="user" id="user" /></td>
    </tr>
    <tr>
    <td>Password:</td>
    <td><label for="password"></label>
    <input type="password" name="password" id="password" /></td>
    </tr>
    <tr>
    <td> </td>
    <td><input type="submit" name="submit" value="Log in" /></td>
  </tr>
</table>
</form>

<?php }else{ print "Hello, ".$_SESSION['user']; }?>

MasterACE14 Advanced Member

MasterACE14

Posted
Posted

then either the username or password you're passing to mysqli_connect() is incorrect.

 

My mistake, this:

$username = mysql_real_escape_string(trim($_POST['user']));
$password = mysql_real_escape_string(trim($_POST['password']));

 

should be this:

$username = mysqli_real_escape_string(trim($_POST['user']));
$password = mysqli_real_escape_string(trim($_POST['password']));

mysqli as opposed to mysql.

phpSensei Advanced Member

phpSensei

Posted
Posted

Btw this line will produce and UNDEFINED variable, since your muting any E_NOTICE reports you havn't noticed it. Not a big deal, but just in case you were debugging the output of that column

 

$result = $con->query($sql) or die(mysql_error());
echo $row['username']; 
$row = $result->fetch_assoc();

mallen Regular Member

mallen

Posted
  • Author
Posted

Ok I got it working, sort of... getting this error .....mysqli_real_escape_string() expects exactly 2 parameters,

 

So I just removed the  mysqli_real_escape_string()

 

and now it is the following and working:

 $username = trim($_POST['user']);
$password = trim($_POST['password']);

 

Why does it throw that error?

MasterACE14 Advanced Member

MasterACE14

Posted
Posted

requires $con as the first argument passed to it http://www.php.net/manual/en/mysqli.real-escape-string.php:

$username = mysqli_real_escape_string($con, trim($_POST['user']));
$password = mysqli_real_escape_string($con, trim($_POST['password']));

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.