Page 1 of 1
newbie needing substantial help with php and mysql
Posted: Sun Sep 27, 2009 7:46 pm
by leegreaves
You may feel im being cheeky doing this but i do need some help. I am in the process of constructing a website, and need help with creating a register and login script that is linked to a mysql database on the server. Ive tried to understand as much as i can but i seem to be coming across too many hurdles and may get in too deep for my liking. Is there anyone out there who can code up some php. Im able to create the database on my cpanel, and am able to insert the tables (that much ive learnt thus far). BUT, i have little idea of how to create the login and register scripts using php, and how to link them to my database on the server. The login script will obviously need to be quite simple just a simple username/password entry script which perhaps can include a "remember me" checkbox. The site itself is a membership only site so it needs a session script to go with it to ensure that only logged in members can view the contents of the site itself. I do know that I have to insert that part at the beginning of each of my pages to ensure that a user is logged into the site. ALSO, please excuse my stupidity, but if a user wishes to upload photos to their website would they be stored in the database as well? Id like it so that each user can update their profile (such as adding/deleting content and uploading picture material).
Sorry if this all seems alot of me to ask but im a newbie and just starting out on the php/mysql road.
BUT i would be extrememly grateful if someone out there can start me on the right path
Re: newbie needing substantial help with php and mysql
Posted: Sun Sep 27, 2009 8:54 pm
by Ollie Saunders
You're asking people, who don't know you, to write code, for you, for free; pretty audacious, especially given your awareness of your actions.
Let me save you some time, however: You'll be really lucky if anyone accepts this. And, personally, I'd advise anyone considering accepting, not to. If one wants to code for free, one should code for free under another programmer smarter than himself. Anyway, regardless of all this, this post is off-topic; there's a volunteer forum for this stuff.
Re: newbie needing substantial help with php and mysql
Posted: Sun Sep 27, 2009 11:31 pm
by leegreaves
ok so i understand what ur saying there...but ive got a large red sore lump on my forehead from banging it against a VERY hard brick wall
anyway...what i have done has downloaded some "simple" scripts, although tentatively encased in quote marks due to my limited knowledge, even simple can be difficult to a newbie such as myself. ive adjusted certain aspects of the scripts but am coming across some problems, but im gonna say i have a slight inkling of wot may be happening. First up i will assume my config.php file is correct for the connection to my database. Im also gonna assume the script that allows my login is also correct. I have a suspicion my problem lies with the login-exec.php bit which checks the database that the correct login details are entered. Ive not altered this script in anyway thus far but am assuming that thats where the problem is, that i have not adjusted it to allow for the details on my database. Now my database contains a number of fields, of which are: username, email, password, sex, dob, and profile.
The original login-exec.php file seems to towards the bottom contain some different fields, my question is do i need to adjust this file to reflect what tables my database contains? I assume this because if the check comes up with no result it passes thru this part of the script and goes onto the "query failed" part at the bottom. Im supplying a pasted copy of this file below:
This bit is the config.php file:
<?php
define('DB_HOST', 'localhost');
define('DB_USER', 'tastscou_admin');
define('DB_PASSWORD', 'pentium');
define('DB_DATABASE', 'tastscou_members');
?>
This is the login-exec.php file:<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login-form.php");
exit();
}
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
session_write_close();
header("location: member-index.php");
exit();
}else {
//Login failed
header("location: login-failed.php");
exit();
}
}else {
die("Query failed");
}
?>
WHat is happening is it is coming up with the "query failed" statement at the bottom. Im assuming that somehow its something to do with table mismatches in my databases. ANY IDEAS?
Re: newbie needing substantial help with php and mysql
Posted: Mon Sep 28, 2009 4:18 am
by Ollie Saunders
Change:
to:
Code: Select all
$result = mysql_query($qry) or die(mysql_error());
I suspect, after doing that, they'll be complaints about field names. I've emboldened the field names and italicized the table name, in the query, for you here:
Code: Select all
SELECT * FROM [i]members[/i] WHERE [b]login[/b]='$login' AND [b]passwd[/b]='".md5($_POST['password'])."'";
The values being interpolated into the query aren't being escaped, but I'll get on to that after you try this stuff.