timmykins02 Posted April 12, 2012 Share Posted April 12, 2012 So basically my project is one where the user can log onto my website, and the page then checks if the ID and password are in my table in my microsoft access file. If the username and password are the same, the user continues, if it isnt, then it stays on the same page and says something like "username and/or password are incorrect" or something along the lines of that. the problem is right now im not sure how to make it say "ERROR username and/or password is incorrect" if the username and password dont match. Can someone help me with this? and also make sure if the username and password are correct that it goes to the next page, entitled searchpage.php here is the code <html> <head> <style type="text/css"> </style> </head> <body style="text-align:center"> <div id='title'> </div> <?php print_r ($_POST) ; if if (isset($_POST['Login'])) { if(isset($_POST['username'])){ $username= $_POST['username'] ; } if(isset($_POST['password'])){ $TABLE= $_POST['password'] ; } $username = null ; $password = null ; $connection = odbc_connect('Olympics', '', ''); if (!$connection) {exit("Conection Failed: " . $connection);} $username = stripslashes($username); $password = stripslashes($password); $sql = "select * from users where users = '$username' and passwords = '$password'"; $rs=odbc_exec($connection,$sql); $count=odbc_num_rows($rs); if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: searchpage.php"); } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php"); echo "Login failed" ; } } echo "<form action='index.php' method='post'> \n" ; echo" Please enter your username and password if you wish. <br/> \n" ; echo "Username: <input type='text' name='username' > \n " ; echo "Password: <input type='password' name='password' > \n" ; echo "<input type='submit' value='Login' name='Login'> <br/> \n" ; echo "<input type='submit' value='You may also continue you as a guest.'> \n" ; echo "</form>" ; ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
batwimp Posted April 12, 2012 Share Posted April 12, 2012 A couple of things: You have a dangling IF statement, sitting there all by its lonesome. What's up with that? Secondly, MySQL is preferred over a MS Access database when using PHP. I don't know if you know much about MYSQL, but it is well worth looking into. and C: if you want to pass the failed username/password info to the next page, include the message in the URL when you redirect: } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php?message=Login failed"); } Then on the index.php page, check for the message: if(isset($_GET['message'])){ echo $_GET['message']; } You can pass any number of messages this way. *This code is not tested. You may need to tweak it some. Quote Link to comment Share on other sites More sharing options...
timmykins02 Posted April 12, 2012 Author Share Posted April 12, 2012 Thank you, it now says Login Failed, but when I type in the correct username and password it doesn't go onto the next page. And I've heard MySQL is better but I already have the database on Ms Access, and my teacher told me to use Access so I guess I'm stuck with that. Could you please help me improve my code to make it go to the next page if the username and password is correct? And also if the number of attempts is, let's say more than 3, then the user can't log in anymore? but that part isnt that important Thanks Quote Link to comment Share on other sites More sharing options...
batwimp Posted April 12, 2012 Share Posted April 12, 2012 (isset($_POST['Login'])) { doesn't have a closing bracket. You need to close it somewhere. I assumed you wanted to either set a variable there, or wrap the other POST checks inside those brackets. Either way, you need to close it. This could be causing your problems down the line. Fix this, then see if it works. If not, post here what happened, as well as your updated code. Quote Link to comment Share on other sites More sharing options...
timmykins02 Posted April 12, 2012 Author Share Posted April 12, 2012 Are you sure it doesnt have a closing bracket? Im pretty sure i see it at the bottom if I'm talking about the same thing. Now whenever I login it stays on the same page and says "Login Failed" even if I typed in the correct username and password. Here is the code <html> <head> <style type="text/css"> </style> </head> <body style="text-align:center"> <div id='title'> </div> <?php print_r ($_POST) ; if(isset($_GET['message'])){ echo $_GET['message']; } if (isset($_POST['Login'])) { if(isset($_POST['username'])){ $username= $_POST['username'] ; } if(isset($_POST['password'])){ $TABLE= $_POST['password'] ; } $username = null ; $password = null ; $connection = odbc_connect('Olympics', '', ''); if (!$connection) {exit("Conection Failed: " . $connection);} $username = stripslashes($username); $password = stripslashes($password); $sql = "select * from users where Users = '$username' and Passwords = '$password'"; $rs=odbc_exec($connection,$sql); $count=odbc_num_rows($rs); if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: searchpage.php"); } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php?message=Login Failed"); } } echo "<form action='index.php' method='post'> \n" ; echo" Please enter your username and password if you wish. <br/> \n" ; echo "Username: <input type='text' name='username' > \n " ; echo "Password: <input type='password' name='password' > \n" ; echo "<input type='submit' value='Login' name='Login'> <br/> \n" ; echo "<input type='submit' value='You may also continue you as a guest.'> \n" ; echo "</form>" ; ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
batwimp Posted April 12, 2012 Share Posted April 12, 2012 You're right. Sorry, I didn't copy and paste the entire block. I'll keep looking. Quote Link to comment Share on other sites More sharing options...
