Jump to content

MySQL Rows & Login form?


Hazukiy

Recommended Posts

Hi, I'm trying to make a login form for my website, but I can't seem to get my head around this problem, basically it keeps returning this row error and I'm not too sure why? Really need some help on this, thanks.

 

(Excuse my sloppy coding; just trying to get the basics to work atm)

 

 

LOGIN.PHP

<?php 
    session_start(); 
    include "dbConfig.php"; 
   
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
   
	$username = trim($_POST['username']);
	$password = trim ($_POST['password']);

    $query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
	$result = mysql_query($query) or die(mysql_error()); 
    if(!$result)
    {  
		die("Wrong username or password.");
    }
    elseif(!mysql_num_rows($result))
    { 
		die("No user found by that username.");
    } 
	else
	{
		Header("Location: memberstest.php"); 
		exit();
	}
}
?>

<form action="login.php" method="POST">
Username:<br>
<input class="login_form" type="text" name="username" id="username" maxlength="20">
<br><br>
Password:<br>
<input class="login_form" type="password" name="password" id="password" maxlength="50">
<br><br>
<button type="submit" name="submit" class="InputButton">Login</button>
</form>

 

 

 

REGISTER.PHP

 

<?php 
session_start();
define('SALT_CHARACTERS', 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789');

function generate_salt() {
	$salt = '';
		
	for($i = 0; $i < 21; $i++) {
		$salt .= substr(SALT_CHARACTERS, mt_rand(0, strlen(SALT_CHARACTERS) - 1), 1);
	}
	
	return $salt;
}

$errors = array();

if(isset($_POST['firstname']) && isset($_POST['lastname']) && isset($_POST['username']) && isset($_POST['email']) && isset($_POST['password'])){
	require_once 'dbConfig.php';
	
	$firstname = trim($_POST['firstname']);
	$lastname = trim($_POST['lastname']);
	$username = trim($_POST['username']);
	$email = trim($_POST['email']);
	$password = $_POST['password'];
	
	if($firstname == '') {
		$errors[] = 'Please enter your firstname.';
		header("location: register.php?r=error");
	}
	
	if($lastname == '') {
		$errors[] = 'Please enter your lastname.';
		header("location: register.php?r=error");
	}
	
	if($email == '') {
		$errors[] = 'Please enter an email address.';
		header("location: register.php?r=error");
	}
	
	if($username == '') {
		$errors[] = 'Please enter a username.';
		header("location: register.php?r=error");
	}
	
	if($password == '') {
		$errors[] = 'Please enter a password.';
		header("location: register.php?r=error");
	}elseif(strlen($password) < 6) {
		$errors[] = 'Your password must be at least 6 characters long.';
		header("location: register.php?r=error");
	}
	
	if(count($errors) === 0) {
		$passwordHash = crypt($password, '$2y$12$' . generate_salt());
		
		$query = "INSERT INTO users(firstname, lastname, username, email, password) VALUES('$firstname', '$lastname', '$username', '$email', '$passwordHash')";
		$result = mysql_query($query) or die(mysql_error());

		if ($result) 
		{ 
			header("location: register.php?r=success");
			exit();
		}
		else 
		{ 
			die("Query failed"); 
		}
	}
}	
	
?>
Edited by Hazukiy
Link to comment
Share on other sites

if the error is "boolean given" then something is wrong with your SQL or database structure. And you should consider escaping incoming data.

 

And if I may, in case this is not made for a learning purpose, in my eyes creating a "login form" is a crime, knowing that there are dozens of free built systems you can download, install and configure in under 5 minutes.

Edited by Manixat
Link to comment
Share on other sites

if the error is "boolean given" then something is wrong with your SQL or database structure. And you should consider escaping incoming data.

 

And if I may, in case this is not made for a learning purpose, in my eyes creating a "login form" is a crime, knowing that there are dozens of free built systems you can download, install and configure in under 5 minutes.

 

 

I'm sorry but wtf? Being creative and wanting to learn is a crime? Sorry but ahha what? xD

Link to comment
Share on other sites

He did say "in case this is not made for a learning purpose".

 

What's the error?

 

Well it made no sense to me? Why would he say "in my eyes creating a "login form" is a crime" ?? I'm sorry but I don't get why he's saying this for? If I was a hacker I don't think I'd be on a forum asking for help? 

 

+ I like to be constructive :D

Link to comment
Share on other sites

 

do this. or simply remove else

if(!mysql_num_rows($result))
    { 
		die("No user found by that username.");
    } 

 

 

Ok so I tried what you said but it seems to keep returning it? I've had this problem in the past with any Login / Registration forms where it just keeps returning it when I try to log in, my register form works fine but I've always had a problem with the loggin in part.

 

Here's the up to date version of my login.php

<?php 
    session_start(); 
    include "dbConfig.php"; 
   
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
   
	$username = trim($_POST['username']);
	$password = trim ($_POST['password']);

    $query = "SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
	$result = mysql_query($query) or die(mysql_error()); 
    if(!$result)
    {  
		die("Wrong username or password.");
    }
	
    if(!mysql_num_rows($result))
    { 
		die("No user found by that username.");
    } 
	else
	{
		Header("Location: memberstest.php"); 
		exit();
	}
}
?>
Link to comment
Share on other sites

if the error is "boolean given" then something is wrong with your SQL or database structure. And you should consider escaping incoming data.

 

And if I may, in case this is not made for a learning purpose, in my eyes creating a "login form" is a crime, knowing that there are dozens of free built systems you can download, install and configure in under 5 minutes.

 

 

Appreciate the help and no I'm not a hacker and I don't plan on being on either. I'm 18 years old and I just want to learn more about web development such as PHP, jQuery ect... I've created a small website just to understand it and so far so good. The reason I'm not using the "free system" PHP forms is because If I'm going to program I like to do it on my own, but of course when I need help with something that I can't get my head around I go on forums, hence my presence here.

Link to comment
Share on other sites

You need to recreate the hashed password and check against it in the database. Right now you are checking a plain-text password against your hashed password.

 

Ok so i need to change this?

 

$password = trim ($_POST['password']);

Link to comment
Share on other sites

Ok so i need to change this?

 

$password = trim ($_POST['password']);

 

Yes... does "MyPassword" = "3209salksd83220sd98sla320skalk"?

 

The password has to match the text in the database. So whatever method you are salting and hashing your password to create it, you have to do that to the submitted plain text password to create that same string and then compare those two.

Link to comment
Share on other sites

Yes... does "MyPassword" = "3209salksd83220sd98sla320skalk"?

 

The password has to match the text in the database. So whatever method you are salting and hashing your password to create it, you have to do that to the submitted plain text password to create that same string and then compare those two.

 

Ah ok so one of the passwords in the database that I'm just testing with is "$2nv5iZW/6eTw" and I've salted the hash this way

 

 

$passwordHash = crypt($password, '$2y$12$' . generate_salt());

 

So I would have to do this in the login?:

 

$password = "$2y$12$"
Link to comment
Share on other sites

Without going in to too many details of what you are doing since there are a tons of sites online that describe how to login with hashes and salts. The bottom line is you have to create a string that matches the password string you store in the database. So if you are creating a random salt, then you have to store that salt value in the database along with the user so you can retrieve it when the user logs in. So just like creating the password you would go

 

 

$plainTextPassword = $_POST['password'];
$salt = "Query to get salt from user based on username"
 
$password = crypt($plainTextPassword,'$2y$12$'.$salt);
 
//then you check this password with the password stored in the database.
 
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.