Page 1 of 1

PHP authentiction

Posted: Fri Sep 13, 2002 12:37 pm
by uniquneo
Can someone help me with this code, its driving me insane for about 4 weeks its obviously that im new to PHP so help would be much appecitated as its what make PHP what it is today.

My problem is with my code for an login script using sessions, mysql and php. Could someone look over this code and possibably get back to me as soon as possible stating whats the errors with it. heres the code in order it used in:-

THIS IS THE LOGIN SCRIPT - NOT THAT I NEED TO TELL YOU


<html>
<head><title>Login to members area</title></head>

<body bgcolor="white">

<h2>Please Login</h2>

<form action="protected.php" method="post">
Username: <input type="text" name="user"><br>
Password: <input type="password" name="pass"><br>
<input type="submit" value="Log In">

</form>
</body>
</html>

PROTECTED PAGE

<?php
include('auth.php');
?>
<html>
<head><title>This is protected</title></head>
<body>
This is protected
</body>
</html>

AUTH PAGE THIS IS WHAT DOES ALL THE WORK MOST PROBABLY THIS IS WHERE THE ERROR IS

<?php
// Start Sessions
session_start();

// Variables for mysql connection
$host="cant give you this";
$user="this";
$pass="and this";
$db="and this";

if (empty($HTTP_SESSION_VARS['user']))
{
// Connect to database

$connection=mysql_connect("cant give u this sorry", "or this", "and this")
or die("Could not connect to the database");

// Select database

$dbselect=mysql_select_db("this to", $connection)
or die("Could not select the database please try again later");

// Query the database

$result=mysql_query("SELECT COUNT(*) AS numfound FROM users WHERE
user='{$HTTP_POST_VARS['user']}' AND pass='{$HTTP_POST_VARS['pass']}'");

// Say what is going to be accepted as a correct login

$result_ar=mysql_fetch_array($result);
if ($result_ar['numfound'] < 1) // Login has failed

include('errorlog.html'); // Include file thats tell user he has not logged in correctly
exit;

// This user has logged in and set 'user' in session vars
$user = $HTTP_POST_VARS['user'];
session_register('user');
}

?>

THANKYOU CAN YOU HELP :)

Posted: Fri Sep 13, 2002 4:24 pm
by Takuma
Here's the wrong line:-

Code: Select all

&lt;?php
$result=mysql_query("SELECT COUNT(*) AS numfound FROM users WHERE 
user='{$HTTP_POST_VARS&#1111;'user']}' AND pass='{$HTTP_POST_VARS&#1111;'pass']}'"); 
?&gt;
change it to

Code: Select all

&lt;?php
$result=mysql_query("SELECT COUNT(*) AS numfound FROM users WHERE 
user=".$HTTP_POST_VARS&#1111;'user']."' AND pass='".$HTTP_POST_VARS&#1111;'pass']."'"); 
?&gt;

Posted: Mon Sep 16, 2002 2:26 am
by twigletmac
It might help us help you better if you tell us:
  • What the script is doing/not doing that it shouldn't/should be;
  • What, if any, error messages you are receiving;
  • What version of PHP you are using;
  • Which webserver and OS you are using.
Takuma - curly brackets do work around arrays in double quoted strings, try it:

Code: Select all

&lt;?php

$array = array('foo' =&gt; 'foo', 'bar' =&gt; 'bar');
echo "This is a test: '{$array&#1111;'foo']}'";
echo '&lt;br /&gt;';
echo 'So is this: '.$array&#1111;'bar'];

?&gt;
Mac

Posted: Mon Sep 16, 2002 2:29 am
by Takuma
OK, that's another thing I learnt thanks. :oops:

Posted: Mon Sep 16, 2002 2:32 am
by twigletmac
uniquneo - you only need to post a question once. Posting the same thing multiple times is really irritating when you try to help because you don't know what others have already tried.

The main bit of the topic is here if anyone would like to help:
http://www.devnetwork.net/forums/viewtopic.php?t=2930

Mac