psychowolvesbane Posted February 4, 2008 Share Posted February 4, 2008 I have a form for logging in to an Admin folder which should restrict access to the pages there (I will also have a htaccess file stopping access in the address bar but no password file) but the form comes up blank on the screen so it must be some vital thing I have missed on the page like a if statement { or something, yet I have tried searching and can't find anything so I need another pair of eyes to help me find the bugger. <?php session_Start(); include "admin/connect_details.php"; $LoginB = $_POST['LoginB']; $UserLogin = $_POST['Username']; $PasswordLogin = $_POST'['Password']; if($_SESSION['AdminLogin']==true) { $_SESSION['AdminLogin']=true; $ValidLogin = true; } else { if(empty($UserLogin)) { $Valid_Username = false; $Errors++; $MessageUser = "Please enter a Username"; } if(empty($PasswordLogin)) { $Valid_Password = false; $Errors++; $MessagePassword = "Please enter a Password"; } if($Errors==0) { $conn = mysql_connect($Host,$Username,$Password) or die(mysql_error()); $db = mysql_select_db($Dbname, $conn); $sql = "SELECT UserName,Password FROM Clothing WHERE Username='$UserLogin',Password='$PasswordLogin'"; $rs = mysql_query($sql,$conn) or die('Problem with query: ' . $sql . '<br />' . mysql_error()); if(mysql_affected_rows==0) { $Errors++; $MessageForm = "Invalid UserName/Password!"; $ValidLogin = false; } else { $_SESSION['AdminLogin']=true; $ValidLogin = true; } mysql_close($conn); } } ?> <html> <head> <title>Clothing Line</title> <link href="admin/stylesheetCL.css" rel="stylesheet"> <?php require('admin/jscript.inc') ?> <?php if($ValidLogin==true && $_SESSION['AdminLogin']==true) { ?> <meta HTTP-EQUIV="REFRESH" content="0; url=admin/admin.php"> <?php } ?> </head> <body> <?php require('admin/header.inc') ?> <?php require('menu.inc') ?> <div style="position:absolute; top:5px; left:200px; width:550px"> <?php if($ValidLogin==false) { echo "<span class='errmsg'>! $MessageForm</span><br><br>"; } ?> <form method="post" action='login_form.php'/> <?php if($LoginB != "Submit") { ?> Username: <input type="text" name="Username" value=""/> <br> <br> Password: <input type="password" name="Password" value=""/> <br> <br> <?php } elseif($LoginB == "Submit") { if($Valid_Username == false) { ?> <span class="errmsg">! $MessageUser</span><br> <?php } ?> Username: <input type="text" name="Username" value="<?php echo $UserLogin?>"/> <br> <br> <?php if($Valid_Password == false) { ?> <span class="errmsg">! $MessagePassword</span><br> <?php } ?> Password: <input type="password" name="Password" value="<?php echo $PasswordLogin?>"/> <br> <br> <?php } ?> <input type="submit" class="buttonS" name="LoginB" value="Go" onMouseOver="OverMouse(this)"; onMouseOut="OutMouse(this)"/> </form> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
trq Posted February 4, 2008 Share Posted February 4, 2008 Notcie the error on this line? $PasswordLogin = $_POST'['Password']; should be (for starters).... $PasswordLogin = $_POST['Password']; Quote Link to comment Share on other sites More sharing options...
psychowolvesbane Posted February 4, 2008 Author Share Posted February 4, 2008 Okay now i'm getting a syntax error for the sql, most likely because of the WHERE part, I didn't know exactly how to specify more than 1 criteria so I made an educated guess. Quote Link to comment Share on other sites More sharing options...
psychowolvesbane Posted February 4, 2008 Author Share Posted February 4, 2008 I changed the sql to $sql = "SELECT UserName,Password FROM UserAccount WHERE Username='$UserLogin' AND Password='$PasswordLogin'"; Quote Link to comment Share on other sites More sharing options...
psychowolvesbane Posted February 4, 2008 Author Share Posted February 4, 2008 However it is going to my "Invalid Usernamer/Password" message when I enter the correct details. Here's my current code <?php session_Start(); include "admin/connect_details.php"; $LoginB = $_POST['LoginB']; $UserLogin = $_POST['Username']; $PasswordLogin = $_POST['Password']; if($_SESSION['AdminLogin']==true) { $_SESSION['AdminLogin']=true; $ValidLogin = true; } else { if(empty($UserLogin)) { $Valid_Username = false; $Errors++; $MessageUser = "Please enter a Username"; } if(empty($PasswordLogin)) { $Valid_Password = false; $Errors++; $MessagePassword = "Please enter a Password"; } if($Errors==0) { $conn = mysql_connect($Host,$Username,$Password) or die(mysql_error()); $db = mysql_select_db($Dbname, $conn); $sql = "SELECT UserName,Password FROM UserAccount WHERE Username='$UserLogin' AND Password='$PasswordLogin'"; $rs = mysql_query($sql,$conn) or die('Problem with query: ' . $sql . '<br />' . mysql_error()); if(mysql_affected_rows==0) { $Errors++; $MessageForm = "Invalid UserName/Password!"; $ValidLogin = false; } else { $_SESSION['AdminLogin']=true; $ValidLogin = true; } mysql_close($conn); } } ?> <html> <head> <title>Clothing Line</title> <link href="admin/stylesheetCL.css" rel="stylesheet"> <?php require('admin/jscript.inc') ?> <?php if($ValidLogin==true && $_SESSION['AdminLogin']==true) { ?> <meta HTTP-EQUIV="REFRESH" content="0; url=admin/admin.php"> <?php } ?> </head> <body> <?php require('admin/header.inc') ?> <?php require('menu.inc') ?> <div style="position:absolute; top:5px; left:200px; width:550px"> <?php if($ValidLogin==false) { echo "<span class='errmsg'>! $MessageForm</span><br><br>"; } ?> <form method="post" action='login_form.php'/> <?php if($LoginB != "Submit") { ?> Username: <input type="text" name="Username" value=""/> <br> <br> Password: <input type="password" name="Password" value=""/> <br> <br> <?php } elseif($LoginB == "Submit") { if($Valid_Username == false) { ?> <span class="errmsg">! $MessageUser</span><br> <?php } ?> Username: <input type="text" name="Username" value="<?php echo $UserLogin?>"/> <br> <br> <?php if($Valid_Password == false) { ?> <span class="errmsg">! $MessagePassword</span><br> <?php } ?> Password: <input type="password" name="Password" value="<?php echo $PasswordLogin?>"/> <br> <br> <?php } ?> <input type="submit" class="buttonS" name="LoginB" value="Go" onMouseOver="OverMouse(this)"; onMouseOut="OutMouse(this)"/> </form> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
trq Posted February 4, 2008 Share Posted February 4, 2008 Its usually easiest to check the manual rather than have a guess. $sql = "SELECT UserName,`Password` FROM Clothing WHERE Username='$UserLogin' && `Password` = '$PasswordLogin'"; Quote Link to comment Share on other sites More sharing options...
