Jump to content

login code problem

Kostassketo

By Kostassketo
in PHP Coding Help

 Share

Recommended Posts

Kostassketo Newbie

Kostassketo

Posted
Posted

Hi there,

 

I'm novice in PHP & MySQL and I'm trying to learn how to do a login. However, there is something wrong with my code. At the part where

I check how many rows the query has returned I get 0 rows :

if(mysql_num_rows($result) > 0)
{
//$logged_in_user = $user;
$_SESSION['logged_in_user'] = $user;
echo "Welcome, " . $user . ". <br><br>";
echo $links;
exit;
}

 

(Of course I have inserted couple of users in the db) and it gets into the 'else' part.

 

Could you please tell me what's wrong with my code?

 

<?php session_start() ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>

<body>
<h2>Login</h2>
    <?php
	$links = "<a href='main.php'>Click here to proceed to the main page</a> <br><br>";
	$links .= "<a href='logout.php'>Click here to log out.</a>";
	$user = $_POST[user];
	$pass = $_POST[pass];

    	if($user && $pass)
	{
		if($_SESSION['logged_in_user'] == $user)
		{
			echo $user . "you are already logged in.<br>";
			echo $links;
			exit;
		}
		$db =mysql_connect("localhost", "root", "1983ab") or die("Connection failed");
		mysql_select_db("userlist", $db);
		$result = mysql_query("select * from users where name = '" . $user . "'
								and password = PASSWORD('" . $pass . "')");

		if(!$result)
		{
			echo "Sorry, there has been a technical hitch. We cannot enter your details.";
			exit;	
		}

		if(mysql_num_rows($result) > 0)
		{
			//$logged_in_user = $user;
			$_SESSION['logged_in_user'] = $user;
			echo "Welcome, " . $user . ". <br><br>";
			echo $links;
			exit;
		}
		else
		{
			echo mysql_num_rows($result);
			echo "Invalid login. Please, try again. <br><br>";
		}
	}
	else if($user || $pass)
	{
		echo "Please fill in both fields. <br><br>";
	}
?>
    <form method=post action="login.php">
    	Your username:
        <input name="user" type=text maxlength=20 size=20>
        <br>
        Your password:
        <input name="pass" type=pasword maxlength=10 size=10>
        <br>
        <input type=submit value="login">
    </form>
    
</body>
</html>

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

Where did you get this example code from? Yiu should never use mysql's PASSWORD function to encrypt passwords, it will break your code in the future. Use MD5 instead.

 

Now, as for your problem. If the query is returning 0 results, then its simply not finding a match. Are you sure you used PASSWORD when you originally setup these users?

 

Link to comment
Share on other sites
Kostassketo Newbie

Kostassketo

Posted
  • Author
Posted

Actually the code I got it from a PHP video tutorial of VTC (it seems a bit old). The username and the password that I did set for two users it is correct, I double checked - when I remove the 'if' check it logins properly. To be honest I have no idea what it is wrong in there!? Can you think of anything?

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

Its not nesesarily old, but poorly written. Mysql's PASSWORD function has never meant to be used in client code. It will break your code when mysql upgrades occure.

 

If course if you remove the if it appears to work, thats because you remove the check.

 

Your not finding a match. Did you encrypt the passwords using PASSWORD when you put the passwords in the datbase? If you did, they might look something like....

 

dufdndnd7dsn437wejh378fn378rh3y7fu3hcuhci9u4gh

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

Your query is failing because of a syntax error. password is a reserved word. Try...

 

$result = mysql_query("select * from users where name = '" . $user . "' and `password` = PASSWORD('" . $pass . "')");

 

If you do plan on actually using this code for something I would replace all instances of the PAAWORD function with MD5 as well however.

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

No, you will need to remove the entries that you have and then store them again using MD5. this is not likely to be the cause of your problem, I'm just pointing out that it will cause you problems latter if you plan on using this code.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.