DaveLinger Posted June 29, 2007 Share Posted June 29, 2007 $query="SELECT * FROM users WHERE username = '$username'"; $result = mysql_query($query); if(mysql_num_rows($result) < 1){echo "<p style=\"color:red\">Incorrect Email/Password Combination.</p>";}else{ while($row = mysql_fetch_array($result)){ if(md5($password) == $row['password']){ $_SESSION['uid'] = $row['uid']; $_SESSION['username'] = $row['username']; $_SESSION['password'] = $row['password']; $_SESSION['email'] = $row['email']; $_SESSION['ip'] = $row['ip']; echo "<br /><p style=\"color:green\">Login successful.</p>"; }else{echo "<p style=\"color:red\">Incorrect Email/Password Combination.</p>";} } session_start() and sql connection are done before this code. SQL query does work - but now if after login I try to retrieve these variables, they aren't there. Quote Link to comment Share on other sites More sharing options...
bbaker Posted June 29, 2007 Share Posted June 29, 2007 is session_start() at the beginning of all pages? Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted June 29, 2007 Author Share Posted June 29, 2007 is session_start() at the beginning of all pages? Yes, it's in my config file which is loaded on all pages. Quote Link to comment Share on other sites More sharing options...
Yesideez Posted June 29, 2007 Share Posted June 29, 2007 Might be an idea to check that anything is beng pulled from the database by echo'ing them to the browser. If nothing is being pulled then not session variables are being set! Also, if you're pulling empty data from the database then the session variables are being set to nothing. Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted June 29, 2007 Author Share Posted June 29, 2007 Okay I just checked and echoed all of my "$row['']" values, and they are all working fine. I even added an extra session_start() right before just in case, but no luck. Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted June 29, 2007 Author Share Posted June 29, 2007 here's the whole page code: <?php include('includes/header.php'); $username = $_POST['username']; $password = $_POST['password']; if(isset($_POST['username']) || isset($_POST['password'])){ if (!$link = mysql_connect($sqlserver, $sqluser, $sqlpassword)) { echo 'Could not connect to mysql'; exit; } if (!mysql_select_db($sqldb, $link)) { echo 'Could not select database'; exit; } $query="SELECT * FROM users WHERE username = '$username'"; $result = mysql_query($query); if(mysql_num_rows($result) < 1){echo "<p style=\"color:red\">Incorrect Email/Password Combination.</p>";}else{ while($row = mysql_fetch_array($result)){ if(md5($password) == $row['password']){ $_SESSION['uid'] = $row['uid']; $_SESSION['username'] = $row['username']; $_SESSION['password'] = $row['password']; $_SESSION['email'] = $row['email']; $_SESSION['ip'] = $row['ip']; echo "<br /><p style=\"color:green\">Login successful.</p>"; }else{echo "<p style=\"color:red\">Incorrect Email/Password Combination.</p>";} } } } if($_GET['logout'] == "true"){ session_destroy(); echo "<p>Logged Out.</p>"; } echo " <h2>Login</h2> <form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\"> <p>Username:<br /><input type=\"text\" name=\"username\" size=\"30\" /></p> <p>Password:<br /><input type=\"password\" name=\"password\" size=\"30\" /></p> <p><input type=\"submit\" value=\"Log In\" /></p> </form> "; include('includes/footer.php'); ?> Quote Link to comment Share on other sites More sharing options...
tauchai83 Posted June 29, 2007 Share Posted June 29, 2007 how about the session data? is it working now? I went through your code and so far couldn't find what's wrong. maybe the MD5 if (md5....) this make your coding not work. Quote Link to comment Share on other sites More sharing options...
micah1701 Posted June 29, 2007 Share Posted June 29, 2007 do you have cookies turned on in your browser? (i know, dumb question, but i had to ask) have you tested to see if session work at all? page1.php <?php session_start(); $_SESSION['test'] = "it works"; ?> page2.php <?php session_start(); echo $_SESSION['test']; ?> Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted June 29, 2007 Author Share Posted June 29, 2007 Yes, I've tested that sessions work on other areas of my site, and it can't be the if(md5($password) == $row['password']) code, because that part IS working. If the password I enter IS the same as in the DB, it says Login successful, and if I enter the wrong password, it says invalid. Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted June 29, 2007 Author Share Posted June 29, 2007 Still not working. Quote Link to comment Share on other sites More sharing options...
