Laura555 Posted February 18, 2013 Share Posted February 18, 2013 Hi I am creating a web based booking system using a WAMP server. I'm having trouble with the login form, the code doesn't seem to be reading from the database. I don't think it is a problem with the database itself as the it is connecting for my register and booking form. With the login form, everytime a user tries to login with valid credentials it just says 'sorry could not log you in, wrong log in information'. Heres the code: <?php session_start(); // dBase file include "config.php"; if (isset($_GET["op"]) == "login") { if (!$_POST["Username"] || !$_POST["Password"]) { ("You need to provide a username and password."); } // Create query $q = "SELECT * FROM `client` " ."WHERE `Username`='".$_POST["Username"]."' " ."AND `Password`=PASSWORD('".$_POST["Password"]."') " ."LIMIT 1"; // Run query $r = mysql_query($q); if ( $obj = @mysql_fetch_object($r) ) { // Login good, create session variables $_SESSION["valid_id"] = $obj->id; $_SESSION["valid_user"] = $_POST["Username"]; $_SESSION["valid_time"] = time(); // Redirect to member page Header("Location: Booking.php"); } else { // Login not successful die("Sorry, could not log you in. Wrong login information."); } } else { //If all went right the Web form appears and users can log in echo "<form action=\"?op=login\" method=\"POST\">"; echo "<p><b>Username:</b><br /><input type=\"text\" name=\"Username\" >"; echo "<p><b>Password:</b><br /><input type=\"password\" name=\"Password\"><br />"; echo "<p><input type=\"submit\" value=\"Login\">"; echo "</form>"; } ?> Quote Link to comment Share on other sites More sharing options...
computermax2328 Posted February 18, 2013 Share Posted February 18, 2013 (edited) Hey Laura! Welcome to the club! First off, if you look at the text editor that you use to write response in this forum there is a toggle for code. Use that toggle when you want to input code into the forum and it will arrange it so it is easier to read. I will use it below so you can see what it looks like and an admin will probably come through and fix yours. Anyway, it seems that you concatenate your query and you also want to set variables to your $_POST[username] and $_POST[password]. Try something like this.... $user = mysql_real_escape_string($_POST['Username']); $pass = mysql_real_escape_string($_POST['Password']); $sql = "SELECT * FROM client WHERE Username=`$user` AND Password=`$pass` LIMIT 1 "; $query = mysql_query($sql, $connection); The mysql_real_escape_string is going to help prevent mysql injection, so you don't get hacked! Feel free to ask me any more questions. Edited February 18, 2013 by computermax2328 Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted February 18, 2013 Share Posted February 18, 2013 (edited) I wouldn't use a $_GET value to begin form handling for various reasons. Instead, check either a hidden input value or an existing input value being passed to begin form handling. Make sure to only use the die() function during development, as it is not very user-friendly. Also, you should be implementing error checking logic into your code so you can see exactly what and where the problem is: $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $q = "SELECT * FROM `client` WHERE `Username`= '$username' AND `Password`= '$passLIMIT 1"; $r = mysql_query($q); if(!$r) { die("SQL statement: " . $q . "<br />" . "SQL Error: " . mysql_error()); } ... I'm also curious why you are using the MYSQL PASSWORD() function? You shouldn't be in this context. Edited February 18, 2013 by AyKay47 Quote Link to comment Share on other sites More sharing options...
Laura555 Posted February 18, 2013 Author Share Posted February 18, 2013 Thanks so much for the help. Does this look any better, its still throwing errors- <?php session_start(); // dBase file include "config.php"; $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $q = "SELECT * FROM `client` WHERE `Username`= '$username' AND `Password`= '$passLIMIT 1"; $r = mysql_query($sql, $connection); if ( $obj = @mysql_fetch_object($r) ) { // Login good, create session variables $_SESSION["valid_id"] = $obj->id; $_SESSION["valid_user"] = $_POST["Username"]; $_SESSION["valid_time"] = time(); // Redirect to member page Header("Location: Booking.php"); } else { // Login not successful die("Sorry, could not log you in. Wrong login information."); } } else { //If all went right the Web form appears and users can log in echo "<form action=\"?op=login\" method=\"POST\">"; echo "<p><b>Username:</b><br /><input type=\"text\" name=\"Username\" >"; echo "<p><b>Password:</b><br /><input type=\"password\" name=\"Password\"><br />"; echo "<p><input type=\"submit\" value=\"Login\">"; echo "</form>"; } ?> Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted February 18, 2013 Share Posted February 18, 2013 Besides the incorrect SQL syntax: I wouldn't use a $_GET value to begin form handling for various reasons. Instead, check either a hidden input value or an existing input value being passed to begin form handling. Make sure to only use the die() function during development, as it is not very user-friendly. Also, you should be implementing error checking logic into your code so you can see exactly what and where the problem is: $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $q = "SELECT * FROM `client` WHERE `Username`= '$username' AND `Password`= '$passLIMIT 1"; $r = mysql_query($q); if(!$r) { die("SQL statement: " . $q . "<br />" . "SQL Error: " . mysql_error()); } ... I'm also curious why you are using the MYSQL PASSWORD() function? You shouldn't be in this context. Quote Link to comment Share on other sites More sharing options...
