GB_001 Posted November 18, 2007 Share Posted November 18, 2007 For some reason, I cannot login. I just get redirected to my login page as if I entered the wrong information. Code: <?php @mysql_connect("localhost", "gb_GB", "*************") or die(mysql_error()); @mysql_select_db("gb_USERInfo") or die(mysql_error()); session_start(); $email = $_POST['email']; $password = md5($_POST['password']); $query = mysql_query("SELECT * FROM Ysers WHERE 'email'='$email' AND 'password'='$password' LIMIT 1;")or die(mysql_error()); $result = $query; if(!$result) { $err=mysql_error(); print $err; exit(); } $row=mysql_fetch_assoc($result); if($email==$row['email']&& $password==$row['password'] ){ $_SESSION['email'] = "$email"; setcookie("email","$email",time()+360000); setcookie("password","$password",time()+360000); include "memberspage.php"; } else { $error = "Bad Login"; include "Man.html"; print "MOMMY"; } ?> Quote Link to comment Share on other sites More sharing options...
Psycho Posted November 18, 2007 Share Posted November 18, 2007 There are a few problems here. First of all in your query you should use back quotes for the column names and standard single quotes for the values. Also is the name of the table really "Ysers"? Then you run a query and assign it to the variable $query. You then assign the value of $query to $result. Why? And then you check to see if $result is false (i.e. a problem with the query), but that makes no sense since you had a die clause when running the query. Also, using the logic you have (query for record that matches email and password) there is no reason to validate the results again once you have queried them. Try this: <?php @mysql_connect("localhost", "gb_GB", "*************") or die(mysql_error()); @mysql_select_db("gb_USERInfo") or die(mysql_error()); session_start(); $email = $_POST['email']; $password = md5($_POST['password']); $error = false; $query = "SELECT * FROM `Ysers` WHERE `email`='$email' LIMIT 1"; $result = mysql_query($query) or die (mysql_error()); if (mysql_num_rows($query)==0) { $error = "Username does not exist."; } else { $row=mysql_fetch_assoc($result); if ($row['password']!=$password) { $error = "Password incorrect."; } else { $_SESSION['email'] = "$email"; setcookie("email","$email",time()+360000); setcookie("password","$password",time()+360000); include "memberspage.php"; } } if ($error) { include "Man.html"; print "MOMMY"; } ?> Quote Link to comment Share on other sites More sharing options...
GB_001 Posted November 18, 2007 Author Share Posted November 18, 2007 Thankyou so much for your help. =) Quote Link to comment Share on other sites More sharing options...
GB_001 Posted November 18, 2007 Author Share Posted November 18, 2007 Sorry, but it still doesn't work. It keeps jumping to the debug message I sent. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted November 18, 2007 Share Posted November 18, 2007 first off the @ will supress the query and second off put quotes after == <?php $connect=mysql_connect("localhost", "gb_GB", "*************") or die(mysql_error()); mysql_select_db("gb_USERInfo",$connect) or die(mysql_error()); session_start(); $email = $_POST['email']; $password = md5($_POST['password']); $error = false; $query = "SELECT * FROM `Ysers` WHERE `email`='$email' LIMIT 1"; $result = mysql_query($query) or die (mysql_error()); if (mysql_num_rows($query)=="0") { $error = "Username does not exist."; } else { $row=mysql_fetch_assoc($result); if ($row['password']!=$password) { $error = "Password incorrect."; } else { $_SESSION['email'] = "$email"; setcookie("email","$email",time()+360000); setcookie("password","$password",time()+360000); include "memberspage.php"; } } if ($error) { include "Man.html"; print "MOMMY"; } ?> Quote Link to comment Share on other sites More sharing options...
GB_001 Posted November 18, 2007 Author Share Posted November 18, 2007 Thankyou, it now somewhat works except I get a MySQL error involving my session. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/gb/public_html/Authenticate.php:1) in /home/gb/public_html/Authenticate.php on line 6 Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted November 18, 2007 Share Posted November 18, 2007 ob_start(); before you start your sessions. Quote Link to comment Share on other sites More sharing options...
GB_001 Posted November 18, 2007 Author Share Posted November 18, 2007 Thankyou again, but I think I may be doing something wrong because it still jumps straight to the debug message. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted November 18, 2007 Share Posted November 18, 2007 whats the message ??? Quote Link to comment Share on other sites More sharing options...
GB_001 Posted November 18, 2007 Author Share Posted November 18, 2007 The "MOMMY" error message. Quote Link to comment Share on other sites More sharing options...
