Login script not running?

[andy_b_1502]

Hi, i need some help with my script to take data from mysql database to be used for a login.

 

Created table, with registration, checked passwords and such but the login button when clicked does nothing? please help

 

 

<?php $username = $_POST['username'];

$password = $_POST['upassword'];

$self = $_SERVER['PHP_SELF'];

$referer = $_SERVER['HTTP_REFERER'];

 

#if either form field is empty return to the log-in page

if( (!$username ) or (!$password ) )

{ header(  "Location:$referer" ); exit(); }

#connect to mysql

$conn = @mysql_connect( "server", "username", "password )

or die( "Could not connect" );

#select database

$rs = @mysql_select_db( "removalspacelogin", $conn )

or die ( "Could not select db" );

#create query

$sql="select * from users where username=\"$username\" and password = password( \$password\" )";

#execute query

$rs = mysql_query( $sql, $conn )

or die( "Could not execute query" );

 

 

#get number of rows that match username and password

$num = mysql_numrows( $rs );

#if there is a match the log-in in done

if( $num != 0 )

{ $msg = "Welcome $username - your log-in was successfull!"; }

else #or return to: login.php

{ header( "Location:www.removalspace.com/wrong.html" ); exit(); }

 

?>

 

<html> <head><title>Check-login</title></head>

<body> <?php echo( $msg ); ?> </body> </html>

 

 

 

[AyKay47]

1. first check for the submit button being clicked by using isset on the GET variable of the submit button.

2. is password a custom function? I see that you use it in your query..

3. looks like the escaping of quotes is incorrect..

 

$sql="select * from users where username = '$username' and password = '$password')";

 

4. no errors reported? do you have error_reporting set to either E_ALL or 1?

[andy_b_1502]

This is the form that has the defective submit button?

 

 

<form name="form1" method="post" action="check_login2.php">

<td>

<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">

<tr>

<td colspan="3"><span class="style7"><strong>Member Login </strong></span></td>

</tr>

<tr>

<td width="78"><span class="style7">Username</span></td>

<td width="6"><span class="style7">:</span></td>

<td width="294"><input name="myusername" type="text" class="style7" id="myusername"></td>

</tr>

<tr>

<td><span class="style7">Password</span></td>

<td><span class="style7">:</span></td>

<td><input name="mypassword" type="password" class="style7" id="mypassword"></td>

</tr>

<tr>

<td><span class="style7"></span></td>

<td><span class="style7"></span></td>

<td><input name="Submit" type="submit" class="style7" value="Login" /></td>

</tr>

</table>

</td>

</form>

[AyKay47]

okay well theres your problem.. your are using the wrong index names for your username and password inputs.. you hae them names "myusername" and "mypassword", so in order to grab them you will want something like

 

<?php

if(isset($_POST['submit'])){ //check for submit button click
   $username = $_POST['myusername'];
   $password = $_POST['mypassword'];
   // proceed with rest of code
}

?>

[andy_b_1502]

Thanks, so it now looks like so...

 

<?php

 

if(isset($_POST['submit'])){ //check for submit button click

$username = $_POST['myusername']; 

$password = $_POST['mypassword'];  // proceed with rest of code}

 

#if either form field is empty return to the log-in page

if( (!$username ) or (!$password ) )

{ header(  "Location:$referer" ); exit(); }

#connect to mysql

$conn = @mysql_connect( "", "", "123" )

or die( "Could not connect" );

#select database

$rs = @mysql_select_db( "removalspacelogin", $conn )

or die ( "Could not select db" );

#create query

$sql="select * from users where username = '$username' and password = '$password')";

#execute query

$rs = mysql_query( $sql, $conn )

or die( "Could not execute query" );

 

 

#get number of rows that match username and password

$num = mysql_numrows( $rs );

#if there is a match the log-in is done

if( $num != 0 )

{ $msg = "Welcome $username - your log-in was successful!"; }

else #or return to: login.php

{ header( "Location:$referer" ); exit(); }

 

?>

 

<html> <head><title>Check-login</title></head>

<body> <?php echo( $msg ); ?> </body> </html>

 

 

This gives me the parse error:

 

Parse error: syntax error, unexpected $end in /hermes/bosweb25a/b109/ipg.removalspacecom/check_login2.php on line 38

 

What have i done wrong?

[AyKay47]

you want that entire script inside of the if(isset($_POST['submit'])) condition

you ended it after the //proceed with rest of code..

all of the code needs to be within those brackets..

[andy_b_1502]

Okay ive tried that and all it does when i click the submit button is display a white page? Im new to php and need dummy style help with this.

With your suggestions my code looks like this:

 

 <?php

if(isset($_POST['submit'])){ //check for submit button click 
$username = $_POST['myusername'];   
$password = $_POST['mypassword'];   // proceed with rest of code
$self = $_SERVER['PHP_SELF'];
$referer = $_SERVER['HTTP_REFERER'];

#if either form field is empty return to the log-in page
if( (!$username ) or (!$password ) )
{ header(  "Location:$referer" ); exit(); }
#connect to mysql
$conn = @mysql_connect( "", "", "123" )
	or die( "Could not connect" );
#select database 
$rs = @mysql_select_db( "removalspacelogin", $conn )	
	or die ( "Could not select db" );
#create query
$sql="select * from users where username = '$username' and password = '$password')";
#execute query
$rs = mysql_query( $sql, $conn )
	or die( "Could not execute query" );


#get number of rows that match username and password
$num = mysql_numrows( $rs );
#if there is a match the log-in is done
if( $num != 0 )
{ $msg = "Welcome $username - your log-in was successful!"; }
else #or return to: login.php
{ header( "Location:$referer" ); exit(); }
}
?>

 

I really appreciate your help so far. Just finding it hard to grasp.

