Log In Script Problems
Moderator: General Moderators
- partiallynothing
- Forum Commoner
- Posts: 61
- Joined: Fri Nov 21, 2003 5:02 pm
- Location: connecticut, usa
Log In Script Problems
This is my first piece of code EVER, so I suspect there is much wrong with it. Could someone please help me with why this doesn't work. Essentially, I want it to check for values in the two text fields (username and password), then match the username given with one in the database, the pull out that username and password, and check the password.
Thanks!
--------------------------------------------------------------
<?php
//start session
session_start();
//include files
include("config.inc.php");
//checks for entries
if($_POST['submit']) {
if(!$_POST['username'] | !$_POST['password']) {
die('You didn''t fill in a required field.');
} else {
//mysql query
$query = ("SELECT username, password FROM users WHERE username = "demo")";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_row($result);
}{
//check username and password
if($_POST['password'] = $row['2'])
$_SESSION['auth'] = '1';
echo "Login Successful";
}
else
print ("Username invalid");
?>
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="username" value=<?php echo ($_POST['password']) or die()?> maxlength="40"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" maxlength="50"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="submit" value="Signin"></td></tr>
</table>
</form>
Thanks!
--------------------------------------------------------------
<?php
//start session
session_start();
//include files
include("config.inc.php");
//checks for entries
if($_POST['submit']) {
if(!$_POST['username'] | !$_POST['password']) {
die('You didn''t fill in a required field.');
} else {
//mysql query
$query = ("SELECT username, password FROM users WHERE username = "demo")";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_row($result);
}{
//check username and password
if($_POST['password'] = $row['2'])
$_SESSION['auth'] = '1';
echo "Login Successful";
}
else
print ("Username invalid");
?>
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="username" value=<?php echo ($_POST['password']) or die()?> maxlength="40"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" maxlength="50"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="submit" value="Signin"></td></tr>
</table>
</form>
There are a couple errors I can see:
1.
would be better written as
"|" is a bitwise operator but should be "||", a logical operator
2. In this line
you are querying the database for the username - "demo". What you want to do is search for whatever username was inputted in the form. So replace it with this:
3. The line should be
4. In this section you are missing some brackets:
It should be written like this:
5. I fixed it in the example above but one line that it is incorrect is this:
Right now that means, make the $_POST['password'] equal to $row['2']. It should mean, check if the password is equal to $row['2']. You can do that by using the "==" operator. Check it out in the logical operators section. So it should be written as:
6. In your form, I'm not sure why you put this line:
Right now what that is doing is trying to print out the submitted password into where the user would normally type in their username. You can change it to this:
That's all I can see for now. If that doesn't fix your problems, try posting again.
And remember, PHP.net is your friend
.
1.
Code: Select all
if(!$_POSTї'username'] | !$_POSTї'password']) {Code: Select all
if(!$_POSTї'username'] || !$_POSTї'password']) {2. In this line
Code: Select all
$query = ("SELECT username, password FROM users WHERE username = "demo")";Code: Select all
$username = $_POSTї'username'];
$query = "SELECT username, password FROM users WHERE username = '$username'";Code: Select all
}{Code: Select all
}
}Code: Select all
//check username and password
if($_POSTї'password'] = $rowї'2'])
$_SESSIONї'auth'] = '1';
echo "Login Successful";
}
else
print ("Username invalid");
?>Code: Select all
//check username and password
if($_POSTї'password'] == $rowї'2']) {
$_SESSIONї'auth'] = '1';
echo "Login Successful";
}
else {
print ("Username invalid");
}
?>Code: Select all
if($_POSTї'password'] = $rowї'2'])Code: Select all
if($_POSTї'password'] == $rowї'2']) {6. In your form, I'm not sure why you put this line:
Code: Select all
<input type="text" name="username" value=<?php echo ($_POSTї'password']) or die()?> maxlength="40">Code: Select all
<input type="text" name="username" maxlength="40">And remember, PHP.net is your friend
Last edited by DuFF on Mon Nov 24, 2003 10:35 pm, edited 1 time in total.
-
d3ad1ysp0rk
- Forum Donator
- Posts: 1661
- Joined: Mon Oct 20, 2003 8:31 pm
- Location: Maine, USA
to further extend DuFFs good suggestions...
