I recently switched hosting on one of my sites and I am now having problems with the member login.
When a member tries to login the following message displayed:
select GID from golfer where UserId='cam' and UserPwd='databasePassword'
note: I've replaced my actual database password with databasePassword
It's reading the golfer username correctly but for some reason it's retrieving the database password rather than the golfer member password.
This is the code for the login page in question:
<?php
session_start();
if($_SESSION['AUTH']=="OK")
{
header("Location:addIntro.php");
exit;
}
$submit=$_POST['Signin'];
$uid=$_POST['userid'];
$password=$_POST['password'];
$mesg="";
//echo "<pre>";
//print_r($_POST);
if($submit)
{
include "../connections/db.php";
$sql="select GID from golfer where UserId='$uid' and UserPwd='$password'";
echo $sql;
$conn=mysql_query($sql);
$rowscnt=mysql_num_rows($conn);
if($rowscnt!=0)
{
$resc=mysql_fetch_object($conn);
$_SESSION['GID']=$resc->GID;
$_SESSION['USER']=$uid;
$_SESSION['AUTH']="OK";
header("Location:addIntro.php");
//echo "done";
exit;
}
else
{
//echo "whats wrong";
$mesg= "The User ID or Password is incorrect. Please retype the User ID and Password";
}
}
?>
It's passing on the member UserId correctly but is confusing the database password with the member UserPwd. Any suggestions would be appreciated.
Problem with member authentication
Moderator: General Moderators
Re: Problem with member authentication
Lemme guess: you use a $password variable in your connections/db.php?
That value is overwriting the one you got from the form.
That value is overwriting the one you got from the form.
Re: Problem with member authentication
That seems to be what the problem is. The following is the db connections page. I've replaced the actual connection values here with just general names.
<?php
$conn=mysql_connect("host","username","dbPassword");
mysql_select_db("dbName");
$debug=0;
?>
<?php
//Sample Database Connection Syntax for PHP and MySQL.
//Connect To Database
$hostname="hostNameURL";
$username="dbUsername";
$password="dbPassword";
$dbname="dbName";
$usertable="your_tablename";
$yourfield = "your_field";
mysql_connect($hostname,$username, $password) or die ("<html><script language='JavaScript'>alert('Unable to connect to database! Please try again later.'),history.go(-1)</script></html>");
mysql_select_db($dbname);
# Check If Record Exists
$query = "SELECT * FROM $usertable";
$result = mysql_query($query);
if($result)
{
while($row = mysql_fetch_array($result))
{
$name = $row["$yourfield"];
echo "Name: ".$name."<br>";
}
}
?>
Thanks
<?php
$conn=mysql_connect("host","username","dbPassword");
mysql_select_db("dbName");
$debug=0;
?>
<?php
//Sample Database Connection Syntax for PHP and MySQL.
//Connect To Database
$hostname="hostNameURL";
$username="dbUsername";
$password="dbPassword";
$dbname="dbName";
$usertable="your_tablename";
$yourfield = "your_field";
mysql_connect($hostname,$username, $password) or die ("<html><script language='JavaScript'>alert('Unable to connect to database! Please try again later.'),history.go(-1)</script></html>");
mysql_select_db($dbname);
# Check If Record Exists
$query = "SELECT * FROM $usertable";
$result = mysql_query($query);
if($result)
{
while($row = mysql_fetch_array($result))
{
$name = $row["$yourfield"];
echo "Name: ".$name."<br>";
}
}
?>
Thanks