simcoweb Posted June 19, 2007 Share Posted June 19, 2007 I'm using a simple 2 field form 'Username' and 'Password' and 'submitted'. It's checking against the database for existence, etc. etc. but nothing happens. Even with the errors. If I submit leaving the fields blank the errors don't display. It just refreshes the page. Hmmm. Code: <?php session_start(); // Seattle Viet Homes customer login include 'db_config.php'; // check for form submission if (isset($_POST['submitted'])) { $errors = array(); if (empty($_POST['Username']) || empty($_POST['Password'])) { $errors[] = "<h3>Error!</h3><p><font face='Verdana' size='2'>You must complete the username and password fields. Please try again"; } else { $username = mysql_real_escape_string($_POST['Username']); $password = md5($_POST['Password']); // validate username and password against the database $sql = "SELECT FROM users WHERE username = '$username' AND password ='$password' "; $results = mysql_query($sql) or die(mysql_error()); if($results == 1) { $_SESSION['searchlog'] = $_POST['searchlog']; header("Location: search.php"); exit; } else { $errors[] = "<h3>Error!</h3><p><font face='Verdana' size='2'>Your username and password did not match our database. Please check your username and password you have on file and try again.<p><a href='login.htm'>Click Here</a> to return to the login page."; } } } ?> Form code: <fieldset><legend>Customer Login</legend> <form method="POST" action="<?php $_SERVER['PHP_SELF']; ?>" name="searchlog"> <span lang="en-us"> </span> <input type="text" name="Username" size="16" value="" style="border: 1px solid #666666; padding: 2px"><br> <span lang="en-us"> </span> <input name="Password" size="16" value="" style="border: 1px solid #000000; padding: 2px"> <br> <span lang="en-us"> </span> <input border="0" src="images/login.gif" name="submitted" width="40" height="16" type="image"> <br> <input type="hidden" name="searchlog" value="searchlog"> <font face="Verdana" size="1"><span lang="en-us"> </span>Not registered? <a href="register.php">Click here!</a></font> </form> </fieldset> Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted June 19, 2007 Share Posted June 19, 2007 Whats the error you get? Quote Link to comment Share on other sites More sharing options...
lewis987 Posted June 19, 2007 Share Posted June 19, 2007 well, i got an error, but thats because i tested it on my test server and the only thing i edited was from an image to a submit type button, and it works, other changes were minor... this is the code ive got: <?php session_start(); // Seattle Viet Homes customer login mysql_connect('xxxx','xxxx','xxxx'); mysql_select_db('xxxx'); // check for form submission if (isset($_POST['submit'])) { $errors = array(); if (empty($_POST['Username']) || empty($_POST['Password'])) { $errors[] = "<h3>Error!</h3><p><font face='Verdana' size='2'>You must complete the username and password fields. Please try again"; } else { $username = mysql_real_escape_string($_POST['Username']); $password = md5($_POST['Password']); // validate username and password against the database $sql = "SELECT FROM users WHERE username = '$username' AND password ='$password' "; $results = mysql_query($sql) or die(mysql_error()); if($results == 1) { $_SESSION['searchlog'] = $_POST['searchlog']; header("Location: search.php"); exit; } else { $errors[] = "<h3>Error!</h3><p><font face='Verdana' size='2'>Your username and password did not match our database. Please check your username and password you have on file and try again.<p><a href='login.htm'>Click Here</a> to return to the login page."; } } } ?> Form: <form method="POST" action="<?php $_SERVER['PHP_SELF']; ?>" name="searchlog"> <span lang="en-us"> </span> <input type="text" name="Username" size="16" value="" style="border: 1px solid #666666; padding: 2px"><br> <span lang="en-us"> </span> <input name="Password" size="16" value="" style="border: 1px solid #000000; padding: 2px"> <br> <span lang="en-us"> </span> <input name="submit" type="submit" value="Login"> <br> <input type="hidden" name="searchlog" value="searchlog"> <font face="Verdana" size="1"><span lang="en-us"> </span>Not registered? <a href="register.php">Click here!</a></font> </form> Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted June 19, 2007 Share Posted June 19, 2007 Try replacing this line: if($results == 1) { With this: if(mysql_num_rows($results) > 0) { It sounds like the IF statement isn't executing. That may not work....but it's worth a try. Quote Link to comment Share on other sites More sharing options...
thefortrees Posted June 19, 2007 Share Posted June 19, 2007 I was having the same problem a month ago when I first started learning PHP. I spent a lot of time trying to figure out what the issue was - I had the form processed by a separate script to fix the issue. Don't know why that worked, but it did. Quote Link to comment Share on other sites More sharing options...
simcoweb Posted June 19, 2007 Author Share Posted June 19, 2007 Well ain't that a hummer. I took your image idea there, lewis987, and now at least I get an error. Before I got nothing. The error is a MySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM users WHERE username = 'barfbag' AND password ='ea02465f625de29a9dfb11f1b3e' at line 1 the password is MD5 encoded as you probably noticed. Not sure what would be causing this error unless I have to reference the password field also as MD5 in the query. Anyone? On the image issue, I seem to now recall that you have to name the image something special in order for it to work. Anyone have some info on that? Quote Link to comment Share on other sites More sharing options...
lewis987 Posted June 19, 2007 Share Posted June 19, 2007 well its meant to SELECT * FROM.... in the query but i cant ind the error anywhere Quote Link to comment Share on other sites More sharing options...
