Page 1 of 2

login script *rips hair out*

Posted: Mon Dec 01, 2003 10:39 pm
by dull1554
i have set up a registration script to write registation info to a database, now i need to beable to let that user login, but i cant get this to work

the table "names" is in the database "complexscripting" and the usernames and passwords are stored in the fields "username" and "password" respectivly.

heres what i have

login.html

Code: Select all

<html>
<head>
<link rel="stylesheet" type="text/css" href="styles.css"/>
<script type="text/javascript" src="fader.js"></script>
</head>
<body>  <table width='100%' height='100%' border='0' cellspacing='1' cellpadding='2' bgcolor='#dcdcdc' align='center'>
   <tr><td width='200' border='1' bgcolor='whitesmoke'>Login
   </td></tr><tr><td width='200' border='1' bgcolor='#ffffff'><form action='login.php' method='post'>
   Enter UserName: <input type="text" name="user">
   <br>
   Enter Password: <input type="password" name="password">
   <br>
   <input type='submit' value='submit'></form>
   <br>
   <a href='register.html' target='main'>Have you registered yet?</a>
   </td></tr></table>


</body>
</html>
login.php

Code: Select all

<?php

$dbhost = 'www.freesql.org';
$dbusername = '*************';
$dbpasswd = '***********';
$database_name = 'complexscripting';


$connection = mysql_pconnect("$dbhost","$dbusername","$dbpasswd")
	or die ("Couldn't connect to server.");

$db = mysql_select_db("$database_name", $connection)
	or die("Couldn't select database.");
$username = $_POST['user'];
$password = md5($_POST['password']);
$db_username = mysql_query("SELECT username FROM users");
$db_password = mysql_query("SELECT password FROM users");

if (($username == $db_username) && ($password == $db_password)){
    echo "login complete";
}
else{
    echo "not found in database! please register!";
}
?>
once i get it to check the database for the users and such ill have it write a cookie that defines login but i just want to get the basic script to work

when i run the script i dont get any errors it just wont say im loged in, no matter what it says not found in database!

as usual any help is greatly appreciated!

Posted: Mon Dec 01, 2003 10:44 pm
by Pyrite
What's you probably want to do is:

SELECT password FROM users WHERE username='$username'

And then compare the password entered with the password in the db for that username typed in. No point in comparing the usernames.

Posted: Mon Dec 01, 2003 10:47 pm
by dull1554
how exactly might one do this, i apoligize for this (very likely to sound stupid) question, but i'm rather new to mySQL and dont really know the php syntax for incorperating sql into php, before i tended to stick to just flat files

Posted: Mon Dec 01, 2003 10:51 pm
by Pyrite
Delete this:
db_username = mysql_query("SELECT username FROM users");
Also Delete This from your if statement:
($username == $db_username) &&

Then:

$db_password = mysql_query("SELECT password FROM users WHERE username='$username'");

Then do the if (md5($password) == $db_password)
then you're logged in.

Assuming your password in the db is hashed with md5 of course.

Posted: Mon Dec 01, 2003 11:01 pm
by dull1554
like this?

Code: Select all

<?php

include "db.php";
$username = $_POST['user'];
$password = $_POST['password'];
$db_password = mysql_query("SELECT password FROM users WHERE username='$username'");

if ((md5($password)) == $db_password) {
    echo "login complete";
}
else{
    echo "not found in database! please register!";
}
?>
because this still does not work

Posted: Mon Dec 01, 2003 11:18 pm
by Pyrite
You have to use the mysql_fetch_array function to put the result into a variable for the db_password.

Posted: Mon Dec 01, 2003 11:26 pm
by dull1554
so i tried this

Code: Select all

<?php

include "db.php";
$username = $_POST['user'];
$password = $_POST['password'];
$db_userpass = mysql_query("SELECT password FROM users WHERE username='$username'");
$db_password = mysql_fetch_array($db_userpass);
if (md5($password) == $db_password) {
    echo "login complete";
}
else{
    echo "not found in database! please register!";
}
?>
and it still did not work, i'm sorry for all this trouble i just am really hopeful that i will be able to get this to work

Posted: Mon Dec 01, 2003 11:32 pm
by Pyrite
Why is it that in a few other threads in this forum you tell other users to either RTFM the docs or that they must have a poor site, or that they should not ask others to write code for them?

I'm sorry, I've given you enough help. Google the rest.

Posted: Mon Dec 01, 2003 11:38 pm
by dull1554
what i did say was that they should go to the job section, you should come with atleast a basis for the code that you wish to result with, and i did indeed say that a php scripting site hosted by a person that does not know php is not a php scripting site at all, i'm sorry if i have ticked you off and i just wanted to thankyou for the help!

Posted: Mon Dec 01, 2003 11:40 pm
by Pyrite
Just put a little more effort into this yourself ok. You can easily do a google search for "retrieving one field from mysql with php" and pull up tons of info.

Posted: Mon Dec 01, 2003 11:45 pm
by Pyrite
Try this:

Code: Select all

<?php

include "db.php";
$username = $_POST['user'];
$password = $_POST['password'];
$db_userpass = mysql_query("SELECT password FROM users WHERE username='$username'");
$db_password = mysql_fetch_array($db_userpass);
$db_password = $db_password['password'];
if (md5($password) == $db_password) {
    echo "login complete";
}
else{
    echo "not found in database! please register!";
}
?>

Posted: Tue Dec 02, 2003 12:04 am
by dull1554
thankyou it works, your the best

Posted: Tue Dec 02, 2003 12:13 am
by Pyrite
Great.

Just so you know. I use the ADOdb encapsulation class for my db code. I also use phpSecurePages for some of my apps, cause it has nice session code.

Posted: Tue Dec 02, 2003 12:21 am
by dull1554
thanks a bunch

Posted: Tue Dec 02, 2003 5:25 am
by RoMeRz
can i ask,

$db_password = $db_password['password'];

could someone explain this for me please. I just quite understand what the ['password'] bit at the end is for.

ta