per1os Posted June 29, 2007 Share Posted June 29, 2007 http://us2.php.net/manual/en/function.session-write-close.php http://us2.php.net/manual/en/function.session-commit.php Try one of those after you define your session variables. Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted June 29, 2007 Author Share Posted June 29, 2007 same http://us2.php.net/manual/en/function.session-write-close.php http://us2.php.net/manual/en/function.session-commit.php Try one of those after you define your session variables. Same result. Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted June 29, 2007 Author Share Posted June 29, 2007 Still not working. I found out that if I change the session code to: $_SESSION['uid'] = "test"; $_SESSION['username'] = "test"; $_SESSION['password'] = "test"; $_SESSION['email'] = "test"; $_SESSION['ip'] = "test"; It works, but if I have even one variable being set with $row[''], NO session variables are set. Quote Link to comment Share on other sites More sharing options...
per1os Posted June 29, 2007 Share Posted June 29, 2007 Alright here is a shot in the dark, if your query should only return 1 row why put it into a while loop? This could be where the issue comes into play. <?php include('includes/header.php'); $username = $_POST['username']; $password = $_POST['password']; if(isset($_POST['username']) || isset($_POST['password'])){ if (!$link = mysql_connect($sqlserver, $sqluser, $sqlpassword)) { echo 'Could not connect to mysql'; exit; } if (!mysql_select_db($sqldb, $link)) { echo 'Could not select database'; exit; } $query="SELECT * FROM users WHERE username = '$username'"; $result = mysql_query($query); if(mysql_num_rows($result) < 1){echo "<p style=\"color:red\">Incorrect Email/Password Combination.</p>";}else{ $row = mysql_fetch_array($result); if(md5($password) == $row['password']){ $_SESSION['uid'] = $row['uid']; $_SESSION['username'] = $row['username']; $_SESSION['password'] = $row['password']; $_SESSION['email'] = $row['email']; $_SESSION['ip'] = $row['ip']; echo "<br /><p style=\"color:green\">Login successful.</p>"; }else{echo "<p style=\"color:red\">Incorrect Email/Password Combination.</p>";} } } if($_GET['logout'] == "true"){ session_destroy(); echo "<p>Logged Out.</p>"; } echo " <h2>Login</h2> <form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\"> <p>Username:<br /><input type=\"text\" name=\"username\" size=\"30\" /></p> <p>Password:<br /><input type=\"password\" name=\"password\" size=\"30\" /></p> <p><input type=\"submit\" value=\"Log In\" /></p> </form> "; include('includes/footer.php'); ?> As long as usernames are unique, there is no need for the while, and it could be overriding the good setting. Try that. Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted June 30, 2007 Author Share Posted June 30, 2007 Alright here is a shot in the dark, if your query should only return 1 row why put it into a while loop? This could be where the issue comes into play. <?php include('includes/header.php'); $username = $_POST['username']; $password = $_POST['password']; if(isset($_POST['username']) || isset($_POST['password'])){ if (!$link = mysql_connect($sqlserver, $sqluser, $sqlpassword)) { echo 'Could not connect to mysql'; exit; } if (!mysql_select_db($sqldb, $link)) { echo 'Could not select database'; exit; } $query="SELECT * FROM users WHERE username = '$username'"; $result = mysql_query($query); if(mysql_num_rows($result) < 1){echo "<p style=\"color:red\">Incorrect Email/Password Combination.</p>";}else{ $row = mysql_fetch_array($result); if(md5($password) == $row['password']){ $_SESSION['uid'] = $row['uid']; $_SESSION['username'] = $row['username']; $_SESSION['password'] = $row['password']; $_SESSION['email'] = $row['email']; $_SESSION['ip'] = $row['ip']; echo "<br /><p style=\"color:green\">Login successful.</p>"; }else{echo "<p style=\"color:red\">Incorrect Email/Password Combination.</p>";} } } if($_GET['logout'] == "true"){ session_destroy(); echo "<p>Logged Out.</p>"; } echo " <h2>Login</h2> <form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\"> <p>Username:<br /><input type=\"text\" name=\"username\" size=\"30\" /></p> <p>Password:<br /><input type=\"password\" name=\"password\" size=\"30\" /></p> <p><input type=\"submit\" value=\"Log In\" /></p> </form> "; include('includes/footer.php'); ?> As long as usernames are unique, there is no need for the while, and it could be overriding the good setting. Try that. Same result. Thanks for the effort. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted June 30, 2007 Share Posted June 30, 2007 I just saw this thread, so here's my suggestion... Simplify the code some more by adding the password check onto the query. I would also use the function mysql_fetch_assoc() instead of mysql_fetch_array(). <?php include('includes/header.php'); $username = $_POST['username']; $password = $_POST['password']; if(isset($_POST['username']) || isset($_POST['password'])){ if (!$link = mysql_connect($sqlserver, $sqluser, $sqlpassword)) { echo 'Could not connect to mysql'; exit; } if (!mysql_select_db($sqldb, $link)) { echo 'Could not select database'; exit; } $query="SELECT * FROM users WHERE username = '$username' and `password` = '" . md5($password) . "'"; $result = mysql_query($query) or die ("Problem with the query <pre>$query</pre><br>" . mysql_error()); if(mysql_num_rows($result) < 1) echo '<p style="color:red">Incorrect Email/Password Combination.</p>'; else { $row = mysql_fetch_assoc($result); $_SESSION['uid'] = $row['uid']; $_SESSION['username'] = $row['username']; $_SESSION['password'] = $row['password']; $_SESSION['email'] = $row['email']; $_SESSION['ip'] = $row['ip']; echo '<br /><p style="color:green">Login successful.</p>'; } if($_GET['logout'] == "true"){ session_destroy(); echo "<p>Logged Out.</p>"; } } echo " <h2>Login</h2> <form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\"> <p>Username:<br /><input type=\"text\" name=\"username\" size=\"30\" /></p> <p>Password:<br /><input type=\"password\" name=\"password\" size=\"30\" /></p> <p><input type=\"submit\" value=\"Log In\" /></p> </form> "; include('includes/footer.php'); ?> Note: I may have deleted one too many curly brackets... BTW, indentation of your code can be very helpful for finding errors. Ken Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted June 30, 2007 Author Share Posted June 30, 2007 I just saw this thread, so here's my suggestion... Simplify the code some more by adding the password check onto the query. I would also use the function mysql_fetch_assoc() instead of mysql_fetch_array(). <?php include('includes/header.php'); $username = $_POST['username']; $password = $_POST['password']; if(isset($_POST['username']) || isset($_POST['password'])){ if (!$link = mysql_connect($sqlserver, $sqluser, $sqlpassword)) { echo 'Could not connect to mysql'; exit; } if (!mysql_select_db($sqldb, $link)) { echo 'Could not select database'; exit; } $query="SELECT * FROM users WHERE username = '$username' and `password` = '" . md5($password) . "'"; $result = mysql_query($query) or die ("Problem with the query <pre>$query</pre><br>" . mysql_error()); if(mysql_num_rows($result) < 1) echo '<p style="color:red">Incorrect Email/Password Combination.</p>'; else { $row = mysql_fetch_assoc($result); $_SESSION['uid'] = $row['uid']; $_SESSION['username'] = $row['username']; $_SESSION['password'] = $row['password']; $_SESSION['email'] = $row['email']; $_SESSION['ip'] = $row['ip']; echo '<br /><p style="color:green">Login successful.</p>'; } if($_GET['logout'] == "true"){ session_destroy(); echo "<p>Logged Out.</p>"; } } echo " <h2>Login</h2> <form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\"> <p>Username:<br /><input type=\"text\" name=\"username\" size=\"30\" /></p> <p>Password:<br /><input type=\"password\" name=\"password\" size=\"30\" /></p> <p><input type=\"submit\" value=\"Log In\" /></p> </form> "; include('includes/footer.php'); ?> Note: I may have deleted one too many curly brackets... BTW, indentation of your code can be very helpful for finding errors. Ken Still does not work. If anyone would like to give this a try on their own server, here's the contents of config.php: <?php $absurl = "http://pizza.davelinger.com/"; $sitename = "Pizza Review"; $sqlserver = "localhost"; $sqluser = "my sql username"; $sqlpassword = "my sql password"; $sqldb = "my sql db"; session_start(); ?> and the db is just: id (int(11) auto increment) username (text) password (text) email (text) regdate (date) ip (text) Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted July 1, 2007 Author Share Posted July 1, 2007 still doesn't work Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted July 1, 2007 Author Share Posted July 1, 2007 Come on surely someone can test this on their own server and see what happens? Does anyone else have experience with session variables? Quote Link to comment Share on other sites More sharing options...