trq Posted February 4, 2008 Share Posted February 4, 2008 mysql_affected_rows works on inserts and deletes only. Try... if(mysql_num_rows($rs)==0) { $Errors++; $MessageForm = "Invalid UserName/Password!"; $ValidLogin = false; } else { $_SESSION['AdminLogin']=true; $ValidLogin = true; } Quote Link to comment Share on other sites More sharing options...
psychowolvesbane Posted February 4, 2008 Author Share Posted February 4, 2008 The username and password still are not being accepted :-\ <?php session_Start(); include "admin/connect_details.php"; $LoginB = $_POST['LoginB']; $UserLogin = $_POST['Username']; $PasswordLogin = $_POST['Password']; echo "Username = $UserLogin<br>"; echo "Password = $PasswordLogin<br>"; if($_SESSION['AdminLogin']==true) { $_SESSION['AdminLogin']=true; $ValidLogin = true; } else { if(empty($UserLogin)) { $Valid_Username = false; $Errors++; $MessageUser = "Please enter a Username"; } if(empty($PasswordLogin)) { $Valid_Password = false; $Errors++; $MessagePassword = "Please enter a Password"; } if($Errors==0) { $conn = mysql_connect($Host,$Username,$Password) or die(mysql_error()); $db = mysql_select_db($Dbname, $conn); //$sql = "SELECT Username,Password FROM UserAccount WHERE Username='$UserLogin' && Password='$PasswordLogin'"; $sql = "SELECT `Username`, `Password` FROM `UserAccount` WHERE `Username` = 'UserLogin' AND `Password` = '$PasswordLogin'"; $rs = mysql_query($sql,$conn) or die('Problem with query: ' . $sql . '<br />' . mysql_error()); if(mysql_num_rows==0) { $Errors++; $MessageForm = "Invalid UserName/Password!"; $ValidLogin = false; } else { $_SESSION['AdminLogin']=true; $ValidLogin = true; } mysql_close($conn); } } ?> <html> <head> <title>Clothing Line</title> <link href="admin/stylesheetCL.css" rel="stylesheet"> <?php require('admin/jscript.inc') ?> <?php if($ValidLogin==true && $_SESSION['AdminLogin']==true) { ?> <meta HTTP-EQUIV="REFRESH" content="0; url=admin/admin.php"> <?php } ?> </head> <body> <?php //require('admin/header.inc') ?> <?php require('menu.inc') ?> <div style="position:absolute; top:5px; left:200px; width:550px"> <?php if($ValidLogin==false) { echo "<span class='errmsg'>! $MessageForm</span><br><br>"; } ?> <form method="post" action='login_form.php'/> <?php if($LoginB != "Submit") { ?> Username: <input type="text" name="Username" value=""/> <br> <br> Password: <input type="password" name="Password" value=""/> <br> <br> <?php } elseif($LoginB == "Submit") { if($Valid_Username == false) { ?> <span class="errmsg">! $MessageUser</span><br> <?php } ?> Username: <input type="text" name="Username" value="<?php echo $UserLogin?>"/> <br> <br> <?php if($Valid_Password == false) { ?> <span class="errmsg">! $MessagePassword</span><br> <?php } ?> Password: <input type="password" name="Password" value="<?php echo $PasswordLogin?>"/> <br> <br> <?php } ?> <input type="submit" class="buttonS" name="LoginB" value="Go" onMouseOver="OverMouse(this)"; onMouseOut="OutMouse(this)"/> </form> </div> </body> </html> [code] [/code] Quote Link to comment Share on other sites More sharing options...
trq Posted February 4, 2008 Share Posted February 4, 2008 Are you sure the passwords are not md5'd? They should be. Quote Link to comment Share on other sites More sharing options...
trq Posted February 4, 2008 Share Posted February 4, 2008 Also, it should be... if(mysql_num_rows($rs) ==0) Quote Link to comment Share on other sites More sharing options...
psychowolvesbane Posted February 4, 2008 Author Share Posted February 4, 2008 That was it! Thank you, now I just need to add all the SESSION stuff to the other pages so it won't need to re-login everytime. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.