batwimp Posted April 12, 2012 Share Posted April 12, 2012 if(isset($_POST['password'])){ $TABLE= $_POST['password'] ; } Did you mean: if(isset($_POST['password'])){ $password= $_POST['password'] ; } and then you're nulling them both out before checking them? $username = null ; $password = null ; Also, this is in the PHP manual: Note: Using odbc_num_rows() to determine the number of rows available after a SELECT will return -1 with many drivers. You may want to echo out your $count variable to see if it is -1. You should delete the lines where you null out your $username and $password variables, or at least set them to empty strings (''), but BEFORE you assign the POST variables to them. Quote Link to comment Share on other sites More sharing options...
Muddy_Funster Posted April 12, 2012 Share Posted April 12, 2012 ... and my teacher told me to use Access so I guess I'm stuck with that. Get a new teacher! On the plus side of things, if this is just a classroom project, you can walk away from it once it's complete. Quote Link to comment Share on other sites More sharing options...
timmykins02 Posted April 12, 2012 Author Share Posted April 12, 2012 Yes i meant $password, so that was part of the problem, and I'm trying to echo out my $count but its not working? Is it echo $count ; or echo "$count" ; I've tried both but it wont echo. and so i delete the lines where i set the password and username to null, but should i leave the line where i say $username = stripslashes($username); $password = stripslashes($password); ? thank you for helping Quote Link to comment Share on other sites More sharing options...
batwimp Posted April 12, 2012 Share Posted April 12, 2012 echo $count; should work fine. It could be getting lost on the rest of your page, so consider adding a line brake before and after, plus a label: echo "<br />Count: ".$count."<br />"; so it stands out a little better. It will be blank if there is nothing in the variable. If so, that could also be part of your problem. stripslashes() is usually used when getting data out of the databases after addslashes() has been used to escape out quotes or other characters. If your goal is to sanitize your database input, consider using something like mysql_real_escape_string(), which is just used for mysql. I don't know what you would use to sanitize Access database inputs. Maybe one of the gurus can chime in and tell you. Muddy_Funster has a good point. I know you can't just walk away from this teacher, but realize that an Access database with PHP is a horrible idea. In the future, if you plan on doing more PHP programming, you really should use MySQL, as it is the standard for use with PHP, and you can get a LOT more help in forums like these. Quote Link to comment Share on other sites More sharing options...
timmykins02 Posted April 12, 2012 Author Share Posted April 12, 2012 If I type echo "<br />Count: ".$count."<br />"; outside all of the brackets, I get this error: Notice: Undefined variable: count in C:\Program Files\EasyPHP-5.3.6.1\www\SQL\Final Project\index.php on line 67 Count: But if I move the echo "<br />Count: ".$count."<br />"; up a few lines, like $count=odbc_num_rows($rs); if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: searchpage.php"); } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php?message=Login Failed"); } } Before the second to last bracket or before the last bracket it doesnt show up at all. And I know, it sucks. I can't find any help online because it only talks about My SQL but I need to specifically use Access and I really need to figure this out. Quote Link to comment Share on other sites More sharing options...
batwimp Posted April 12, 2012 Share Posted April 12, 2012 You should put it right after it's initialized: $count=odbc_num_rows($rs); echo "<br />Count: ".$count."<br />"; Quote Link to comment Share on other sites More sharing options...
timmykins02 Posted April 12, 2012 Author Share Posted April 12, 2012 It still says Notice: Undefined variable: count in C:\Program Files\EasyPHP-5.3.6.1\www\SQL\Final Project\index.php on line 71 Quote Link to comment Share on other sites More sharing options...
