Log in app that adds info to url (Dummies book example)

[enlighten]

Hi Guys, i got the PHP and MYSQL for dummies (4th addition) and i am typing up the code examples myself just to gain the experience. Im at the end of the book nearly where it is talking about log in applications that add info to the url but for some reason the code doesn't work. Im using Xampp as a localhost server.

 

Attached are the two scripts for the program, and below is the include file. I open up the login_url form first:

 

form_log.inc:

 

<?php

/*  Program name: form_log.inc

* Description: Displays a login form

*/

 

if( isset ( $message ) )

        {

            echo $message;

        }

echo "<form action='$_SERVER[php_SELF]' method='POST' style='margin: .5in'>\n

    <p><label for='username' style='font-weight: bold; padding-bottom: 1em'>User ID: </label>

        <input type='text' name='user_name' id='user_name' value='$user_name' />\n</p>

    <p><label for='password' style='font-weight: bold'>Password: </label>

        <input type='password' name='password' id='password' value='$password' />\n</p>

    <p><input type='submit' value='Log In'>\n</p>

        <input type='hidden' name='sent' value='yes' />

    </form>\n";

?>

 

 

 

 

Here are the errors i get:

 

Warning: include(dbstuff.inc) [function.include]: failed to open stream: No such file or directory in /Applications/XAMPP/xamppfiles/htdocs/test_php/login_url.php on line 31

 

Warning: include() [function.include]: Failed opening 'dbstuff.inc' for inclusion (include_path='.:/Applications/XAMPP/xamppfiles/lib/php:/Applications/XAMPP/xamppfiles/lib/php/pear') in /Applications/XAMPP/xamppfiles/htdocs/test_php/login_url.php on line 31

Couldn't execute query.

 

 

Any help would be appreciated thankyou

 

Enlighten

17227_.php

17228_.php

[Pikachu2000]

The file dbstuff.inc isn't being found in the same directory as login_url.php.

[enlighten]

Ok Thanks,

 

Just to clarify what code needs to be in the dbstuff.inc?

 

Could i see an example please. Thankyou

 

Enlighten

[QuickOldCar]

I would probably edit the file to have a php extension.

Insead of dbstuff.inc rename to dbstuff.inc.php

 

and edit line 31 in login_url.php to:

include("dbstuff.inc.php");

 

dbstuff.inc.php

<?php
//edit to your login credentials
$host = "localhost";
$user = "mysql admin user name";
$password = "mysql user password";
$database = "your database name";
?>

[Pikachu2000]

I don't have that book, so I can't say for sure. From the name of the file, I'd assume it would have the functions to establish a database connection, like mysql_connect and mysql_select_db, or mysqli_connect. It should probably also have a file extension of .php instead of .inc.

[enlighten]

Thanks very much for your input guys you have helped my out over the first hurdle so thanks!.

 

It all seems to be working connecting etc now but one more problem,

 

I entered some data (first_name,user_name and password) into the database, so now when i am testing the form and entering the username and password it always comes up with username and password not found.  But the data is obviously in the database and i am definately typing it in correctly.

 

Any ides?

 

 

Thanks

Enlighten

[QuickOldCar]

You using phpmyadmin at all?, are the values being stored properly?

 

you can try to echo your $query in your login_url.php to see if it has values, and add mysql_error() to see why your query is failing.

 

it could be a case sensitive issue, use strtolower() on the name and password

[QuickOldCar]

Sorry, forgot you are using mysqli_connect

 

use mysqli_error()

[enlighten]

Yes i am using phpMyAdmin and yes i believe they are, there are 4 fields

 

ID : Auto_increment INT

user_name: varchar

password: varchar

first_name: varchar

 

It's pretty simple so i don't see whats going wrong.

 

Thanks Again

 

Enlighten

[PFMaBiSmAd]

The - 'User ID and Password not found' message means that the query executed without any errors but it didn't match any rows in the database. You would need to troubleshoot why the query is not matching any row in the table.

 

Unfortunately, that book/code is not doing you any favors toward learning to write code that is secure and easy to troubleshoot.

 

Add the following line of code, right before the $query = "... ... ..."; statement -

 

	$pwd = md5($_POST['password']);

 

Then, right after the query = ... statement, echo both the $pwd variable and the $query variable so that you can see what the md5 value of the password is and what the actual query statement is.

 

If the query statement contains the correct values for both the $_POST['user_name'] and the $_POST['password'] values, you will need to check directly in the database table if you have a row with a matching user_name and a password value that matches the md5 value that you echoed in the $pwd variable. Make sure that the length and every character of the echoed md5 value matches what is stored in the password field in the database table.

[enlighten]

Thanks for your test help.

 

Id one exactly what you said and this is what got echoed.

 

5f4dcc3b5aa765d61d8327deb882cf99SELECT first_name FROM users WHERE user_name='tommy' AND password=md5 ('password')

 

No i guess that long line of numbers and letters is what is in the database but im not sure why its doing that.

My password field is simply a varchar with a length of 20, any ideas?

 

Thanks

Enlighten

[enlighten]

Ok so yeah i took out all md5 encryptions and now it works perfectly.

 

SO why was this md5 causing a problem within the database?

 

Thanks

Enlighten

[PaulRyan]

MD5() returns a string length of 32 characters, you have only allowed 20 characters for your password field.

 

Set the VARCHAR length to 32 and try using the MD5() function again?