[andy_b_1502]

:'( ive actually been trying to suss this out for about two months, the original script before i was kindly helped to modify, was from "php5 in easy steps" im regretting buying it now?....

[AyKay47]

okay, since you are receiving a blank page..  do you have error_reporting on?

 

<?php ini_set("error_reporting",E_ALL);

 

if you have this set, you can view errors in your error.log file.. or you can turn display_errors on

 

<?php ini_set("display_errors","ON"); ?>

 

which will output the errors to the browser

[PFMaBiSmAd]

The blank page is because your form's submit button is named "Submit" name="Submit" The php code would need to test for that same name. You are currently testing for $_POST['submit'], which does not exist and the code is being skipped over.

[AyKay47]

The blank page is because your form's submit button is named "Submit" name="Submit" The php code would need to test for that same name. You are currently testing for $_POST['submit'], which does not exist and the code is being skipped over.

PRM is right, indices are case sensitive, missed that detail when I wrote the code.. will need to be changed to $_POST['Submit']

[andy_b_1502]

Changed the Submit to submit. Turned on error reporting to get: Could not execute query in browser when button is clicked?

 

[AyKay47]

alright so it is triggering you custom error message.. lets use mysql_error() to receive a mysl_error and pinpoint the problem..

 

<?php
$rs = mysql_query( $sql, $conn )
	or die( mysql_error() );
?>

[andy_b_1502]

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1

 

 

line 1?:

<?php

if(isset($_POST['submit'])){ //check for submit button click 
$username = $_POST['myusername'];   
$password = $_POST['mypassword'];   // proceed with rest of code
$self = $_SERVER['PHP_SELF'];
$referer = $_SERVER['HTTP_REFERER'];

#if either form field is empty return to the log-in page
if( (!$username ) or (!$password ) )
{ header(  "Location:$referer" ); exit(); }
#connect to mysql
$conn = @mysql_connect( "removalspacecom.ipagemysql.com", "removalspace", "123" )
	or die( "Could not connect" );
#select database 
$rs = @mysql_select_db( "removalspacelogin", $conn )	
	or die ( "Could not select db" );
#create query
$sql="select * from users where username = '$username' and password = '$upassword')";
#execute query
$rs = mysql_query( $sql, $conn )		or die( mysql_error() );


#get number of rows that match username and password
$num = mysql_numrows( $rs );
#if there is a match the log-in is done
if( $num != 0 )
{ $msg = "Welcome $username - your log-in was successful!"; }
else #or return to: login.php
{ header( "Location:$referer" ); exit(); }
}
?>
<?php ini_set("display_errors","ON"); ?>

<html> <head><title>Check-login</title></head>
<body> <?php echo( $msg ); ?> </body> </html>

[AyKay47]

in your query.. $upassword should be $password

drop the leading u in the variable

[andy_b_1502]

upassword is the name of my coloumn in mysql phpmyadmin, should i still change this to $password?

[andy_b_1502]

upassword is the name of my column in mysql phpmyadmin, i cnaged the $upassword to $password but still get the same result:

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1

[AyKay47]

if your field in your db is named "upassword", why do you have it set as "password"

 

<?php
$sql="select * from users where username = '$username' and upassword = '$password')"; ?>

[andy_b_1502]

Even now its changed like so:

 

<?php

if(isset($_POST['submit'])){ //check for submit button click 
$username = $_POST['myusername'];   
$password = $_POST['mypassword'];   // proceed with rest of code
$self = $_SERVER['PHP_SELF'];
$referer = $_SERVER['HTTP_REFERER'];

#if either form field is empty return to the log-in page
if( (!$username ) or (!$password ) )
{ header(  "Location:$referer" ); exit(); }
#connect to mysql
$conn = @mysql_connect( "removalspacecom.ipagemysql.com", "removalspace", "123" )
	or die( "Could not connect" );
#select database 
$rs = @mysql_select_db( "removalspacelogin", $conn )	
	or die ( "Could not select db" );
#create query
$sql="select * from users where username = '$username' and upassword = '$password')";
#execute query
$rs = mysql_query( $sql, $conn )		or die( mysql_error() );


#get number of rows that match username and password
$num = mysql_numrows( $rs );
#if there is a match the log-in is done
if( $num != 0 )
{ $msg = "Welcome $username - your log-in was successful!"; }
else #or return to: login.php
{ header( "Location:$referer" ); exit(); }
}
?>
<?php ini_set("display_errors","ON"); ?>

<html> <head><title>Check-login</title></head>
<body> <?php echo( $msg ); ?> </body> </html>

 

i still get error:

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1

 

whats causing this??

[AyKay47]

remove the parenthesis in your $sql variable

 

$sql="select * from users where username = '$username' and upassword = '$password'";

[andy_b_1502]

Thank you so much for your help! that works PERFECTLY. 

[AyKay47]

np, sorry it took me so long to realize the parenthesis.. trying to work and help at the same time...