Distant_storm Posted November 19, 2007 Share Posted November 19, 2007 Once you have the other stuff sorted out look at validating and verifying some of your data. for a) sql_injection so strip any user input from php tags and add slashes to things. Although your scripts will never be fully protected because you know some geek out there is going to know a way round it. Use basic validation on your data. You don't want users entering corrupt data into your database. something along these lines I think would improve it. $email = addslashes($_POST['email']); $email = strip_tags($email); $password = addslashes($_POST['password']); $password= strip_tags($password); $password = md5($password); That’s very basic excuse me if there’s any mistakes in der I type fast and might have missed something. You can further validate user input which is very important by using regular expressions. That would allow you to check if the email is valid to an extent... if (!eregi('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$',$email)) { #THE EMAIL IS NOT VALID echo "email is not valid"; } else { # EMAIL IS VALID echo "your email is valid let us send you a email with a validation link to prove its yours } The code above might look abit complex so ill explain it just incase eregi is basically matching patterns there are many different types I won’t get into them now. It defines the pattern as being any letter of the alphabet or number followed by another until an @ sign is found then followed by another alphabetic character or number. This is one of the more complex ways of validating data although simple ways are mostly the best, just in case of emails its good to use this. Hope that didn't confuse you. Regards Php Freaks.co.uk(noob) Quote Link to comment Share on other sites More sharing options...
kratsg Posted November 19, 2007 Share Posted November 19, 2007 <?php $connect=mysql_connect("localhost", "gb_GB", "*************") or die(mysql_error()); mysql_select_db("gb_USERInfo",$connect) or die(mysql_error()); session_start(); $email = $_POST['email']; $password = md5($_POST['password']); $error = null; $query = "SELECT * FROM `Ysers` WHERE `email`='$email' LIMIT 1"; $result = mysql_query($query) or die (mysql_error()); if (mysql_num_rows($query)=="0") { $error = "Username does not exist."; } else { $row=mysql_fetch_assoc($result); if ($row['password']!=$password) { $error = "Password incorrect."; } else { $_SESSION['email'] = "$email"; setcookie("email","$email",time()+360000); setcookie("password","$password",time()+360000); include "memberspage.php"; } } if (!empty($error)) { include "Man.html"; print "MOMMY"; } ?> Quote Link to comment Share on other sites More sharing options...
GB_001 Posted November 20, 2007 Author Share Posted November 20, 2007 Sorry, but it still does not seem to be working. Here is what I have: <?php $connect=mysql_connect("localhost","gb_GB","*********") or die(mysql_error()); mysql_select_db("gb_USERInfo",$connect)or die(mysql_error()); ob_start(); $email=$_POST['email']; $password=md5($_POST['password']); $error=null; $query="SELECT * FROM `Ysers` WHERE `email`='$email' LIMIT 1"; $result=mysql_query($query) or die(mysql_error()); if(mysql_num_rows($result)==0){ $error="Username does not exist."; }else{ $row=mysql_fetch_assoc($result); if($row['password']!=$password){ $error="Password incorrect."; }else{ $_SESSION['email']="$email"; setcookie("email","$email",time()+360000); setcookie("password","$password",time()+360000); include "memberspage.php"; } } if(!empty($error)){ include "Man.html"; print"MOMMY"; } ?> Quote Link to comment Share on other sites More sharing options...
Distant_storm Posted November 21, 2007 Share Posted November 21, 2007 hmm Try this <?php ob_start(); $connect=mysql_connect("localhost","gb_GB","*********") or die(mysql_error()); mysql_select_db("gb_USERInfo",$connect)or die(mysql_error()); $email=$_POST['email']; $password=md5($_POST['password']); $error="0"; $query="SELECT * FROM Ysers WHERE email='$email' LIMIT 1"; $result=mysql_query($query) or die(mysql_error()); if(mysql_num_rows($result)==0){ $error="Username does not exist."; }else{ $row=mysql_fetch_assoc($result); if($row['password']!=$password){ $error="Password incorrect."; }else{ $_SESSION['email']="$email"; setcookie("email","$email",time()+360000); setcookie("password","$password",time()+360000); include "memberspage.php"; } } if(!empty($error)){ include "Man.html"; print"MOMMY"; } ob_end_flush(); ?> Quote Link to comment Share on other sites More sharing options...
GB_001 Posted November 23, 2007 Author Share Posted November 23, 2007 Thankyou, I have pinpointed the problem, it has to do with the passwords. For some reason even right passwords are being flagged as wrong. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.