PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
Fanstop.tk
Forum Newbie
Posts: 17 Joined: Wed Jul 21, 2004 11:02 pm
Post
by Fanstop.tk » Wed Jul 21, 2004 11:02 pm
feyd | Please use Code: Select all
tags when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
I've developed a script designed for a very simple login based on mySQL. The username exists in the array, but it won't return it as true... Why doesn't it work?Code: Select all
<?
// start the session
session_start(); //Must use on all pages.
header("Cache-control: private"); //IE 6 Fix
include("DBconnect.php");
if($user){
$_SESSION['user'] = $user;
$sql = "select Username, Password from Members";
$result = mysql_query($sql)or die("There was an error sending your query: ".mysql_error());
$row = mysql_fetch_array($result, MYSQL_NUM);
$num = count($row);
$found = false;
for($i=0; $i < $num+1; $i++){
if($user == $row[$i]){
$found = true;
$id = $i;
}
}
if($found){
echo "Found";
echo "<br><br>";
echo "User: $id";
}
else{
echo "User not found";
}
}
else{
echo "No User Specified";
session_destroy();
}
?>
feyd | Please use Code: Select all
tags when posting code. Read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
Last edited by
Fanstop.tk on Sat Jul 24, 2004 10:11 pm, edited 1 time in total.
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Wed Jul 21, 2004 11:15 pm
I'm going to guess it outputs "No user specified"? .. If so, you'll need to switch $user to $_POST['user'] or $_GET['user'], depending if you are using the post or get methods respectively.
Additionally, your query will retrieve all users and their passwords from the Members table. mysql_fetch_array() only retrieves 1 row, not all rows returned.
something like this may work better
Code: Select all
<?php
if(!empty($_POST['user']) && !empty($_POST['password']))
{
$_SESSION['user'] = $_POST['user'];
$sql = "SELECT `Username`, `Password` FROM `Members` WHERE `Username` = '" . mysql_escape_string($_SESSION['user']) . "'";
$result = mysql_query($sql) or die(mysql_error());
$num = mysql_num_rows($result);
if($num != 1)
die('User not found');
list($user,$pass) = mysql_fetch_row($result);
echo 'User found: ' . $user . ', ' . $pass;
}
else
die('No user/password supplied');
?>
Fanstop.tk
Forum Newbie
Posts: 17 Joined: Wed Jul 21, 2004 11:02 pm
Post
by Fanstop.tk » Thu Jul 22, 2004 2:16 pm
Thank you. I have one question though: How does this work?
Does it just return a numeric "True"/"False"?
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Thu Jul 22, 2004 2:17 pm
if the value of $num (the return from mysql_num_rows()) is not equal to 1
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Fri Jul 23, 2004 12:34 pm
where's $function set?
Fanstop.tk
Forum Newbie
Posts: 17 Joined: Wed Jul 21, 2004 11:02 pm
Post
by Fanstop.tk » Sat Jul 24, 2004 9:21 pm
$function is set in the URL bar through a link.
I have a new problem... I can seem to have thus set read to output.. what is the problem with it?
Code: Select all
<?php
$sql = "select id, Username, Password, Mail, Level, Wins, Loses, Message from Members where id='$id'";
$result = mysql_query($sql) or die("Error Connecting to database");
$row = mysql_fetch_row($result);
?>
<FORM ACTION="admin.php" method="POST">
<table width=450 cellspacing=0>
<TR>
<TD bgcolor=000000>
<font color=FFFFFF><b>Editing details for <? echo $row->Username; ?></b></font>
</TD>
</TR>
<TR>
<TD>
<TABLE WIDTH=450>
<TR>
<TD BGCOLOR=EEEEEE>
Name:
</TD>
<TD BGCOLOR=EEEEEE>
<input name="user" value="<? echo $row->Username; ?>">
<input name="id" type=hidden value="<? echo $row->id; ?>">
</TD>
</TR>
<TR>
<TD BGCOLOR=EEEEEE>
Password:
</TD>
<TD BGCOLOR=EEEEEE>
<input name="password" type=password>
</TD>
</TR>
<TR>
<TD BGCOLOR=EEEEEE>
Again:
</TD>
<TD BGCOLOR=EEEEEE>
<input name="repass" type=password>
</TD>
</TR>
<TR>
<TD BGCOLOR=EEEEEE>
Email:
</TD>
<TD BGCOLOR=EEEEEE>
<input name="email" value="<? echo $row->Mail; ?>">
</TD>
</TR>
<TR>
<TD BGCOLOR=EEEEEE>
Wins/Loses:
</TD>
<TD BGCOLOR=EEEEEE>
<input name="wins" size=2 value="<? echo $row->Wins; ?>"> / <input name="loses" size=2 value="<? echo $row->Loses; ?>">
</TD>
</TR>
<TR>
<TD BGCOLOR=EEEEEE valign=top>
Message:
</TD>
<TD BGCOLOR=EEEEEE>
<textarea name="message"><? echo $row->Message; ?></textarea>
</TD>
</TR>
<TR>
<TD BGCOLOR=EEEEEE valign=top>
</TD>
<TD BGCOLOR=EEEEEE>
<input type=submit name="function" value="Edit">
</TD>
</TR>
</TABLE>
</TD>
</TR>
</TABLE>
</FORM>
<?
}
?>
Now, this connects to a mySQL db though a seporate file named DBconnect (seen below) which is used in an include.
Code: Select all
<?php
<?
if($con = mysql_connect("*****", "*****", "*****")){
}
else{
die("<b>Error Connecting to Database</b><br>");
}
$db = "KoopaCards";
mysql_select_db($db, $con)or die("Error Message: ".mysql_error());
?>
?>
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Sat Jul 24, 2004 10:52 pm
you're fetching $row as an array, yet using it as an object.
do you have register_globals on? running this will tell you:
Code: Select all
<?php
echo 'register_globals are ' . (ini_get('register_globals') ? 'on' : 'off');
?>