computermax2328 Posted February 18, 2013 Share Posted February 18, 2013 What errors are you getting?? Quote Link to comment Share on other sites More sharing options...
Laura555 Posted February 18, 2013 Author Share Posted February 18, 2013 On the web page an orange box appears saying "Parse error: syntax error, unexpected '}' in Login.php on line 94. But line 94 is just a '}'. Quote Link to comment Share on other sites More sharing options...
Laura555 Posted February 18, 2013 Author Share Posted February 18, 2013 Sorry I got rid of that error but now I have other errors "Notice: Undefined index: Username in Login.php on line 73" and the same error for Password. Quote Link to comment Share on other sites More sharing options...
Jacbey Posted February 18, 2013 Share Posted February 18, 2013 I immediately noticed something; $q = "SELECT * FROM `client` WHERE `Username`= '$username' AND `Password`= '$passLIMIT 1"; This is wrong: "='$username' AND `Password`= '$passLIMIT 1" Firstly, the query is inside quotation marks and so when you want to define a variable you need to do this: Username = ' . " $username " . ' AND Password = ' . " $passLIMIT 1 " . ' This is because inside the quotation marks it is text and so you need to close the text in the var with the closing " and then add the period (.) to join the text in the variable and the foloowing together. then put your variable ($var) then another period (.) to join the next together and then open the text again ". I hope this makes sense. Also, at the end of this line: $q = "SELECT * FROM `client` WHERE `Username`= '$username' AND `Password`= '$passLIMIT 1"; You haven't put a apostrophe to close the SQL value. ~Jacbey~ Quote Link to comment Share on other sites More sharing options...
Laura555 Posted February 19, 2013 Author Share Posted February 19, 2013 Thanks for the help Jacbey, I fixed those issues. I'm still getting the same errors- "Notice: Undefined index: Username in Login.php on line 73" and the same error for Password. Can't seem to figure out where I'm going wrong Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted February 19, 2013 Share Posted February 19, 2013 You are referencing index values that do not exist. You must first verify that both indices are set before using them. Quote Link to comment Share on other sites More sharing options...
Jacbey Posted February 19, 2013 Share Posted February 19, 2013 Laura, can you post the code again? Quote Link to comment Share on other sites More sharing options...
Laura555 Posted February 19, 2013 Author Share Posted February 19, 2013 This is the code that I am now using. I'm getting an error for the " $username = mysql_real_escape_string($_POST['username']); //User Name sent from Form $password = mysql_real_escape_string($_POST['password']); // Password sent from Form" Its telling me they are undefined indices, how do I define them? include('config.php'); $username = mysql_real_escape_string($_POST['username']); //User Name sent from Form $password = mysql_real_escape_string($_POST['password']); // Password sent from Form $query = "select * from client where Username='$username' and Password='$password'"; $res = mysql_query($query); //Executing query and saving result in Result Set $rows = mysql_num_rows($res); if($rows==1) { $_SESSION['username']; header("location: Booking.php"); } else { echo 'Wrong login information. <br /> Re-Enter Username and Password'; } ?> <form action="?op=login" method="POST"> <p><b>Username:</b><br /><input type="text" name="Username" > <p><b>Password:</b><br /><input type="password" name="Password"><br /> <p><input type="submit" value="Login"> </form>; Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted February 19, 2013 Share Posted February 19, 2013 You are referencing index values that do not exist. You must first verify that both indices are set before using them. Pseudo code: if(isset($_POST['index'])) { $i = $_POST['index']; } or the way I prefer: $i = (isset($_POST['index'])) ? $_POST['index'] : null; Quote Link to comment Share on other sites More sharing options...
Laura555 Posted February 19, 2013 Author Share Posted February 19, 2013 Thanks a million AyKay, that worked perfectly. Finally have it working! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.