chocopi Posted June 19, 2007 Share Posted June 19, 2007 try this $sql = "SELECT * FROM `users` WHERE username='$username' AND password='$password'"; Hope it helps ~ Chocopi Quote Link to comment Share on other sites More sharing options...
simcoweb Posted June 19, 2007 Author Share Posted June 19, 2007 Heh... one silly * missing. Didn't notice it Well, that's why I have all you guys and your eyes! Now I just have to figure out why it's not recognizing the username/password that I know is in there. Probably something with the MD5 encryption where i'm not checking it right. Quote Link to comment Share on other sites More sharing options...
simcoweb Posted June 19, 2007 Author Share Posted June 19, 2007 Ok, fixed the code for the login form in regards to the errors in the mysql query. Now, new issue. It's not recognizing the username/password combo generated by the registration form. I'm pretty sure it has something to do with how it's creating and handling the MD5 password. Not 100% on that but seems to be the place to look since I don't see how it can't match up with an unencrypted username. Here's the code from the 'register' script that generates the MD5 and insertion: // if no errors if (empty($errors)) { // create random activation code $a = md5(uniqid(rand(), true)); $date = date("F j, Y, g:i a"); $firstname = mysql_real_escape_string($_POST['First_Name']); $lastname = mysql_real_escape_string($_POST['Last_Name']); $sell = mysql_real_escape_string($_POST['Need_to_sell']); $preapproval = mysql_real_escape_string($_POST['Preapproval']); $have = mysql_real_escape_string($_POST['Have_Realtor']); $contact = mysql_real_escape_string($_POST['Contact']); $current = mysql_real_escape_string($_POST['Current_Realtor']); $when = mysql_real_escape_string($_POST['How_soon']); // run query to insert data $query = "INSERT INTO users (First_Name, Last_Name, Email, Username, Password, Phone, Zip, Need_to_sell, Preapproval, Have_Realtor, Contact, Current_Realtor, How_soon, active, date) VALUES ('$firstname', '$lastname', '$email', '$username', SHA('$password'), '$phone', '$zip', '$sell', '$preapproval', '$have', '$contact', '$current', '$when', '$a', '$date')"; // check results $result = mysql_query($query) or die(mysql_error()); Here's the login query to match it: // check for form submission if (isset($_POST['submitted'])) { $errors = array(); if (empty($_POST['Username']) || empty($_POST['Password'])) { $errors[] = "<h3>Error!</h3><p><font face='Verdana' size='2'>You must complete the username and password fields. Please try again"; } else { $username = mysql_real_escape_string($_POST['Username']); $password = md5($_POST['Password']); // validate username and password against the database $sql = "SELECT * FROM users WHERE Username = '$username' AND Password ='$password' AND status='1' "; $results = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($results) > 0) { $_SESSION['searchlog'] = $_POST['searchlog']; header("Location: search.php"); exit; } else { $errors[] = "<h3>Error!</h3><p><font face='Verdana' size='2'>An error has occurred for one of the following reasons:<p>Your username and password did not match our database. Please check your username and password you have on file and try again.<p>You have not activated your account. An email was sent to you when you registered that requires you to click on an enclosed link to validate your email address and registration. Check your email and follow the instructions. In some cases this email may be diverted to your spam or junk box by accident."; } } } Quote Link to comment Share on other sites More sharing options...
chocopi Posted June 19, 2007 Share Posted June 19, 2007 where is your $username and $password on your register page ? Quote Link to comment Share on other sites More sharing options...
simcoweb Posted June 19, 2007 Author Share Posted June 19, 2007 I didn't post that part as it's a piece of the overall error checking. Here it is: if (isset($_POST['submitted'])) { $errors = array(); require_once ('db_config.php'); // validate first and last name fields are completed // run validation for username if (eregi('^[[:alnum:]\.\'\-]{4,30}$', stripslashes(trim($_POST['Username']))) ) { $user = mysql_real_escape_string($_POST['Username']); $query = "SELECT Username FROM users WHERE Username = '$user'"; $result = @mysql_query($query); $num = @mysql_num_rows($result); if ($num> 0) { $errors[] = '<font color="red">The username you have chosen has already been taken, please try again.</font>'; } else { $username = mysql_real_escape_string($_POST['Username']); } } else { $errors[] = '<font color="red">Please provide a valid username between 4 and 30 characters.</font>'; } // validate password if (!empty($_POST['Password1'])) { if ($_POST['Password1'] != $_POST['Password2']) { $errors[] = '<font color="red">The 2 passwords you have entered do not match.</font>'; } else { $password = $_POST['Password1']; } } else { $errors[] = '<font color="red">Please provide a password.</font>'; } // check to make sure email is valid format if (!eregi('^[a-zA-Z]+[a-zA-Z0-9_-]*@([a-zA-Z0-9]+){1}(\.[a-zA-Z0-9]+){1,4}', stripslashes(trim($_POST['Email'])) )) { $errors[] = '<font color="red">Please provide a valid email address.</font>'; } else { $email = mysql_real_escape_string($_POST['Email']); } // check other required fields if (empty($_POST['Email']) || empty($_POST['Phone']) || empty($_POST['Zip'])) { $errors[] = '<font color="red">Your email address, phone number and zip code are required. Please complete those fields and re-submit.'; } else { $phone = mysql_real_escape_string($_POST['Phone']); $zip = mysql_real_escape_string($_POST['Zip']); } Quote Link to comment Share on other sites More sharing options...
simcoweb Posted June 20, 2007 Author Share Posted June 20, 2007 Still looking for an answer to this riddle Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.