Kostassketo Posted February 28, 2008 Share Posted February 28, 2008 Hi there, I'm novice in PHP & MySQL and I'm trying to learn how to do a login. However, there is something wrong with my code. At the part where I check how many rows the query has returned I get 0 rows : if(mysql_num_rows($result) > 0) { //$logged_in_user = $user; $_SESSION['logged_in_user'] = $user; echo "Welcome, " . $user . ". <br><br>"; echo $links; exit; } (Of course I have inserted couple of users in the db) and it gets into the 'else' part. Could you please tell me what's wrong with my code? <?php session_start() ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login</title> </head> <body> <h2>Login</h2> <?php $links = "<a href='main.php'>Click here to proceed to the main page</a> <br><br>"; $links .= "<a href='logout.php'>Click here to log out.</a>"; $user = $_POST[user]; $pass = $_POST[pass]; if($user && $pass) { if($_SESSION['logged_in_user'] == $user) { echo $user . "you are already logged in.<br>"; echo $links; exit; } $db =mysql_connect("localhost", "root", "1983ab") or die("Connection failed"); mysql_select_db("userlist", $db); $result = mysql_query("select * from users where name = '" . $user . "' and password = PASSWORD('" . $pass . "')"); if(!$result) { echo "Sorry, there has been a technical hitch. We cannot enter your details."; exit; } if(mysql_num_rows($result) > 0) { //$logged_in_user = $user; $_SESSION['logged_in_user'] = $user; echo "Welcome, " . $user . ". <br><br>"; echo $links; exit; } else { echo mysql_num_rows($result); echo "Invalid login. Please, try again. <br><br>"; } } else if($user || $pass) { echo "Please fill in both fields. <br><br>"; } ?> <form method=post action="login.php"> Your username: <input name="user" type=text maxlength=20 size=20> <br> Your password: <input name="pass" type=pasword maxlength=10 size=10> <br> <input type=submit value="login"> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
trq Posted February 28, 2008 Share Posted February 28, 2008 Where did you get this example code from? Yiu should never use mysql's PASSWORD function to encrypt passwords, it will break your code in the future. Use MD5 instead. Now, as for your problem. If the query is returning 0 results, then its simply not finding a match. Are you sure you used PASSWORD when you originally setup these users? Quote Link to comment Share on other sites More sharing options...
Kostassketo Posted February 28, 2008 Author Share Posted February 28, 2008 Actually the code I got it from a PHP video tutorial of VTC (it seems a bit old). The username and the password that I did set for two users it is correct, I double checked - when I remove the 'if' check it logins properly. To be honest I have no idea what it is wrong in there!? Can you think of anything? Quote Link to comment Share on other sites More sharing options...
trq Posted February 28, 2008 Share Posted February 28, 2008 Its not nesesarily old, but poorly written. Mysql's PASSWORD function has never meant to be used in client code. It will break your code when mysql upgrades occure. If course if you remove the if it appears to work, thats because you remove the check. Your not finding a match. Did you encrypt the passwords using PASSWORD when you put the passwords in the datbase? If you did, they might look something like.... dufdndnd7dsn437wejh378fn378rh3y7fu3hcuhci9u4gh Quote Link to comment Share on other sites More sharing options...
Kostassketo Posted February 28, 2008 Author Share Posted February 28, 2008 Well, yes I inserted the passwords encrypted. You think it does not find a match because it compares the real password with the encrypted? Quote Link to comment Share on other sites More sharing options...
trq Posted February 28, 2008 Share Posted February 28, 2008 Your query is failing because of a syntax error. password is a reserved word. Try... $result = mysql_query("select * from users where name = '" . $user . "' and `password` = PASSWORD('" . $pass . "')"); If you do plan on actually using this code for something I would replace all instances of the PAAWORD function with MD5 as well however. Quote Link to comment Share on other sites More sharing options...
Kostassketo Posted February 28, 2008 Author Share Posted February 28, 2008 If I simply change the password with the MD5 it will work, or I need to do something more than that to use the MD5 (maybe a bit silly question, but I'm new ???) Quote Link to comment Share on other sites More sharing options...
trq Posted February 28, 2008 Share Posted February 28, 2008 No, you will need to remove the entries that you have and then store them again using MD5. this is not likely to be the cause of your problem, I'm just pointing out that it will cause you problems latter if you plan on using this code. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.