Foser Posted June 22, 2007 Share Posted June 22, 2007 <?php include("config.php"); $user = $_POST['user']; $pw = md5(sha1(md5(md5($_POST['pw'])))); mysql_fetch_assoc(mysql_query("SELECT password FROM user_info WHERE username = $user")); if ($pw == $user_info['password']){ mysql_fetch_assoc(mysql_query("SELECT rights FROM user_info WHERE username = $user")); echo "You are now logged in as a $user_info['rights']."; } // this is line 11 else { echo "You have typed in an incorrect password or/and username. Please try again."; } ?> The error I get is : Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\WAMP\www\Tutorials\PHP_MYSQL\Simple_MySQL\Login\login.php on line 11 thanks, im not sure if i am doing the mysql fetch assoc correctly. Quote Link to comment Share on other sites More sharing options...
suma237 Posted June 22, 2007 Share Posted June 22, 2007 Try this Line 11:echo "You are now logged in as a $user_info[rights]."; Quote Link to comment Share on other sites More sharing options...
Foser Posted June 22, 2007 Author Share Posted June 22, 2007 Ok i've done that but now I get Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\WAMP\www\Tutorials\PHP_MYSQL\Simple_MySQL\Login\login.php on line 7 also I have typed in correct password and user, and it says under the error that my info is not correct. Quote Link to comment Share on other sites More sharing options...
suma237 Posted June 22, 2007 Share Posted June 22, 2007 you can use fetcharray & while loop instead of mysql_fetch_assoc. Quote Link to comment Share on other sites More sharing options...
Foser Posted June 22, 2007 Author Share Posted June 22, 2007 how will i know which one is [1] or which one is [0] and so on? Quote Link to comment Share on other sites More sharing options...
Foser Posted June 22, 2007 Author Share Posted June 22, 2007 I have modiied asp_tags to on in my php.ini, but still has the same problem. Quote Link to comment Share on other sites More sharing options...
Illusion Posted June 22, 2007 Share Posted June 22, 2007 mysql_fetch_assoc(mysql_query("SELECT password FROM user_info WHERE username = $user")); mysql_fetch_assoc(mysql_query("SELECT rights FROM user_info WHERE username = $user")); Replace with mysql_fetch_assoc(mysql_query("SELECT password FROM user_info WHERE username = '$user'")); mysql_fetch_assoc(mysql_query("SELECT rights FROM user_info WHERE username = '$user'")); better you use die() wherever it is appropriate. Quote Link to comment Share on other sites More sharing options...
Foser Posted June 22, 2007 Author Share Posted June 22, 2007 awesome works thanks a lot illusion. Now my issue is that it says my account info is not good, when it is correct... Quote Link to comment Share on other sites More sharing options...
Illusion Posted June 22, 2007 Share Posted June 22, 2007 Now my issue is that it says my account info is not good, when it is correct... I didn't get you. Can you be more specific. Quote Link to comment Share on other sites More sharing options...
Foser Posted June 22, 2007 Author Share Posted June 22, 2007 Well, Let say I register the name "Dog" as username and "test" as my password for example, i will try to log in with this information and it will not work. Quote Link to comment Share on other sites More sharing options...
Illusion Posted June 22, 2007 Share Posted June 22, 2007 It all depends on how you entered the password in the database table. Here you have used encryption functions on password. Did you used the same while entering into the database. Quote Link to comment Share on other sites More sharing options...
Foser Posted June 22, 2007 Author Share Posted June 22, 2007 Yes I have here is my registration code. <?php require("config.php"); //user data $username = mysql_real_escape_string($_POST['username']); $email = mysql_real_escape_string($_POST['mail']); $password = md5(sha1(md5(md5($_POST['pw'])))); $rights = "user"; $check_user = mysql_query("SELECT user FROM user_info WHERE user = '$username'"); $check_email = mysql_query("SELECT email FROM user_info WHERE email = '$email'"); if ($username > 0 ) { echo "This username has already been taken.<br>";} if ($email > 0 ){ echo "This E-mail has already been registered.<br>.";} else { $qu = "INSERT INTO user_info (username, email, password, rights) VALUES('$username', '$email', '$password', '$rights')"; mysql_query($qu); echo "You are now registered, you may now login.<br>"; echo "<a href=\"index.php\">Click Here To Go To The Login Page </a>"; } ?> Quote Link to comment Share on other sites More sharing options...
Foser Posted June 22, 2007 Author Share Posted June 22, 2007 can it be because I put the mysql_real_escape_string()? Quote Link to comment Share on other sites More sharing options...
Foser Posted June 22, 2007 Author Share Posted June 22, 2007 I checked with mysql_real_escape_string() and still does not work! Ill put both scripts in one page <?php // registration require("config.php"); //user data $username = mysql_real_escape_string($_POST['username']); $email = mysql_real_escape_string($_POST['mail']); $password = md5(sha1(md5(md5($_POST['pw'])))); $rights = "user"; $check_user = mysql_query("SELECT user FROM user_info WHERE user = '$username'"); $check_email = mysql_query("SELECT email FROM user_info WHERE email = '$email'"); if ($username > 0 ) { echo "This username has already been taken.<br>";} if ($email > 0 ){ echo "This E-mail has already been registered.<br>.";} else { $qu = "INSERT INTO user_info (username, email, password, rights) VALUES('$username', '$email', '$password', '$rights')"; mysql_query($qu); echo "You are now registered, you may now login.<br>"; echo "<a href=\"index.php\">Click Here To Go To The Login Page </a>"; } ?> //login <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); mysql_fetch_assoc(mysql_query("SELECT password FROM user_info WHERE username = '$user'")) or die(mysql_error()); if ($pw == $user_info['password']){ mysql_fetch_assoc(mysql_query("SELECT rights FROM user_info WHERE username = '$user'")); echo "You are now logged in as a $user_info[rights]."; } else { echo "You have typed in an incorrect password or/and username. Please try again."; } ?> Quote Link to comment Share on other sites More sharing options...
