login script *rips hair out*

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

login script *rips hair out*

Post by dull1554 »

i have set up a registration script to write registation info to a database, now i need to beable to let that user login, but i cant get this to work

the table "names" is in the database "complexscripting" and the usernames and passwords are stored in the fields "username" and "password" respectivly.

heres what i have

login.html

Code: Select all

<html>
<head>
<link rel="stylesheet" type="text/css" href="styles.css"/>
<script type="text/javascript" src="fader.js"></script>
</head>
<body>  <table width='100%' height='100%' border='0' cellspacing='1' cellpadding='2' bgcolor='#dcdcdc' align='center'>
   <tr><td width='200' border='1' bgcolor='whitesmoke'>Login
   </td></tr><tr><td width='200' border='1' bgcolor='#ffffff'><form action='login.php' method='post'>
   Enter UserName: <input type="text" name="user">
   <br>
   Enter Password: <input type="password" name="password">
   <br>
   <input type='submit' value='submit'></form>
   <br>
   <a href='register.html' target='main'>Have you registered yet?</a>
   </td></tr></table>


</body>
</html>
login.php

Code: Select all

<?php

$dbhost = 'www.freesql.org';
$dbusername = '*************';
$dbpasswd = '***********';
$database_name = 'complexscripting';


$connection = mysql_pconnect("$dbhost","$dbusername","$dbpasswd")
	or die ("Couldn't connect to server.");

$db = mysql_select_db("$database_name", $connection)
	or die("Couldn't select database.");
$username = $_POST['user'];
$password = md5($_POST['password']);
$db_username = mysql_query("SELECT username FROM users");
$db_password = mysql_query("SELECT password FROM users");

if (($username == $db_username) && ($password == $db_password)){
    echo "login complete";
}
else{
    echo "not found in database! please register!";
}
?>
once i get it to check the database for the users and such ill have it write a cookie that defines login but i just want to get the basic script to work

when i run the script i dont get any errors it just wont say im loged in, no matter what it says not found in database!

as usual any help is greatly appreciated!
User avatar
Pyrite
Forum Regular
Posts: 769
Joined: Tue Sep 23, 2003 11:07 pm
Location: The Republic of Texas
Contact:

Post by Pyrite »

What's you probably want to do is:

SELECT password FROM users WHERE username='$username'

And then compare the password entered with the password in the db for that username typed in. No point in comparing the usernames.
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

how exactly might one do this, i apoligize for this (very likely to sound stupid) question, but i'm rather new to mySQL and dont really know the php syntax for incorperating sql into php, before i tended to stick to just flat files
User avatar
Pyrite
Forum Regular
Posts: 769
Joined: Tue Sep 23, 2003 11:07 pm
Location: The Republic of Texas
Contact:

Post by Pyrite »

Delete this:
db_username = mysql_query("SELECT username FROM users");
Also Delete This from your if statement:
($username == $db_username) &&

Then:

$db_password = mysql_query("SELECT password FROM users WHERE username='$username'");

Then do the if (md5($password) == $db_password)
then you're logged in.

Assuming your password in the db is hashed with md5 of course.
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

like this?

Code: Select all

<?php

include "db.php";
$username = $_POST['user'];
$password = $_POST['password'];
$db_password = mysql_query("SELECT password FROM users WHERE username='$username'");

if ((md5($password)) == $db_password) {
    echo "login complete";
}
else{
    echo "not found in database! please register!";
}
?>
because this still does not work
User avatar
Pyrite
Forum Regular
Posts: 769
Joined: Tue Sep 23, 2003 11:07 pm
Location: The Republic of Texas
Contact:

Post by Pyrite »

You have to use the mysql_fetch_array function to put the result into a variable for the db_password.
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

so i tried this

Code: Select all

<?php

include "db.php";
$username = $_POST['user'];
$password = $_POST['password'];
$db_userpass = mysql_query("SELECT password FROM users WHERE username='$username'");
$db_password = mysql_fetch_array($db_userpass);
if (md5($password) == $db_password) {
    echo "login complete";
}
else{
    echo "not found in database! please register!";
}
?>
and it still did not work, i'm sorry for all this trouble i just am really hopeful that i will be able to get this to work
User avatar
Pyrite
Forum Regular
Posts: 769
Joined: Tue Sep 23, 2003 11:07 pm
Location: The Republic of Texas
Contact:

Post by Pyrite »

Why is it that in a few other threads in this forum you tell other users to either RTFM the docs or that they must have a poor site, or that they should not ask others to write code for them?

I'm sorry, I've given you enough help. Google the rest.
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

what i did say was that they should go to the job section, you should come with atleast a basis for the code that you wish to result with, and i did indeed say that a php scripting site hosted by a person that does not know php is not a php scripting site at all, i'm sorry if i have ticked you off and i just wanted to thankyou for the help!
User avatar
Pyrite
Forum Regular
Posts: 769
Joined: Tue Sep 23, 2003 11:07 pm
Location: The Republic of Texas
Contact:

Post by Pyrite »

Just put a little more effort into this yourself ok. You can easily do a google search for "retrieving one field from mysql with php" and pull up tons of info.
User avatar
Pyrite
Forum Regular
Posts: 769
Joined: Tue Sep 23, 2003 11:07 pm
Location: The Republic of Texas
Contact:

Post by Pyrite »

Try this:

Code: Select all

<?php

include "db.php";
$username = $_POST['user'];
$password = $_POST['password'];
$db_userpass = mysql_query("SELECT password FROM users WHERE username='$username'");
$db_password = mysql_fetch_array($db_userpass);
$db_password = $db_password['password'];
if (md5($password) == $db_password) {
    echo "login complete";
}
else{
    echo "not found in database! please register!";
}
?>
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

thankyou it works, your the best
User avatar
Pyrite
Forum Regular
Posts: 769
Joined: Tue Sep 23, 2003 11:07 pm
Location: The Republic of Texas
Contact:

Post by Pyrite »

Great.

Just so you know. I use the ADOdb encapsulation class for my db code. I also use phpSecurePages for some of my apps, cause it has nice session code.
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

thanks a bunch
RoMeRz
Forum Newbie
Posts: 7
Joined: Mon Dec 01, 2003 3:19 pm
Location: Scotland

Post by RoMeRz »

can i ask,

$db_password = $db_password['password'];

could someone explain this for me please. I just quite understand what the ['password'] bit at the end is for.

ta
Post Reply