teng84 Posted July 1, 2007 Share Posted July 1, 2007 <?php session_start(); include('includes/header.php'); $username = $_POST['username']; $password = $_POST['password']; if(isset($_POST['username']) && isset($_POST['password'])){ if (!mysql_connect($sqlserver, $sqluser, $sqlpassword)) { echo 'Could not connect to mysql'; exit; } if (!mysql_select_db($sqldb, $link)) { echo 'Could not select database'; exit; } $query="SELECT * FROM users WHERE username = '".$username."' and password = '" . md5($password) . "'"; $result = mysql_query($query) or die ("Problem with the query <pre>$query</pre><br>" . mysql_error()); if(mysql_num_rows($result) <= 0){ echo '<p style="color:red">Incorrect Email/Password Combination.</p>'; } else { $row = mysql_fetch_assoc($result); $_SESSION['uid'] = $row['uid']; $_SESSION['username'] = $row['username']; $_SESSION['password'] = $row['password']; $_SESSION['email'] = $row['email']; $_SESSION['ip'] = $row['ip']; echo '<br /><p style="color:green">Login successful.</p>'; } if($_GET['logout'] != " "){ session_destroy(); echo "<p>Logged Out.</p>"; } } echo " <h2>Login</h2> <form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\"> <p>Username:<br /><input type=\"text\" name=\"username\" size=\"30\" /></p> <p>Password:<br /><input type=\"password\" name=\"password\" size=\"30\" /></p> <p><input type=\"submit\" value=\"Log In\" /></p> </form> "; include('includes/footer.php'); ?> i edit some of the lines pls try this one Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted July 2, 2007 Author Share Posted July 2, 2007 Interesting... Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in D:\inetpub\pizza\login.php on line 15 Could not select database Quote Link to comment Share on other sites More sharing options...
teng84 Posted July 2, 2007 Share Posted July 2, 2007 mysql_select_db($sqldb, $link) $sqldb??? where do u declared Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted July 2, 2007 Author Share Posted July 2, 2007 teng84, you did not define $link as I did in my code, so yours failed. Also, even if I add the definition of $link, it says "Logged In Successfully" "Logged Out". Your if statement for logout goes every time because $_GET['logout'] is never equal to " ". Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted July 2, 2007 Author Share Posted July 2, 2007 Here is YOUR code, revised: <?php session_start(); include('includes/header.php'); $username = $_POST['username']; $password = $_POST['password']; if(isset($_POST['username']) && isset($_POST['password'])){ if (!$link = mysql_connect($sqlserver, $sqluser, $sqlpassword)) { echo 'Could not connect to mysql'; exit; } if (!mysql_select_db($sqldb, $link)) { echo 'Could not select database'; exit; } $query="SELECT * FROM users WHERE username = '".$username."' and password = '" . md5($password) . "'"; $result = mysql_query($query) or die ("Problem with the query $query " . mysql_error()); if(mysql_num_rows($result) <= 0){ echo '<p style="color:red">Incorrect Email/Password Combination.</p>'; } else { $row = mysql_fetch_assoc($result); $_SESSION['uid'] = $row['uid']; $_SESSION['username'] = $row['username']; $_SESSION['password'] = $row['password']; $_SESSION['email'] = $row['email']; $_SESSION['ip'] = $row['ip']; echo ' <p style="color:green">Login successful.</p>'; } } if($_GET['logout'] != ""){ session_destroy(); echo "<p>Logged Out.</p>"; } echo " <h2>Login</h2> <form method=\"post\" action=\"".$_SERVER['PHP_SELF']."\"> <p>Username: <input type=\"text\" name=\"username\" size=\"30\" /></p> <p>Password: <input type=\"password\" name=\"password\" size=\"30\" /></p> <p><input type=\"submit\" value=\"Log In\" /></p> </form> "; include('includes/footer.php'); ?> Quote Link to comment Share on other sites More sharing options...
DaveLinger Posted July 2, 2007 Author Share Posted July 2, 2007 Still need help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.