xyph Posted April 12, 2012 Share Posted April 12, 2012 Can you post your entire code, including the $count echo? Even if odbc_num_rows() is returning nothing, null, etc, the variable should still be defined. <?php function foo() { } echo $bar; // undefined notice $bar = foo(); // populate bar with nothing echo $bar; // outputs nothing, but no notice generated ?> Quote Link to comment Share on other sites More sharing options...
timmykins02 Posted April 12, 2012 Author Share Posted April 12, 2012 Sure, here it is: <html> <head> <style type="text/css"> </style> </head> <body style="text-align:center"> <div id='title'> </div> <?php print_r ($_POST) ; if(isset($_GET['message'])){ echo $_GET['message']; } if (isset($_POST['Login'])) { $username = stripslashes($username); $password = stripslashes($password); if(isset($_POST['username'])){ $username= $_POST['username'] ; } if(isset($_POST['password'])){ $password= $_POST['password'] ; } $connection = odbc_connect('Olympics', '', ''); if (!$connection) {exit("Conection Failed: " . $connection);} $sql = "select * from users where Users = '$username' and Passwords = '$password'"; $rs=odbc_exec($connection,$sql); $count=odbc_num_rows($rs); echo "<br />Count: ".$count."<br />"; if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: searchpage.php"); } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php?message=Login Failed"); } } echo "<br />Count: ".$count."<br />"; echo "<form action='index.php' method='post'> \n" ; echo" Please enter your username and password if you wish. <br/> \n" ; echo "Username: <input type='text' name='username' > \n " ; echo "Password: <input type='password' name='password' > \n" ; echo "<input type='submit' value='Login' name='Login'> <br/> \n" ; echo "<input type='submit' value='You may also continue you as a guest.'> \n" ; echo "</form>" ; ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
batwimp Posted April 12, 2012 Share Posted April 12, 2012 If you're going to stripslashes from them, you need to do it after you assign the POST variables to them: if(isset($_POST['username'])){ $username= $_POST['username'] ; } if(isset($_POST['password'])){ $password= $_POST['password'] ; } $username = stripslashes($username); $password = stripslashes($password); Quote Link to comment Share on other sites More sharing options...
xyph Posted April 12, 2012 Share Posted April 12, 2012 You also need to format your code, so you don't get lost in curly braces. You get an undefined $count notice because when you call it the second time, it's outside of the if statement where it's defined. If if (isset($_POST['Login'])) evaluates to FALSE, $count will not be defined. Trying to echo it outside of that if statement will result in a notice, if the statement returns FALSE. Remove that second echo, and the undefined notice should go away. If you're having difficulties keeping track of when/where you've declared variables, you should try declaring them all at the top of your script and/or functions $username = null; $password = null; $connection = null; $sql = null; $rs = null; $count = null; It will prevent undefined variable notices, and help you keep track of the variables you're using in your script Quote Link to comment Share on other sites More sharing options...
timmykins02 Posted April 13, 2012 Author Share Posted April 13, 2012 Okay well i no longer have the notice, but when I still have have the if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: searchpage.php"); } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php?message=Login Failed"); } statement in, then the it doesnt echo the count. when i take this statement out it says that the count is -1, even when I type the correct password. Can you please help me and make this work? Quote Link to comment Share on other sites More sharing options...
xyph Posted April 13, 2012 Share Posted April 13, 2012 Read reply #6 in this thread. Quote Link to comment Share on other sites More sharing options...
timmykins02 Posted April 13, 2012 Author Share Posted April 13, 2012 But the count wont even echo. my entire code is <html> <head> <style type="text/css"> </style> </head> <body style="text-align:center"> <div id='title'> </div> <?php print_r ($_POST) ; if(isset($_GET['message'])){ echo $_GET['message']; } if (isset($_POST['Login'])) { $username = stripslashes($username); $password = stripslashes($password); if(isset($_POST['username'])){ $username= $_POST['username'] ; } if(isset($_POST['password'])){ $password= $_POST['password'] ; } $username = stripslashes($username); $password = stripslashes($password); $connection = odbc_connect('Olympics', '', ''); if (!$connection) {exit("Conection Failed: " . $connection);} $sql = "select * from Users where Users = '$username' and Passwords = '$password'"; $rs=odbc_exec($connection,$sql); $count=odbc_num_rows($rs); echo "<br />Count: ".$count."<br />"; if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: searchpage.php?"); } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php?message=Login Failed"); } } echo "<form action='index.php' method='post'> \n" ; echo" Please enter your username and password if you wish. <br/> \n" ; echo "Username: <input type='text' name='username' > \n " ; echo "Password: <input type='password' name='password' > \n" ; echo "<input type='submit' value='Login' name='Login'> <br/> \n" ; echo "<input type='submit' value='You may also continue you as a guest.'> \n" ; echo "</form>" ; ?> </body> </html> but the part with the count is $rs=odbc_exec($connection,$sql); $count=odbc_num_rows($rs); echo "<br />Count: ".$count."<br />"; if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: searchpage.php?"); } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php?message=Login Failed"); } And it won't echo the count and I dont get why. Thank you for helping Quote Link to comment Share on other sites More sharing options...
