[SOLVED] no query results despite entry

[deed02392]

<?php
// we must never forget to start the session
session_start();

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
   include 'library/config.php';
   include 'library/opendb.php';

   $userId = $_POST['txtUserId'];
   $password = $_POST['txtPassword'];

   // check if the user id and password combination exist in database
   $sql = "SELECT user_id
           FROM tbl_auth_user
           WHERE user_id = '$userId'
                 AND user_password = PASSWORD('$password')";

   $result = mysql_query($sql)
             or die('Query failed. ' . mysql_error());

   if (mysql_num_rows($result) == 1) {
      // the user id and password match,
      // set the session
      $_SESSION['db_is_logged_in'] = true;

      // after login we move to the main page
      header('Location: main.php');
      exit;
   } else {
      $errorMessage = 'Sorry, wrong user id / password';
   }

   include 'library/closedb.php';
}
?>

<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
  <tr>
   <td width="150">User Id</td>
   <td><input name="txtUserId" type="text" id="txtUserId"></td>
  </tr>
  <tr>
   <td width="150">Password</td>
   <td><input name="txtPassword" type="password" id="txtPassword"></td>
  </tr>
  <tr>
   <td width="150"> </td>
   <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
  </tr>
</table>
</form>
</body>
</html>

 

Some code I got off a guide website, won't work for me, it seems with my mysql database. Everything is set up properly ie all correct data is entered. However, I cannot ever log in. If I change the num rows result to 0 I can log in correctly. When it is 1, no dice, even though I KNOW the user and pass combination is correct. If i search the username and pass with phpmyadmin, it finds it, so why not here? Please help me, I'm trying to start a non-profit charity website, so I can't afford a coder!

[deed02392]

Sorry, let me add what happens.

 

When I submit the correct information, the script acts as if the password combination was incorrect, and redirects me back to the login page. It doesn't set the session, as I still cannot view the main.php page (which has a php script to block you if you don't have the session etc.). But I know the session scripts are working because obviously if i set it so the results need be 0 it sets one up and directs me to main.php.

[lewis987]

<?php
// we must never forget to start the session
session_start();

$errorMessage = '';

//Use the Button post than the user id and user password in the if statement
if ($_POST['btnLogin']) {
   include 'library/config.php';
   include 'library/opendb.php';

   $userId = $_POST['txtUserId'];
   $password = $_POST['txtPassword'];

   // check if the user id and password combination exist in database
   // Ensure your SQL is correct aswell.
   // You Cannot Do this: PASSWORD('$password')
   //Use a Session in the function to use
   $sql = "SELECT *
           FROM `tbl_auth_user`
           WHERE `user_id` = '".$userId."'
                 AND `user_password` = '".$_SESSION['PASS']."';";

   $result = mysql_query($sql)
             or die('Query failed. ' . mysql_error());

   if (mysql_num_rows($result) == 1) {
      // the user id and password match,
      // set the session
      $_SESSION['db_is_logged_in'] = true;

      // after login we move to the main page
      header('Location: main.php');
      exit;
   } else {
      $errorMessage = 'Sorry, wrong user id / password';
   }

   include 'library/closedb.php';
}
?>

<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
  <tr>
   <td width="150">User Id</td>
   <td><input name="txtUserId" type="text" id="txtUserId"></td>
  </tr>
  <tr>
   <td width="150">Password</td>
   <td><input name="txtPassword" type="password" id="txtPassword"></td>
  </tr>
  <tr>
   <td width="150"> </td>
   <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
  </tr>
</table>
</form>
</body>
</html>

 

Made Changes, Read the notes attached.. Especially the SQL one... it looks like you are a newbie at php and all...

[deed02392]

Hi, thanks a lot for your help.

I made the changes to the code as you showed me, but unfortunately it still doesn't work.

I've checked my SQL database hundreds of times now. The includes I've used are fine too, the database is called 'site' (without the quotes). The table is called tbl_auth_user, and within that I have one row with user_id (primary) and user_password. I believe this all checks in with the login.php script, but still no joy.

 

It just seems no matter how many times i try the database just never returns a result. I can't for the life of me understand this. Everything checks out.

[lewis987]

ok, how do you encrypt your password? md5? md4?

 

tell me and i will edit the code and make it work for you

[deed02392]

the password is totally un-encrypted, this is how i see it in phpmyadmin:

 

                  user_id user_password

Edit Delete user pass

 

It says this at the top as the sql query:

 

SELECT *

FROM `tbl_auth_user`

LIMIT 0 , 30

[deed02392]

OK, update.

 

I was using this website as a guide for what to do: http://www.php-mysql-tutorial.com/user-authentication/database.php.

I managed to get phpmyadmin to insert the source data given on that website using the query window. When I did something strange happened... the passwords were encrypted. It seems as though the PASSWORD string encrypted them? I'm not sure by which method though. SO then I tried to login and it still failed... so I tried the source login script on that website again, putting it back in login.php and it works??? I wish I understood what was going on... will be worrying when I'm running a website to which I have no real idea how is actually running...