Foser Posted June 23, 2007 Author Share Posted June 23, 2007 I checked with mysql_real_escape_string() and still does not work! Ill put both scripts in one page <?php // registration require("config.php"); //user data $username = mysql_real_escape_string($_POST['username']); $email = mysql_real_escape_string($_POST['mail']); $password = md5(sha1(md5(md5($_POST['pw'])))); $rights = "user"; $check_user = mysql_query("SELECT user FROM user_info WHERE user = '$username'"); $check_email = mysql_query("SELECT email FROM user_info WHERE email = '$email'"); if ($username > 0 ) { echo "This username has already been taken.<br>";} if ($email > 0 ){ echo "This E-mail has already been registered.<br>.";} else { $qu = "INSERT INTO user_info (username, email, password, rights) VALUES('$username', '$email', '$password', '$rights')"; mysql_query($qu); echo "You are now registered, you may now login.<br>"; echo "<a href=\"index.php\">Click Here To Go To The Login Page </a>"; } ?> //login <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); mysql_fetch_assoc(mysql_query("SELECT password FROM user_info WHERE username = '$user'")) or die(mysql_error()); if ($pw == $user_info['password']){ mysql_fetch_assoc(mysql_query("SELECT rights FROM user_info WHERE username = '$user'")); echo "You are now logged in as a $user_info[rights]."; } else { echo "You have typed in an incorrect password or/and username. Please try again."; } ?> bump Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted June 23, 2007 Share Posted June 23, 2007 It means u wana say that u still cannot login to ur system using correct password and username. Am i right to get ur point. Quote Link to comment Share on other sites More sharing options...
DanDaBeginner Posted June 23, 2007 Share Posted June 23, 2007 try to echo the $pw after logging in and see the data in your dbase and check if they are the same - what was the data type of your password in your table? Quote Link to comment Share on other sites More sharing options...
Foser Posted June 23, 2007 Author Share Posted June 23, 2007 my password was put to varchar Quote Link to comment Share on other sites More sharing options...
Foser Posted June 23, 2007 Author Share Posted June 23, 2007 It means u wana say that u still cannot login to ur system using correct password and username. Am i right to get ur point. and yes, i am logging in wit the correct data and still execute the else statement not the if. Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted June 23, 2007 Share Posted June 23, 2007 When u try to login with correct username and password what msg u get. Quote Link to comment Share on other sites More sharing options...
Foser Posted June 23, 2007 Author Share Posted June 23, 2007 I get my else statement. //login <?php require("config.php"); $user = mysql_real_escape_string($_POST['user']); $pw = md5(sha1(md5(md5($_POST['pw'])))); mysql_fetch_assoc(mysql_query("SELECT password FROM user_info WHERE username = '$user'")) or die(mysql_error()); if ($pw == $user_info['password']){ mysql_fetch_assoc(mysql_query("SELECT rights FROM user_info WHERE username = '$user'")); echo "You are now logged in as a $user_info[rights]."; } else { echo "You have typed in an incorrect password or/and username. Please try again."; } ?> I get: You have typed in an incorrect password or/and username. Please try again. Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted June 23, 2007 Share Posted June 23, 2007 $pw = md5(sha1(md5(md5($_POST['pw'])))); R u save ur pass order in this way. Check ur code where u register a user. Quote Link to comment Share on other sites More sharing options...
Foser Posted June 23, 2007 Author Share Posted June 23, 2007 <?php // registration require("config.php"); //user data $username = mysql_real_escape_string($_POST['username']); $email = mysql_real_escape_string($_POST['mail']); $password = md5(sha1(md5(md5($_POST['pw'])))); $rights = "user"; $check_user = mysql_query("SELECT user FROM user_info WHERE user = '$username'"); $check_email = mysql_query("SELECT email FROM user_info WHERE email = '$email'"); if ($username > 0 ) { echo "This username has already been taken.<br>";} if ($email > 0 ){ echo "This E-mail has already been registered.<br>.";} else { $qu = "INSERT INTO user_info (username, email, password, rights) VALUES('$username', '$email', '$password', '$rights')"; mysql_query($qu); echo "You are now registered, you may now login.<br>"; echo "<a href=\"index.php\">Click Here To Go To The Login Page </a>"; } ?> This is my registration code...I believe it is suited for the login too. Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted June 23, 2007 Share Posted June 23, 2007 try this query in ur login script. ("SELECT md5(sha1(md5(md5(password))) FROM user_info WHERE username = '$user'") Quote Link to comment Share on other sites More sharing options...
Foser Posted June 23, 2007 Author Share Posted June 23, 2007 nop, I still have the same problem after applying that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.