batwimp Posted April 13, 2012 Share Posted April 13, 2012 It's because you are immediately re-directing after the echo. Just for debugging purposes, kill the script right after the echo: echo "<br />Count: ".$count."<br />"; exit; Quote Link to comment Share on other sites More sharing options...
xyph Posted April 13, 2012 Share Posted April 13, 2012 After removing the redirect, you stated $count contained -1. Reply #6 explains WHY it might contain -1. The simple fact is the odbc driver you're using isn't compatible with use of the odbc_num_rows() function. There's even a possible solution mentions in the User Discussion on the manual page http://www.php.net/manual/en/function.odbc-num-rows.php#98836 Quote Link to comment Share on other sites More sharing options...
timmykins02 Posted April 14, 2012 Author Share Posted April 14, 2012 I had a look at that link you posted, and I tried it out, but I still couldn't get it to work, but I got something else that I think should work. I am basically running the same sql $sql = "select count (*) AS counter from Users where Users = '$username' and Passwords = '$password'"; and this gives a result of 1 if the username and password match, and a 0 if they dont. The thing is, this code works if i take out the $username and the $password, and replace them with 'admin' and 'password' , the username and password I have in access. But when i try to use the variables $username and $password then the code doesnt work. with 'admin' and 'password' the code does work. help please? the part of my code where I define these variables are if (isset($_POST['Login'])) { if(isset($_POST['username'])){ $username= $_POST['username'] ; } if(isset($_POST['password'])){ $password= $_POST['password'] ; } $username = stripslashes($username); $password = stripslashes($password); and then goes the rest of my code, and I close the first IF statement. Thank you for your help. Quote Link to comment Share on other sites More sharing options...
batwimp Posted April 15, 2012 Share Posted April 15, 2012 Please post your whole code again as it is. Also, if you still have this line in your code: print_r ($_POST) ; after you've filled out the form and hit the submit button and post the output of that line (it should be an array). Quote Link to comment Share on other sites More sharing options...
timmykins02 Posted April 15, 2012 Author Share Posted April 15, 2012 sure here it is. And I changed it to REQUEST now, instead of POST. and it should show the variables, like username and password but it doesn't. <html> <head> <style type="text/css"> </style> </head> <body style="text-align:center"> <div id='title'> </div> <?php print_r ($_REQUEST) ; if(isset($_GET['message'])){ echo $_GET['message']; } if (isset($_POST['Login'])) { if(isset($_POST['username'])){ $username= $_POST['username'] ; } if(isset($_POST['password'])){ $password= $_POST['password'] ; } $username = stripslashes($username); $password = stripslashes($password); $connection = odbc_connect('Olympics', '', ''); if (!$connection) {exit("Conection Failed: " . $connection);} $sql = "select count (*) AS counter from Users where Users = '$username' and Passwords = '$password'"; $rs=odbc_exec($connection,$sql); $count=odbc_result($rs, 1); echo $count ; if ($count == 1) { $_SESSION['loggedIn'] = "true"; header("Location: searchpage.php"); } else { $_SESSION['loggedIn'] = "false"; header("Location: index.php?message=Login Failed"); } } echo "<form action='index.php' method='post'> \n" ; echo" Please enter your username and password if you wish. <br/> \n" ; echo "Username: <input type='text' name='username' > \n " ; echo "Password: <input type='password' name='password' > \n" ; echo "<input type='submit' value='Login' name='Login'> <br/> \n" ; echo "<input type='submit' value='You may also continue you as a guest.'> \n" ; echo "</form>" ; ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.