Trium918 Posted April 20, 2007 Share Posted April 20, 2007 Problem: Implement a script that will log the user in to members.php. The database column are user_name and password. user_name = User1 password = great123 From some reason I am getting the // unsuccessful login else statement could someone explain to me what would cause this? <form method="post" action="member.php"> Username: <input class="post" type="text" name="user_name" /> Password: <input class="post" type="password" name="password" /> <input type=submit value=Login /> <?php session_start(); if ($_POST['user_name'] && $_POST['password']) // they have just tried logging in { if (login($user_name, $password)) { // if they are in the database register the user id $valid_user = $user_name; $_SESSION['valid_user'] = $valid_user; // instead of session_register("valid_user"); } else { // unsuccessful login do_html_header("Problem:"); echo "<p class='genmed'>You could not be logged in. You must be logged in to view this page.</p>"; do_html_url("index.php", "Login"); do_html_footer(); exit; } } ?> if (login($user_name, $password)) function <?php function login($user_name, $password) // check username and password with db // if yes, return true // else return false { // connect to db $conn = db_connect(); if (!$conn) return 0; // check if username is unique $result = mysql_query("select * from members_info where user_name='$user_name' and password = password('$password')"); if (!$result) return 0; if (mysql_num_rows($result)>0) return 1; else return 0; } ?> If successful display member content Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/ Share on other sites More sharing options...
Trium918 Posted April 20, 2007 Author Share Posted April 20, 2007 This function is returning zero. I donnot understand this because every is connected to the same database. <?php // check if username is unique $result = mysql_query("select * from members_info where user_name='$user_name' and password = password('$password')"); if (!$result)//why would this return zero? return 0; if (mysql_num_rows($result)>0) return 1; else return 0; ?> Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234362 Share on other sites More sharing options...
Trium918 Posted April 21, 2007 Author Share Posted April 21, 2007 Would someone take a look at code? Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234398 Share on other sites More sharing options...
MadTechie Posted April 21, 2007 Share Posted April 21, 2007 ok i'll point it out... try setting the varibles $user_name & $password also use isset quick update... <?php if (isset($_POST['user_name']) && isset($_POST['password'])) // they have just tried logging in { $user_name= $_POST['user_name']; $password = $_POST['password']; if (login($user_name, $password)) ?> **i only reviewed the start of the code *update is untested EDIT: Added <?php marks Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234412 Share on other sites More sharing options...
MadTechie Posted April 21, 2007 Share Posted April 21, 2007 oh as a side note, #1 password shoudn't be stored as clear text #2 that script is open to SQL injection Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234413 Share on other sites More sharing options...
Trium918 Posted April 21, 2007 Author Share Posted April 21, 2007 Thanks MadTechie, but I tried that. I have every variable initialized in another file. The problem is here inside the login()function, but I cannot figure it out. May you can. Its returning zero. I tested it by doing this if (login($user_name, $password ==0)) and it went through. <?php function login($user_name, $password) // check username and password with db // if yes, return true // else return false { // connect to db $conn = db_connect(); if (!$conn) return 0; // check if username is unique $result = mysql_query("select * from members_info where user_name='$user_name' and password = password('$password')"); if (!$result) return 0; if (mysql_num_rows($result)>0) return 1; else return 0; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234415 Share on other sites More sharing options...
Trium918 Posted April 21, 2007 Author Share Posted April 21, 2007 oh as a side note, #1 password shoudn't be stored as clear text #2 that script is open to SQL injection Point the script out please. Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234416 Share on other sites More sharing options...
MadTechie Posted April 21, 2007 Share Posted April 21, 2007 Try #1 append the echo and die; <?php <?php function login($user_name, $password) // check username and password with db // if yes, return true // else return false { // connect to db echo "$user_name - $password"; die; ?> Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234418 Share on other sites More sharing options...
Trium918 Posted April 21, 2007 Author Share Posted April 21, 2007 Try #1 append the echo and die; <?php <?php function login($user_name, $password) // check username and password with db // if yes, return true // else return false { // connect to db echo "$user_name - $password"; die; ?> I got User3 - 123456789 Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234421 Share on other sites More sharing options...
MadTechie Posted April 21, 2007 Share Posted April 21, 2007 ok remove the echo and die now (i have to ask) but the password in the database was written via the "Password" function in mysql ? i assume so.. ok now <?php print_r($result); die; if (!$result) return 0; ?> Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234424 Share on other sites More sharing options...
Trium918 Posted April 21, 2007 Author Share Posted April 21, 2007 ok remove the echo and die now (i have to ask) but the password in the database was written via the "Password" function in mysql ? i assume so.. ok now <?php print_r($result); die; if (!$result) return 0; ?> Result: Resource id #14 yes password('$password') Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234429 Share on other sites More sharing options...
chrisv Posted April 21, 2007 Share Posted April 21, 2007 Might be too simple, but if you have every variable defined in another file, are the variables declare global in the function scope for login()? UPDATE - Nevermind. It's late on a Friday, and I missed the function arguments. Chris Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234430 Share on other sites More sharing options...
MadTechie Posted April 21, 2007 Share Posted April 21, 2007 LOL you are not fetching the data try <?php $result = mysql_query("select * from members_info where user_name='$user_name' and password = password('$password')"); $row = mysql_fetch_array($result) or die(mysql_error()); print_r($row); ?> not sure how i missed that Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234433 Share on other sites More sharing options...
