Log In Script Problems

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
partiallynothing
Forum Commoner
Posts: 61
Joined: Fri Nov 21, 2003 5:02 pm
Location: connecticut, usa

Log In Script Problems

Post by partiallynothing »

This is my first piece of code EVER, so I suspect there is much wrong with it. Could someone please help me with why this doesn't work. Essentially, I want it to check for values in the two text fields (username and password), then match the username given with one in the database, the pull out that username and password, and check the password.

Thanks!

--------------------------------------------------------------

<?php
//start session
session_start();

//include files
include("config.inc.php");

//checks for entries
if($_POST['submit']) {
if(!$_POST['username'] | !$_POST['password']) {
die('You didn''t fill in a required field.');
} else {
//mysql query
$query = ("SELECT username, password FROM users WHERE username = "demo")";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_row($result);
}{
//check username and password
if($_POST['password'] = $row['2'])
$_SESSION['auth'] = '1';
echo "Login Successful";
}
else
print ("Username invalid");
?>
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="username" value=<?php echo ($_POST['password']) or die()?> maxlength="40"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" maxlength="50"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="submit" value="Signin"></td></tr>
</table>
</form>
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

There are a couple errors I can see:

1.

Code: Select all

if(!$_POST&#1111;'username'] | !$_POST&#1111;'password']) &#123;
would be better written as

Code: Select all

if(!$_POST&#1111;'username'] || !$_POST&#1111;'password']) &#123;
"|" is a bitwise operator but should be "||", a logical operator

2. In this line

Code: Select all

$query = ("SELECT username, password FROM users WHERE username = "demo")";
you are querying the database for the username - "demo". What you want to do is search for whatever username was inputted in the form. So replace it with this:

Code: Select all

$username = $_POST&#1111;'username'];
$query = "SELECT username, password FROM users WHERE username = '$username'";
3. The line

Code: Select all

&#125;&#123;
should be

Code: Select all

&#125;
&#125;
4. In this section you are missing some brackets:

Code: Select all

//check username and password
if($_POST&#1111;'password'] = $row&#1111;'2'])
$_SESSION&#1111;'auth'] = '1';
echo "Login Successful";
&#125;
else
print ("Username invalid");
?>
It should be written like this:

Code: Select all

//check username and password
if($_POST&#1111;'password'] == $row&#1111;'2'])  &#123;
$_SESSION&#1111;'auth'] = '1';
echo "Login Successful";
&#125;
else  &#123;
print ("Username invalid");
&#125;
?>
5. I fixed it in the example above but one line that it is incorrect is this:

Code: Select all

if($_POST&#1111;'password'] = $row&#1111;'2'])
Right now that means, make the $_POST['password'] equal to $row['2']. It should mean, check if the password is equal to $row['2']. You can do that by using the "==" operator. Check it out in the logical operators section. So it should be written as:

Code: Select all

if($_POST&#1111;'password'] == $row&#1111;'2'])  &#123;

6. In your form, I'm not sure why you put this line:

Code: Select all

<input type="text" name="username" value=<?php echo ($_POST&#1111;'password']) or die()?> maxlength="40">
Right now what that is doing is trying to print out the submitted password into where the user would normally type in their username. You can change it to this:

Code: Select all

<input type="text" name="username" maxlength="40">
That's all I can see for now. If that doesn't fix your problems, try posting again.
And remember, PHP.net is your friend :D .
Last edited by DuFF on Mon Nov 24, 2003 10:35 pm, edited 1 time in total.
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

to further extend DuFFs good suggestions...
DuFF wrote: 2. In this line

Code: Select all

$query = ("SELECT username, password FROM users WHERE username = "demo")";
you are querying the database for the username - "demo". What you want to do is search for whatever username was inputted in the form. So replace it with this:

Code: Select all

$query = ("SELECT username, password FROM users WHERE username = "$_POST&#1111;'username']")";
Won't the "$_POST['username']" part escape the query?
I'd suggest using:

Code: Select all

$sqlusr = $_POST&#1111;'username'];
$query = ("SELECT username, password FROM users WHERE username = '$sqlusr'");
and not only did i change that, but you code looked like this:
$query = ("STATEMENT)";
so i switched it to
$query = ("STATEMENT");

5. In your form, I'm not sure why you put this line:

Code: Select all

<input type="text" name="username" value=<?php echo ($_POST&#1111;'password']) or die()?> maxlength="40">
Right now what that is doing is trying to print out the submitted password into where the user would normally type in their username. You can change it to this:

Code: Select all

<input type="text" name="username" maxlength="40">
this is probably to input what the user put for a username when they submitted it?
so just change $_POST['password'] to $_POST['username']
User avatar
partiallynothing
Forum Commoner
Posts: 61
Joined: Fri Nov 21, 2003 5:02 pm
Location: connecticut, usa

Still some issues...

