What is wrong with this code? It worked last night >.<

[denominator13]

As the subject asks what is wrong with this code? I keep getting the invalid login? I think it could be this part that is throwing the error "if (!isset($_POST['Submit'])!='Login')" but I can't remember messing around with it after I had it working, I mean why would I mess around with it if it's working already lol.

 

<?php 
include 'dbc.php';

$user_email = mysql_real_escape_string(!isset($_POST['email']));

if (!isset($_POST['Submit'])!='Login')
{
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,user_email FROM users WHERE 
            user_email = '$user_email' AND 
            user_pwd = '$md5pass' AND user_activated='1'"; 

$result = mysql_query($sql) or die (mysql_error()); 
$num = mysql_num_rows($result);

    if ( $num != 0 ) { 

        // A matching row was found - the user is authenticated. 
       session_start(); 
   list($user_id,$user_email) = mysql_fetch_row($result);
	// this sets variables in the session 
	$_SESSION['user']= $user_email;  


	if (isset($_GET['ret']) && !empty($_GET['ret']))
	{
	header("Location: $_GET[ret]");
	} 
	else
	{
	header("Location: myaccount.php");
	}
	//echo "Logged in...";
	exit();
    } 


header("Location: main_login.php?msg=Invalid Login");
//echo "Error:";
exit();		
}

?>

[xyph]

I'd start by echo'ing your query, and comparing it to what's in the database.

[denominator13]

Forgive me but I'm new still to php and slowly learning lol. What do you mean by echoing my query?

[sasa]

change

include 'dbc.php';

$user_email = mysql_real_escape_string(!isset($_POST['email']));

if (!isset($_POST['Submit'])!='Login')

to

include 'dbc.php';

if(isset($_POS['email'])) $user_email = mysql_real_escape_string($_POST['email']);

if (!isset($_POST['Submit']) and $_POST['Submit']=='Login')

[Elven6]

Forgive me but I'm new still to php and slowly learning lol. What do you mean by echoing my query?

 

I think he means echoing out $num, so something like,

 

$sql = mysql_query("SELECT id,user_email FROM users WHERE             user_email = '$user_email' AND             user_pwd = '$md5pass' AND user_activated='1'"); 

while($stuff = mysql_num_rows($sql) ) {
     echo $stuff;
}

 

See if it outputs anything and if the data is similar to what you require for the code to proceed.

[denominator13]

Ok sasa I did that and it doesn't generate the error any more but it equally still does not log me in >.< I also get an error which is no doubt due to the (isset( not having an ! at the start? I found that I had to add ! to a lot of the (isset( otherwise it threw errors on the webpage.

[xyph]

No, i mean

 

 echo $sql; 

 

echo'ing your query refers to echoing the statement you plan on querying the database with. For some reason, you're not getting any results. The reason you'll find is in your query.

[denominator13]

? You mean I put echo just before

$sql = "SELECT id,user_email FROM users WHERE 
            user_email = '$user_email' AND 
            user_pwd = '$md5pass' AND user_activated='1'"; 

 

Sorry it took a while to reply I have no idea about one of the questions I get asked, something to do with who built the site Rasmus and I have no idea what the answer is lol.

[xyph]

Echoing a variable before you declare it seems kind of silly, doesn't it?

[denominator13]

I have no idea, as I said I am new to php lol

[denominator13]

You mean like this?

$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,user_email FROM users WHERE 
            user_email = '$user_email' AND 
            user_pwd = '$md5pass' AND user_activated='1'"; 
	echo $sql;	
$result = mysql_query($sql) or die (mysql_error()); 
$num = mysql_num_rows($result);

[xyph]

Your example is exactly how I'd start the debug process. Your next step is to comment out the redirect line, so you have a chance to view your query before your get error redirected.

 

Once you have your query, compare it to what's actually in the database.

[denominator13]

So like this or do I need to comment out the location: myaccount.php as well?

 

include 'dbc.php';

$user_email = mysql_real_escape_string(!isset($_POST['email']));

if (!isset($_POST['Submit'])!='Login')
{
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,user_email FROM users WHERE 
            user_email = '$user_email' AND 
            user_pwd = '$md5pass' AND user_activated='1'"; 
	echo $sql
$result = mysql_query($sql) or die (mysql_error()); 
$num = mysql_num_rows($result);

    if ( $num != 0 ) { 

        // A matching row was found - the user is authenticated. 
       session_start(); 
   list($user_id,$user_email) = mysql_fetch_row($result);
	// this sets variables in the session 
	$_SESSION['user']= $user_email;  


	if (isset($_GET['ret']) && !empty($_GET['ret']))
	{
	header("Location: $_GET[ret]");
	} 
	else
	{
	header("Location: myaccount.php");
	}
	//echo "Logged in...";
	exit();
    } 


#header("Location: main_login.php?msg=Invalid Login");

//echo "Error:";
exit();		
}

?>

 

Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';' in C:\xampp\htdocs\mywebsite\main_login.php on line 97

[xyph]

I'd comment out all of them until it worked.

[denominator13]

Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';' in C:\xampp\htdocs\mysite\main_login.php on line 97

[denominator13]

Thanks guys but I asked elsewhere and have it fixed now I expected nothing less from hackers to fix it hehe.

 

include 'dbc.php';

$user_email = (isset($_POST['email'])) ?  mysql_real_escape_string($_POST['email']) : 'null';

if (($_POST['Submit'] == 'Login') && ($user_email != null)) 
{

[xyph]

We could have fixed it for you. I was trying to teach you how to fix it yourself.

 

Again, though, people would much rather have someone fish for them than learn to fish themselves

[denominator13]

Ok well after three days of examining various others codes and actually fixing them by myself including chat rooms to integrate into my site in which the original coder could not even get it working I decided to ask for a bit of help instead on this particular thing.

 

I had searched Google for one thing to get an understanding on why most codes wouldn't work for my version of PHP and it seems because most are old and outdated codes which just need upgrading, Considering I have only been learning simple html/php for a very short period of time and only just started to understand css then I am doing considerably well.

 

My site consists of a download system, a java chat system, a register system (had to fix that and learn MySql in like several hours or at least the basics of it) background music, server statistics for my on line private mmorpg,  and donate system which is probably extremely easy for most of the coders on here but for me a complete novice I feel quite accomplished for what I have gained so far.

 

I had simply got a little tired of getting stressed out at the code and just needed help for something that albeit shouldn't have worked in the first place did work in the first place lol. Usually the saying is "if it's not broke don't fix it" and all would have been fine just that it decided for whatever reason to just stop working >.<