PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I am trying to create a login page and use sessions. Right now, I am not getting any errors with the code, it just seems to do nothing after I submit the username and password.... Any help would be greatly appreciated.
I checked to make sure, and there is a user and password for every single user I attempt to login with.
<?php
include 'db.php';
// Add slashes to the username, and make a md5 checksum of the password.
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);
$result = mysql_query("SELECT count(bus_id) FROM businesses WHERE password='$pass' AND bus_id='$user' LIMIT 1") or trigger_error('Query failed: ' . mysql_error($db), E_USER_ERROR);
$num = mysql_result($result, 0);
//$row = mysql_fetch_array($result);
//$num = $row['bus_id'];
if (!$num)
{
// When the query didn't return anything,
// display the login form.
echo "<h3>User Login</h3>
<form action='$_SERVER[PHP_SELF]' method='post'>
Username: <input type='text' name='username'><br>
Password: <input type='password' name='password'><br><br>
<input type='submit' value='Login'>
</form>";
} else {
// Start the login session
session_start();
echo "Hello";
// We've already added slashes and MD5'd the password
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
// All output text below this line will be displayed
// to the users that are authenticated. Since no text
// has been output yet, you could also use redirect
// the username to the next page using the header() function.
// header('Location: page2.php');
echo "<h1>Welcome</h1>";
echo "You're now logged in. Try visiting <a href='update_info_form.php'>Update Info Form</a>.";
}
?>
The only reason that would happen is if your database isn't matching your conditional statement. You are trying to do a numerical comparision on a resource. Try
$num=mysql_num_rows($result);
and change your if($num>0)
Because
$num=mysql_result($result,0); returns the resource information of $result, not an int.
or keep $num=mysql_result($result,0) and change your conditional to check for a resource. if(is_resource($num)) .....
<?php
include 'db.php';
// Add slashes to the username, and make a md5 checksum of the password.
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);
$result = mysql_query("SELECT count(bus_id) FROM businesses WHERE password='$pass' AND bus_id='$user' LIMIT 1") or trigger_error('Query failed: ' . mysql_error($db), E_USER_ERROR);
$num=mysql_num_rows($result);
print $results;
//$num = mysql_result($result, 0);
//$row = mysql_fetch_array($result);
//$num = $row['bus_id'];
//if (!$num)
if($num>0)
{
// When the query didn't return anything,
// display the login form.
echo "<h3>User Login</h3>
<form action='$_SERVER[PHP_SELF]' method='post'>
Username: <input type='text' name='username'><br>
Password: <input type='password' name='password'><br><br>
<input type='submit' value='Login'>
</form>";
} else {
// Start the login session
session_start();
echo "Hello";
// We've already added slashes and MD5'd the password
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
// All output text below this line will be displayed
// to the users that are authenticated. Since no text
// has been output yet, you could also use redirect
// the username to the next page using the header() function.
// header('Location: page2.php');
echo "<h1>Welcome</h1>";
echo "You're now logged in. Try visiting <a href='update_info_form.php'>Update Info Form</a>.";
}
?>
Thanks for the help. That didnt work for me though.. I was getting a error on the or part of the if statement. Anyways, I found a more complete example script out there. Everything seems to be working fine on this script except passing the correct password during login. It keeps on telling me that my password is incorrect. I think the problem is here
<?php
// Connects to your Database
include 'db.php';
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM businesses WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: members.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT username , password FROM businesses WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
//then redirect them to the members area
header("Location: members.php");
}
}
}
else
{
// if they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>
The previous method with the fetch_num_rows will work fine. But as this other script shows you have a problem matching your md5 passwords.
Have you compared your $_POST['password'] with your database? Work backwards by making a user/password without md5 and run your script without md5 to make things simple. Try hardcoding something to see if it has to do with your form submission.
Also if you're entering forms with firefox it will often insert a linefeed when you hit return. So use the trim() function to clean up all your form fields before md5 or stripslashes.