Help with this script... Again

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Fanstop.tk
Forum Newbie
Posts: 17
Joined: Wed Jul 21, 2004 11:02 pm

Help with this script... Again

Post by Fanstop.tk »

feyd | Please use

Code: Select all

tags when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]


I've developed a script designed for a very simple login based on mySQL.  The username exists in the array, but it won't return it as true...  Why doesn't it work?

Code: Select all

<?
// start the session 
session_start(); //Must use on all pages.
header("Cache-control: private"); //IE 6 Fix

include("DBconnect.php");

if($user){
	$_SESSION['user'] = $user;
	$sql = "select Username, Password from Members";
	$result = mysql_query($sql)or die("There was an error sending your query: ".mysql_error());
	$row = mysql_fetch_array($result, MYSQL_NUM);
	$num = count($row);
	$found = false;
	for($i=0; $i < $num+1; $i++){
		if($user == $row[$i]){
			$found = true;
			$id = $i;
		}
	}
	if($found){
		echo "Found";
		echo "<br><br>";
		echo "User: $id";
	}
	else{
		echo "User not found";
	}
}
else{
	echo "No User Specified";
	session_destroy();
}
?>

feyd | Please use

Code: Select all

tags when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
Last edited by Fanstop.tk on Sat Jul 24, 2004 10:11 pm, edited 1 time in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I'm going to guess it outputs "No user specified"? .. If so, you'll need to switch $user to $_POST['user'] or $_GET['user'], depending if you are using the post or get methods respectively.

Additionally, your query will retrieve all users and their passwords from the Members table. mysql_fetch_array() only retrieves 1 row, not all rows returned.

something like this may work better

Code: Select all

<?php

if(!empty($_POST['user']) && !empty($_POST['password']))
{
  $_SESSION['user'] = $_POST['user'];
  $sql = "SELECT `Username`, `Password` FROM `Members` WHERE `Username` = '" . mysql_escape_string($_SESSION['user']) . "'";
  $result = mysql_query($sql) or die(mysql_error());
  $num = mysql_num_rows($result);
  if($num != 1)
    die('User not found');
  list($user,$pass) = mysql_fetch_row($result);
  echo 'User found: ' . $user . ', ' . $pass;
}
else
  die('No user/password supplied');

?>
Fanstop.tk
Forum Newbie
Posts: 17
Joined: Wed Jul 21, 2004 11:02 pm

Post by Fanstop.tk »

Thank you. I have one question though: How does this work?

Code: Select all

if($num != 1)
Does it just return a numeric "True"/"False"?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

if the value of $num (the return from mysql_num_rows()) is not equal to 1
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

where's $function set?
Fanstop.tk
Forum Newbie
Posts: 17
Joined: Wed Jul 21, 2004 11:02 pm

Post by Fanstop.tk »

$function is set in the URL bar through a link.

I have a new problem... I can seem to have thus set read to output.. what is the problem with it?

Code: Select all

<?php
	$sql = "select id, Username, Password, Mail, Level, Wins, Loses, Message from Members where id='$id'";
	$result = mysql_query($sql) or die("Error Connecting to database");
	$row = mysql_fetch_row($result);
?>
	<FORM ACTION="admin.php" method="POST">
	<table width=450 cellspacing=0>
		<TR>
			<TD bgcolor=000000>
				<font color=FFFFFF><b>Editing details for <? echo $row->Username; ?></b></font>
			</TD>
		</TR>
		<TR>
			<TD>
				<TABLE WIDTH=450>
					<TR>
						<TD BGCOLOR=EEEEEE>
							Name:
						</TD>
						<TD BGCOLOR=EEEEEE>
							<input name="user" value="<? echo $row->Username; ?>">
	<input name="id" type=hidden value="<? echo $row->id; ?>">
						</TD>
					</TR>
					<TR>
						<TD BGCOLOR=EEEEEE>
							Password:
						</TD>
						<TD BGCOLOR=EEEEEE>
							<input name="password" type=password>
						</TD>
					</TR>
					<TR>
						<TD BGCOLOR=EEEEEE>
							Again:
						</TD>
						<TD BGCOLOR=EEEEEE>
							<input name="repass" type=password>
						</TD>
					</TR>
					<TR>
						<TD BGCOLOR=EEEEEE>
							Email:
						</TD>
						<TD BGCOLOR=EEEEEE>
							<input name="email" value="<? echo $row->Mail; ?>">
						</TD>
					</TR>
					<TR>
						<TD BGCOLOR=EEEEEE>
							Wins/Loses:
						</TD>
						<TD BGCOLOR=EEEEEE>
							<input name="wins" size=2 value="<? echo $row->Wins; ?>"> / <input name="loses" size=2 value="<? echo $row->Loses; ?>">
						</TD>
					</TR>
					<TR>
						<TD BGCOLOR=EEEEEE valign=top>
							Message:
						</TD>
						<TD BGCOLOR=EEEEEE>
							<textarea name="message"><? echo $row->Message; ?></textarea>
						</TD>
					</TR>
					<TR>
						<TD BGCOLOR=EEEEEE valign=top>
						</TD>
						<TD BGCOLOR=EEEEEE>
							<input type=submit name="function" value="Edit">
						</TD>
					</TR>
				</TABLE>
			</TD>
		</TR>
	</TABLE>
	</FORM>
							
<?
}
?>
Now, this connects to a mySQL db though a seporate file named DBconnect (seen below) which is used in an include.

Code: Select all

<?php
<?
if($con = mysql_connect("*****", "*****", "*****")){
}
else{
	die("<b>Error Connecting to Database</b><br>");
}
$db = "KoopaCards";
mysql_select_db($db, $con)or die("Error Message: ".mysql_error());
?>

?>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

you're fetching $row as an array, yet using it as an object.

do you have register_globals on? running this will tell you:

Code: Select all

<?php

echo 'register_globals are ' . (ini_get('register_globals') ? 'on' : 'off');

?>
Fanstop.tk
Forum Newbie
Posts: 17
Joined: Wed Jul 21, 2004 11:02 pm

Post by Fanstop.tk »

They are on.
Post Reply