I'd suggest using:
and not only did i change that, but you code looked like this:
$query = ("STATEMENT)";
so i switched it to
$query = ("STATEMENT");
so just change $_POST['password'] to $_POST['username']
Won't the "$_POST['username']" part escape the query?DuFF wrote: 2. In this lineyou are querying the database for the username - "demo". What you want to do is search for whatever username was inputted in the form. So replace it with this:Code: Select all
$query = ("SELECT username, password FROM users WHERE username = "demo")";Code: Select all
$query = ("SELECT username, password FROM users WHERE username = "$_POSTї'username']")";
I'd suggest using:
Code: Select all
$sqlusr = $_POSTї'username'];
$query = ("SELECT username, password FROM users WHERE username = '$sqlusr'");$query = ("STATEMENT)";
so i switched it to
$query = ("STATEMENT");
this is probably to input what the user put for a username when they submitted it?5. In your form, I'm not sure why you put this line:Right now what that is doing is trying to print out the submitted password into where the user would normally type in their username. You can change it to this:Code: Select all
<input type="text" name="username" value=<?php echo ($_POSTї'password']) or die()?> maxlength="40">Code: Select all
<input type="text" name="username" maxlength="40">
so just change $_POST['password'] to $_POST['username']
- partiallynothing
- Forum Commoner
- Posts: 61
- Joined: Fri Nov 21, 2003 5:02 pm
- Location: connecticut, usa
Still some issues...
Thanks a lot for your help, and at least now the page loads without fatal errors, but I am still getting some "notices".
This is the code I have now:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
I am getting these "notices" upon page load:
"Notice: Undefined index: password in c:\inetpub\wwwroot\pn\u5.php on line 21
Notice: Undefined variable: row in c:\inetpub\wwwroot\pn\u5.php on line 21
Login Successful?>"
Then also, when I try to enter my user and password anyway and click submitt, I get this notice:
"Notice: Undefined index: 2 in c:\inetpub\wwwroot\pn\u5.php on line 21
Username invalid?>"
Any help would be highly appreciated!
This is the code I have now:
-----------------------------------------------------------------------------
Code: Select all
<?php
//start session
session_start();
//include files
include("config.inc.php");
//checks for entries
if(isset($_POST['submit'])) {
if(!$_POST['username'] || !$_POST['password']) {
die('You didn''t fill in a required field.');
} else {
//mysql query
$sqlusr = $_POST['username'];
$query = ("SELECT username, password FROM users WHERE username = '$sqlusr'");
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_row($result);
}
}
//check username and password
if($_POST['password'] == $row['2']) {
$_SESSION['auth'] = '1';
echo "Login Successful";
}
else {
print ("Username invalid");
}
?>
?>
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="username" maxlength="40"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" maxlength="50"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="submit" value="Signin"></td></tr>
</table>
</form>I am getting these "notices" upon page load:
"Notice: Undefined index: password in c:\inetpub\wwwroot\pn\u5.php on line 21
Notice: Undefined variable: row in c:\inetpub\wwwroot\pn\u5.php on line 21
Login Successful?>"
Then also, when I try to enter my user and password anyway and click submitt, I get this notice:
"Notice: Undefined index: 2 in c:\inetpub\wwwroot\pn\u5.php on line 21
Username invalid?>"
Any help would be highly appreciated!
You can turn off the error reporting for notices in the php.ini file. It not, you can use ini_set() just for this script. And the query, just to avoid using an extra variable, you can do it as:
-Nay
Code: Select all
$query = "SELECT username, password FROM users WHERE username ='{$_POST['username']}'";- partiallynothing
- Forum Commoner
- Posts: 61
- Joined: Fri Nov 21, 2003 5:02 pm
- Location: connecticut, usa
...
When I try to put in a user and password (one that I know is right), it returns Username Invalid. Can anyone tell me why this is?
Here is the PHP script again:
Here is the PHP script again:
Code: Select all
<?php
//start session
session_start();
//include files
include("config.inc.php");
//checks for entries
if($_POST['submit']) {
if(!$_POST['username'] || !$_POST['password']) {
die('You didn''t fill in a required field.');
} else {
//mysql query
$query = "SELECT username, password FROM users WHERE username ='{$_POST['username']}'";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_row($result));
}
}
//check username and password
if($_POST['password'] == $row['2']) {
$_SESSION['auth'] = '1';
echo "Login Successful";
} else {
print ("Username invalid");
}
?>
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="username" maxlength="40"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" maxlength="50"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="submit" value="Signin"></td></tr>
</table>
</form>You mysql_query had no second argument, which is the connection to the database. And, instead of the hassle with mysql_fetch_array, you can use:
-Nay
Code: Select all
<?php
session_start();
include("config.inc.php");
if(isSet($_POST['submit'])) {
if(empty($_POST['username']) || empty($_POST['password'])) {
echo "Login Invalid";
exit;
}
$query = "SELECT username, password FROM users WHERE username ='{$_POST['username']}' AND password = '{$_POST['password']}'";
$result = mysql_query($query, $connection) or die(mysql_error());
if(mysql_num_rows($result) == "0" || mysql_num_rows($result) > 1) {
echo "Login invalid";
} else {
$_SESSION['auth'] = "1";
echo "Login Successful";
}
} else {
echo <<< FORM
<form action="{$_SERVER['PHP_SELF']}" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr>
<td>Username:</td>
<td><input type="text" name="username" maxlength="40"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" maxlength="50"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="Signin">
<input type="hidden" name="submit" value="submitted" /></td>
</tr>
</table>
</form>
FORM;
?>