Page 1 of 1

An EXTREME smurf

Posted: Mon May 06, 2002 5:10 pm
by Jim
I'm working on a login script and I've got a table, cm_admin. In the table there are the following fields/values:

id- 1
name - Jim
pass - pass
email - jim@jim.com

This is the login page's code:

Code: Select all

<HTML>
	<HEAD><TITLE>Prodigy Login Script v1.1</TITLE></HEAD>

<BODY>

<form method=post action="login2.php">

Name: <input type=text name=name><BR>
Pass: <input type=text name=pass><BR><BR>

<input type=submit value=submit>  <input type=reset>

</form>

</BODY>
Here is the login2.php code:

Code: Select all

<?
ob_start();
include("../../clanmanager/config.php");


$sql = "SELECT * FROM cm_admin WHERE name=$name and pass=$pass";
$result = mysql_query($sql) or die ("Unable to get results."); 
$num = mysql_numrows($result) or die ("Your Username and/or Password are incorrect.  If you feel you have recieved this message in error, please contact the <a href="mailto:website@hot.rr.com">webmaster</a>"); 
if ($num == 1) { 
print("Welcome to ClanManager!  You are logged in as $name !");


setcookie("p_user",$username,time()+1209600,"/","maxxxtorque.com","0");
ob_end_flush();

}
print("<BR><BR>Return to <a href="/prodigy">Prodigy</a>");

?>
What the hell is the problem?

Thanks!

Posted: Mon May 06, 2002 5:32 pm
by fatal
Whats the error MySQL is sending you? Also, using the mysql_error() function is pretty descriptive about what is exactly wrong. And one other thing, try not using the die function, use:

if( !$result)
{
echo"error";
}

And stuff like that.

Posted: Mon May 06, 2002 6:05 pm
by phice

Code: Select all

setcookie("p_user",$username,time()+1209600,"/","maxxxtorque.com","0");
I'm not sure hot to exactly set cookies, but I'm sure there isn't a p_user, nor a $username in that whole program. you may need to rename one of those till you get it right.

Posted: Mon May 06, 2002 6:13 pm
by samscripts
Hi, not sure if this is where the problem is but in:

Code: Select all

$sql = "SELECT * FROM cm_admin WHERE name=$name and pass=$pass";
the name=$name and pass=$pass should be enclosed in quotes (as all strings should be in sql query

ie:

Code: Select all

$sql = "SELECT * FROM cm_admin WHERE name='$name' AND pass='$pass'";]
like fatal says, use mysql_error(), but add the $sql to it as well

Code: Select all

$result = mysql_query($sql) or die("sql error:". mysql_error()."<br>$sql");
or is the problem with the cookie?

sam

Posted: Mon May 06, 2002 6:25 pm
by DSM
$num = mysql_numrows($result) or die ("Your Username and/or Password are incorrect. If you feel you have recieved this message in error, please contact the <a href="mailto:website@hot.rr.com">webmaster</a>");
if ($num == 1) {
print("Welcome to ClanManager! You are logged in as $name !");
I don't see where you are going with the die statement from $num = mysql_numrows($result) or die... Whats the trigger for the die statement?
I do logins like this.

Code: Select all

if($num == 0):
echo"Your Username and/or Password are incorrect.  If you feel you have recieved this message in error, please contact the <a href="mailto:website@hot.rr.com">webmaster</a>";
else:
echo"Welcome to ClanManager!  You are logged in as $name !"; 
endif;
Hope this helped.

Posted: Mon May 06, 2002 6:29 pm
by fatal
Phice:
int setcookie ( string name [, string value [, int expire [, string path [, string domain [, int secure]]]]])

Example 1. setcookie() send examples

setcookie ("TestCookie", $value);
setcookie ("TestCookie", $value,time()+3600); /* expire in 1 hour */

But the '$value' should be replaced by '$name' instead of '$username'

Posted: Mon May 06, 2002 8:08 pm
by phice
Exactly what I was thinking. :)