Jump to content

[SOLVED] Mysql Check not working?

ryeman98

By ryeman98
in PHP Coding Help

 Share

Recommended Posts

ryeman98 Member

ryeman98

Posted
Posted

Hello! :)

 

I'm currently working on my first ever User System and I need a bit of help.

 

The login and everything used to work until I moved these down from above the header. I moved them below the header so that the error messages (if any while logging in) will be displayed within the body rather than at the top of the page where they're hard to be seen.

 

<?php
$username = $_POST['username'];
$password = $_POST['password'];
$GetInfo = mysql_query("SELECT * FROM users WHERE username='$username'");
$row = mysql_fetch_array($GetInfo);
if ($username != $row['username']) {
echo "The username ".$username." is not in our database.";
} elseif ($password != $row['password']) {
echo "You have entered the wrong password for the account: ".$username.".";
} else {
$_SESSION['username'] = $username;
$_SESSION['rank'] = $row['rank'];
}
?>

Welcome <?php if ($_SESSION['username']) { echo $_SESSION['username']; } else { echo "Guest"; } ?>!
<br />
<a href="logout.php">Logout</a></div></div>

 

This will display: The username *** is not in our database. Welcome Guest!

 

The *** is just removing the username...

 

Any ideas?

Link to comment
Share on other sites
pocobueno1388 Regular Member

pocobueno1388

Posted
Posted

Why are you wanting to say "Welcome Guest" if they get the wrong username/password?

 

Try something like this:

 

<?php

$username = $_POST['username'];
$password = $_POST['password'];
$GetInfo = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

if (mysql_num_rows($GetInfo) < 1) {
    echo "You entered the wrong username/password combonation";
} else {
    $_SESSION['username'] = $username;
    $_SESSION['rank'] = $row['rank'];
    
    echo "Welcome {$_SESSION['username']}!";
    echo '<br /><a href="logout.php">Logout</a></div></div>';
}

?>

Link to comment
Share on other sites
ss32 Newbie

ss32

Posted
Posted

you omitted session_start()...

 

and you want to check both the username and the password in the mysql query, and then check if the size of the result is greater than zero.

 

session_start();
$sql = sprintf("select null from users where username='%s' and password='%s' limit 1", mysql_real_escape_string($_POST['username']), md5($_POST['password']));
$num = mysql_num_rows(mysql_query($sql));

if ($num > 0) {
...store the user into session data...
}else{
$errmsg = "username/password combination invalid";
}

...later...
if ($errmsg) {
echo $errmsg;
}

Link to comment
Share on other sites
ryeman98 Member

ryeman98

Posted
  • Author
Posted

Did you try my code and see if it worked if you entered the right info?

 

Yeah... and that's why I'm confused... everything looks right and it worked fine until I moved the code from above the include("header.php")...

 

Can I set a session after the <html> tag?

Link to comment
Share on other sites
ryeman98 Member

ryeman98

Posted
  • Author
Posted

you omitted session_start()...

 

and you want to check both the username and the password in the mysql query, and then check if the size of the result is greater than zero.

 

session_start();
$sql = sprintf("select null from users where username='%s' and password='%s' limit 1", mysql_real_escape_string($_POST['username']), md5($_POST['password']));
$num = mysql_query($sql);

if ($num > 0) {
...store the user into session data...
}else{
$errmsg = "username/password combination invalid";
}

...later...
if ($errmsg) {
echo $errmsg;
}

 

I just didn't post the entire code... it's a bit messy right now :P

Link to comment
Share on other sites
ss32 Newbie

ss32

Posted
Posted

ok, then why arent you checking for the encrypted password?

 

md5(pass) != pass

 

furthermore, it worries me that it isnt finding the user.  are you ABSOLUTELY sure that your login info is correct?  are you sure that there isnt a mysql_error()?  id run some debug to see what $row['username'] actually contains (=

 

heck, id even try and see what $_POST['username'] contains.  you may be sending flawed data for all you know.

Link to comment
Share on other sites
ss32 Newbie

ss32

Posted
Posted
So I echoed out all the info that I was sending and it's all correct...

even the data from the table?

 

can you check that your username and password is still intact in the table?

the thing is, that except for the fact that you arent escaping the username string, the query looks fine.  I suspect that there may be something above the header line that the code must have been looking for that got reset or something.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.