Trium918 Posted April 21, 2007 Author Share Posted April 21, 2007 LOL you are not fetching the data try <?php $result = mysql_query("select * from members_info where user_name='$user_name' and password = password('$password')"); $row = mysql_fetch_array($result) or die(mysql_error()); print_r($row); ?> not sure how i missed that Result = a blank screen Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234438 Share on other sites More sharing options...
MadTechie Posted April 21, 2007 Share Posted April 21, 2007 ??? erm you should get array() atleast! comment out the <?php // if (!$conn) // return 0; ?> Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234444 Share on other sites More sharing options...
Trium918 Posted April 21, 2007 Author Share Posted April 21, 2007 ??? erm you should get array() atleast! comment out the <?php // if (!$conn) // return 0; ?> <?php /* if (!$conn) return 0;*/ // and this /* $conn = db_connect(); if (!$conn) return 0;*/ ?> Result = blank screen That is what I donnot understand because I have another function that is unsing the same type of connection and it works. I not even getting an error from the mysql_error(). Wierd Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234447 Share on other sites More sharing options...
MadTechie Posted April 21, 2007 Share Posted April 21, 2007 ok from the top now of course add the USER, PASS, HOST & DATABASE <?php function login($user_name, $password) // check username and password with db // if yes, return true // else return false { // connect to db // $conn = db_connect(); $id = @mysql_pconnect("HOST", "USER", "PASS") or MySQL_ErrorMsg("Unable to connect to MySQL server"); @mysql_select_db("DATABASE", $id) or MySQL_ErrorMsg ("Unable to select database"); // check if username is unique $result = mysql_query("select * from members_info", $id) or MySQL_ErrorMsg ("Unable to perform query: $query"); $row = mysql_fetch_array($result,MYSQL_NUM) or die(mysql_error()); print_r($row); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234450 Share on other sites More sharing options...
Trium918 Posted April 21, 2007 Author Share Posted April 21, 2007 ok from the top now of course add the USER, PASS, HOST & DATABASE <?php function login($user_name, $password) // check username and password with db // if yes, return true // else return false { // connect to db // $conn = db_connect(); $id = @mysql_pconnect("localhost") or MySQL_ErrorMsg("Unable to connect to MySQL server"); @mysql_select_db("members_database", $id) or MySQL_ErrorMsg ("Unable to select database"); // check if username is unique $result = mysql_query("select * from members_info", $id) or MySQL_ErrorMsg ("Unable to perform query: $query"); $row = mysql_fetch_array($result,MYSQL_NUM) or die(mysql_error()); print_r($row); } ?> Result = Array ( [0] => 1 [1] => User1 [2] => First Name [3] => Last Name [4] => male [5] => 1 [6] => 1 [7] => 1985 [8] => 8645383378 [9] => [10] => 2007-04-20 17:17:11 [11] => 02e630bf4b772bf ) Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234455 Share on other sites More sharing options...
MadTechie Posted April 21, 2007 Share Posted April 21, 2007 Woohoo OK change <?php $result = mysql_query("select * from members_info", $id) or ?> to <?php $result = mysql_query("select * from members_info where user_name='$user_name' and password = password('$password')", $id) or ?> retest Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234458 Share on other sites More sharing options...
Trium918 Posted April 21, 2007 Author Share Posted April 21, 2007 Woohoo OK change <?php $result = mysql_query("select * from members_info", $id) or ?> to <?php $result = mysql_query("select * from members_info where user_name='$user_name' and password = password('$password')", $id) or ?> retest Result = echo "<p class='genmed'>You could not be logged in. You must be logged in to view this page.</p>"; <?php else { // unsuccessful login do_html_header("Problem:"); echo "<p class='genmed'>You could not be logged in. You must be logged in to view this page.</p>"; echo "<p class='genmed'> $user_name $password</p>"; do_html_url("index.php", "Login"); do_html_footer(); exit; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234460 Share on other sites More sharing options...
MadTechie Posted April 21, 2007 Share Posted April 21, 2007 OK almost done change <?php $row = mysql_fetch_array($result,MYSQL_NUM) or die(mysql_error()); //print_r($row); return (mysql_num_rows($result)>0); // <--Add this ?> Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234463 Share on other sites More sharing options...
Trium918 Posted April 21, 2007 Author Share Posted April 21, 2007 OK almost done change <?php $row = mysql_fetch_array($result,MYSQL_NUM) or die(mysql_error()); //print_r($row); return (mysql_num_rows($result)>0); // <--Add this ?> Same Result = echo "<p class='genmed'>You could not be logged in. You must be logged in to view this page.</p>"; Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234466 Share on other sites More sharing options...
MadTechie Posted April 21, 2007 Share Posted April 21, 2007 <?php $row = mysql_fetch_array($result,MYSQL_NUM) or die(mysql_error()); print_r($row); // <--Add back inn die; // <--Add return (mysql_num_rows($result)>0); // <--Add this ?> Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234468 Share on other sites More sharing options...
Trium918 Posted April 21, 2007 Author Share Posted April 21, 2007 Result = blank page again There is no data being pulled from the query. Do you agree? <?php // check if username is unique $result = mysql_query("select * from members_info where user_name='$user_name' and password = password('$password')", $id); ?> Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234471 Share on other sites More sharing options...
MadTechie Posted April 21, 2007 Share Posted April 21, 2007 i do.. #1 remove the "and password = password('$password')" #2 if #1 works check the entry in the database (try updating it) if not check the username i am signing out at it 4am and i need sleep good luck Quote Link to comment https://forums.phpfreaks.com/topic/47957-solved-help-debugging-this-login-script/#findComment-234477 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.