Login script failing to recognise username

[thamoomin]

Hi,

 

I've recently just restarted doing some web design, I've decided to learn some PHP and have set-up a LAMP set-up on my Ubuntu desktop. I'm trying to create a very basic login page, I have created the D/B in MySQL and created the forms to add users which is all working fine, I can query the D/B and see the list of users I have added. The next stage was to attempt the login page (please see below code), problem is, when I enter a correct username it is saying that it's invalid, I created a simple IF statement to check my query is returning a row but it's coming back blank, I appear to be connecting to the D/B with no problems. Can anyone recognise where I possibly could be going wrong? I have literally been sat looking at the same piece of code for over an hour and I can find nothing wrong ...... I have read about sanitizing the username field and I have tried mysqli_real_escape_string function also. I know the username is correct because it also echos out onto the screen along with a message about the D/B being connected.

 

Any help would be much appreciated.

 

Regards,

Ross

 

<html>
<head>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
</head>
<body>
<form action="loginpage.php" method="post">
Username: <input type="text" name="user">
Password: <input type="password" name="pass">
<input type="submit">
</form>
</html>
<?php
$username = "";
$password = "";
$errormess = "";

if($_SERVER['REQUEST_METHOD'] == 'POST') {
$myconn=mysqli_connect("***********","************,"************");
$mydb=mysqli_select_db($myconn,"myConferenceCalls");
  if($mydb) {
    echo "Connected to D/B";
    $username = $_POST['user'];
    $sql = "SELECT * FROM myUsers WHERE Username='$username'";
    $sqlresult = mysqli_query($sql);
    $valid = mysqli_num_rows($sqlresult);
    echo "$username";

    if($valid==1) {
      echo "Valid Username";
    } else {
      echo "Invalid Username";
    }
    mysqli_close($myconn);
  } else {
    echo "Could not connect to D/B";
    mysqli_close($myconn);
  }
}
?>
 

[cataiin]

try

<html>
<head>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
</head>
<body>
<form action="loginpage.php" method="post">
Username: <input type="text" name="user">
Password: <input type="password" name="pass">
<input type="submit">
</form>
</html>
<?php
$username = $_POST['user'];
$password = "";
$errormess = "";

if($_SERVER['REQUEST_METHOD'] == 'POST') {
$myconn=mysqli_connect("***********","************,"************");
$mydb=mysqli_select_db($myconn,"myConferenceCalls");
  if($mydb) {
    echo "Connected to D/B";
    $sql = "SELECT * FROM myUsers WHERE Username='$username'";
    $sqlresult = mysqli_query($sql);
    $valid = mysqli_num_rows($sqlresult);
    echo "$username";

    if($valid==1) {
      echo "Valid Username";
    } else {
      echo "Invalid Username";
    }
    mysqli_close($myconn);
  } else {
    echo "Could not connect to D/B";
    mysqli_close($myconn);
  }
}
?>

Your code is a little odd.

[thamoomin]

Sorry no luck cataiin, I've just tested the query itself and it's coming back false :S I have tried the query on command line though and it's fine so not sure what's going on ....

[fastsol]

Pretty sure you need to put the db link in the first parameter of the query call

 $sqlresult = mysqli_query($mydb, $sql);

Or maybe

 $sqlresult = mysqli_query($myconn, $sql);

[thamoomin]

 

Pretty sure you need to put the db link in the first parameter of the query call

 $sqlresult = mysqli_query($mydb, $sql);

Or maybe

 $sqlresult = mysqli_query($myconn, $sql);

 

Omg that's it thanks a bunch, now I know why I quit programming for infrastructure haha.

 

Problem is, I have just gone over the examples I have followed and nobody else has done that, I must be missing something further up in the code