ellchr3 Posted April 9, 2013 Share Posted April 9, 2013 I've created a simple login script and can't get one part to work. When I enter a username with an invalid password I get the error in the screen shot. I'm wondering if it has to do with the fact that $numrows is returning a -100? Everything else seems to work fine. Line 60 the error refers to is the line "if ($username==$dbusername&&$password=dbpassword)" $sql = "SELECT username, password FROM user_access WHERE username = '$username' AND password = '$password'"; $rs=odbc_exec($conn,$sql); $numrows = odbc_num_rows($rs); if ($numrows !=0) { while ($row = odbc_fetch_array($rs)) { $dbusername = $row['username']; $dbpassword = $row['password']; } echo $numrows; //echo $dbusername; //echo '<br>'; //echo $dbpassword; //check to see if they match if ($username==$dbusername&&$password==$dbpassword) { echo "You're in! Click here to enter the <a href='member.php'>Provider Database</a>"; $_SESSION['username']=$username; } else echo "Incorrect password!"; } else die("Invalid username. User does not exist!"); } else die("Please enter a Username and Password!"); ?> Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted April 9, 2013 Share Posted April 9, 2013 there's no guarantee that odbc_num_rows will return the number of rows in a select query result set. Using odbc_num_rows() to determine the number of rows available after a SELECT will return -1 with many drivers. you should either use a SELECT COUNT() query and fetch and test the count value or actually attempt to fetch the row your existing query returns and test if the fetch statement worked. Quote Link to comment Share on other sites More sharing options...
kendris Posted April 9, 2013 Share Posted April 9, 2013 <?php session_start(); $username = $_POST['username']; $password = $_POST['password']; if ($username&&$password) { $connect = mysql_connect("localhost","root","") or die ("Could not connect"); mysql_select_db ("login") or die ("Could not find database"); $query = mysql_query("SELECT * FROM users WHERE username ='$username'"); $numrows = mysql_num_rows($query); if ($numrows !=0) { while ($row =mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; } if ($username==$dbusername&&md5($password)==$dbpassword) { echo header( 'Location: member.php' ) ; $_SESSION['username']=$dbusername; } else echo "Inncorrect password"; } else die("That user dosen't exist"); } else die("Please enter a username and a password"); ?> It's not great but it works. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted April 9, 2013 Share Posted April 9, 2013 @kendris, your code has nothing to do with the op's problem. he is using an entirely different database and the problem concerns a function for that database. Quote Link to comment Share on other sites More sharing options...
kendris Posted April 9, 2013 Share Posted April 9, 2013 He wanted a login code, he can tweak it to fit his needs. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted April 10, 2013 Share Posted April 10, 2013 he wants help with the problems in his code. not to have to spend time making someone else's code work with his database type and then to still need to correct the specific things that are preventing it from working with his database type. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted April 10, 2013 Share Posted April 10, 2013 @ellchr3, based on the code you posted and the second method i suggested (attempt to fetch the row your existing query returns, since you want the data from any matching row) here's some untested (i didn't feel like setting up an obdc connection) code to try. $sql = "SELECT username FROM user_access WHERE username = '$username' AND password = '$password'"; $rs=odbc_exec($conn,$sql); if(!$rs){ // query failed with an error die("Query failed: $sql<br>Error: ".odbc_errormsg($conn)); } // query ran without any error if($row = odbc_fetch_array($rs)){ // the entered username and password match a user's row echo "You're in! Click here to enter the <a href='member.php'>Provider Database</a>"; $_SESSION['username']=$row['username']; } else { echo "Incorrect username or password!"; // but i won't tell you which } notes: 1) your query is testing the username and password values. if a row is found, there's no need for more logic to test the username and password again. 2) your code in a different thread is testing if the query produced any errors. you need to always do that to prevent the rest of your code from producing more errors and unexpected results when it tries to use the data from a query that failed due to an error. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.