Post by partiallynothing »

Thanks a lot for your help, and at least now the page loads without fatal errors, but I am still getting some "notices".

This is the code I have now:

-----------------------------------------------------------------------------

Code: Select all

<?php 
//start session
session_start();

//include files
include("config.inc.php");

//checks for entries
if(isset($_POST['submit'])) {
	 if(!$_POST['username'] || !$_POST['password']) {
		die('You didn''t fill in a required field.');
  } else {
    //mysql query
	$sqlusr = $_POST['username'];
	$query = ("SELECT username, password FROM users WHERE username = '$sqlusr'"); 
	$result = mysql_query($query) or die(mysql_error());
	$row = mysql_fetch_row($result);
	}
	}
	//check username and password
	if($_POST['password'] == $row['2'])  {
	$_SESSION['auth'] = '1';
	echo "Login Successful";
	}
	else  {
	print ("Username invalid");
	}
?>
?>
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="username" maxlength="40"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" maxlength="50"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="submit" value="Signin"></td></tr>
</table>
</form>
-----------------------------------------------------------------------------

I am getting these "notices" upon page load:

"Notice: Undefined index: password in c:\inetpub\wwwroot\pn\u5.php on line 21

Notice: Undefined variable: row in c:\inetpub\wwwroot\pn\u5.php on line 21
Login Successful?>"

Then also, when I try to enter my user and password anyway and click submitt, I get this notice:

"Notice: Undefined index: 2 in c:\inetpub\wwwroot\pn\u5.php on line 21
Username invalid?>"

Any help would be highly appreciated!
Nay
Forum Regular
Posts: 951
Joined: Fri Jun 20, 2003 11:03 am
Location: Brisbane, Australia

Post by Nay »

You can turn off the error reporting for notices in the php.ini file. It not, you can use ini_set() just for this script. And the query, just to avoid using an extra variable, you can do it as:

Code: Select all

$query = "SELECT username, password FROM users WHERE username ='{$_POST['username']}'";
-Nay
User avatar
partiallynothing
Forum Commoner
Posts: 61
Joined: Fri Nov 21, 2003 5:02 pm
Location: connecticut, usa

...

Post by partiallynothing »

When I try to put in a user and password (one that I know is right), it returns Username Invalid. Can anyone tell me why this is?

Here is the PHP script again:

Code: Select all

<?php 
//start session
session_start();

//include files
include("config.inc.php");

//checks for entries
if($_POST['submit']) {
	if(!$_POST['username'] || !$_POST['password']) {
		die('You didn''t fill in a required field.');
  } else {
    //mysql query
	$query = "SELECT username, password FROM users WHERE username ='{$_POST['username']}'"; 
	$result = mysql_query($query) or die(mysql_error());
	while ($row = mysql_fetch_row($result));
	}
	}
	//check username and password
	if($_POST['password'] == $row['2'])  {
	$_SESSION['auth'] = '1';
	echo "Login Successful";
  }	else {
	print ("Username invalid");
	}
?>
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="username" maxlength="40"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" maxlength="50"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" name="submit" value="Signin"></td></tr>
</table>
</form>
Nay
Forum Regular
Posts: 951
Joined: Fri Jun 20, 2003 11:03 am
Location: Brisbane, Australia

Post by Nay »

You mysql_query had no second argument, which is the connection to the database. And, instead of the hassle with mysql_fetch_array, you can use:

Code: Select all

<?php

session_start();
include("config.inc.php");


if(isSet($_POST['submit'])) {

   if(empty($_POST['username']) || empty($_POST['password'])) {
      echo "Login Invalid";
      exit;
   }

   $query = "SELECT username, password FROM users WHERE username ='{$_POST['username']}' AND password = '{$_POST['password']}'";
   $result = mysql_query($query, $connection) or die(mysql_error());

      if(mysql_num_rows($result) == "0" || mysql_num_rows($result) > 1) {
         echo "Login invalid";
      } else {
         $_SESSION['auth'] = "1";
         echo "Login Successful";
      }

} else {

echo <<< FORM

<form action="{$_SERVER['PHP_SELF']}" method="post">
   <table align="center" border="1" cellspacing="0" cellpadding="3">
      <tr>
         <td>Username:</td>
         <td><input type="text" name="username" maxlength="40"></td>
      </tr>
      <tr>
         <td>Password:</td>
         <td><input type="password" name="password" maxlength="50"></td>
      </tr>
      <tr>
         <td colspan="2" align="center"><input type="submit" name="submit" value="Signin">
         <input type="hidden" name="submit" value="submitted" /></td>
      </tr>
   </table>
</form>
FORM;

?>
-Nay
Post Reply