i am try to create a page where a user name and password has to be typed in so the user has to log in. i have a script but i dont know why it keeps on coming up with an error message. it keeps on saying that the users is not on record when they are. can anyone help im going mad.
<?php
if (isset($_POST['submit'])) { // Handle the form.
require_once ('../mysql_connect.php'); // Connect to the db.
$message = NULL; // Create an empty new variable.
// Check for a username.
if (empty($_POST['username'])) {
$u = FALSE;
$message .= '<p>You forgot to enter your username!</p>';
} else {
$u = escape_data($_POST['username']);
}
// Check for a password.
if (empty($_POST['password'])) {
$p = FALSE;
$message .= '<p>You forgot to enter your password!</p>';
} else {
$p = escape_data($_POST['password']);
}
if ($u && $p) { // If everything's OK.
// Retrieve the user_id and first_name for that username/
$query = "SELECT user_id,first_name FROM users WHERE (username='$u' AND password=PASSWORD('$p'))";
$result = @mysql_query ($query); // Run the query.
$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.
if ($row) { // A record was pulled from the database.
// Set the cookies & redirect.
//setcookie ('first_name', $row[1]);
//setcookie ('user_id', $row[0]);
header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php");
exit(); // Quit the script.
} else { // No record matched the query.
$message = '<p>The username and password entered do not match those on file.</p>';
}
mysql_close(); // Close the database connection.
} else {
$message .= '<p>Please try again.</p>';
}
} // End of the main Submit conditional.
// Set the page title and include the HTML header.
// Print the error message if there is one.
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset><legend>Enter your information in the form below:</legend>
<p><b>User Name:</b> <input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
<div align="center"><input type="submit" name="submit" value="Login" /></div>
</form><!-- End of Form -->
</fieldset><?php
// Include the HTML footer.
?>
log in system
Moderator: General Moderators
- partiallynothing
- Forum Commoner
- Posts: 61
- Joined: Fri Nov 21, 2003 5:02 pm
- Location: connecticut, usa
Use the Built in PHP Syntax Highlighter!
Now that it is easier to read, I'll take a look at it...
Code: Select all
<?php
if (isset($_POST['submit'])) { // Handle the form.
require_once ('../mysql_connect.php'); // Connect to the db.
$message = NULL; // Create an empty new variable.
// Check for a username.
if (empty($_POST['username'])) {
$u = FALSE;
$message .= '<p>You forgot to enter your username!</p>';
} else {
$u = escape_data($_POST['username']);
}
// Check for a password.
if (empty($_POST['password'])) {
$p = FALSE;
$message .= '<p>You forgot to enter your password!</p>';
} else {
$p = escape_data($_POST['password']);
}
if ($u && $p) { // If everything's OK.
// Retrieve the user_id and first_name for that username/
$query = "SELECT user_id,first_name FROM users WHERE (username='$u' AND password=PASSWORD('$p'))";
$result = @mysql_query ($query); // Run the query.
$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.
if ($row) { // A record was pulled from the database.
// Set the cookies & redirect.
//setcookie ('first_name', $row[1]);
//setcookie ('user_id', $row[0]);
header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php");
exit(); // Quit the script.
} else { // No record matched the query.
$message = '<p>The username and password entered do not match those on file.</p>';
}
mysql_close(); // Close the database connection.
} else {
$message .= '<p>Please try again.</p>';
}
} // End of the main Submit conditional.
// Set the page title and include the HTML header.
// Print the error message if there is one.
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset><legend>Enter your information in the form below:</legend>
<p><b>User Name:</b> <input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
<div align="center"><input type="submit" name="submit" value="Login" /></div>
</form><!-- End of Form -->
</fieldset><?php
// Include the HTML footer.
?>- partiallynothing
- Forum Commoner
- Posts: 61
- Joined: Fri Nov 21, 2003 5:02 pm
- Location: connecticut, usa
The MySQL query is probably whats causing the problem. I would suggest using an alternate method of encryption rather than PASSWORD().
I would suggest using MD5 personally.MySQL.COM wrote:Note: The PASSWORD() function is used by the authentication system in MySQL Server, you should NOT use it in your own applications. For that purpose, use MD5() or SHA1() instead. Also see RFC-2195 for more information about handling passwords and authentication securely in your application.