A little advice with login

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jm999
Forum Commoner
Posts: 28
Joined: Tue Aug 29, 2006 11:58 am

A little advice with login

Post by jm999 »

Hey everyone, sorry for all of the newb questions. I've been trying to create a simple login script and I can't seem to get it to work. Here is the code for login.php. Its not finalized, but I'm just trying to get it working so I can go from there. When the form is submitted, login.php is just a blank white screen so there must be a parse error of some sort.

Code: Select all

<?php

if (!isset($_POST['submit'])) {
   include ('loginform.php');

else {

$username = ($_POST['username']);
$pswd = ($_POST['pswd']);

$query = 'SELECT * FROM users WHERE email = "$username" AND pass = "$pswd"'; 
$result = mysql_query($query) or die(mysql_error());
$numrow = mysql_num_rows($result);

	if ($numrow = "0") {
	echo ('That information does not exist in our database, please try again.');
	}
	
	else {
	$_SESSION['username'] = $username;
	echo ('You have logged in successfully!');
	}
  }
}
?>
Is that the proper way to register a session variable? Could that be the problem? I'm sure its something simple that I just can't put my finger on.
jm999
Forum Commoner
Posts: 28
Joined: Tue Aug 29, 2006 11:58 am

Post by jm999 »

Oops, I put a curly brace in the wrong spot. Man this stuff makes me feel REALLY stupid sometimes.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Are you developing/testing locally or are you testing on a hosted server? I only ask because you might want to set up a server on your personal computer so you can create what is essentially your development environment. You can change your php.ini settings so that display_errors is on to help identify the areas in your code that might have problems. Then test on your personal compute before pushing your work to your live (or production) hosted server.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

I'd also suggest you have a read about sql injection attacks and how to prevent it. :)

In brief, you need to safeguard your database values with mysql_real_escape_string()
jm999
Forum Commoner
Posts: 28
Joined: Tue Aug 29, 2006 11:58 am

Post by jm999 »

Everah wrote:Are you developing/testing locally or are you testing on a hosted server? I only ask because you might want to set up a server on your personal computer so you can create what is essentially your development environment. You can change your php.ini settings so that display_errors is on to help identify the areas in your code that might have problems. Then test on your personal compute before pushing your work to your live (or production) hosted server.
I'm testing on my hosted server. I have control over the php.ini settings and I just set display_errors to on and discovered the problem. I think I will set up a server on my computer for testing, thanks for the advice.
jm999
Forum Commoner
Posts: 28
Joined: Tue Aug 29, 2006 11:58 am

Post by jm999 »

Jenk wrote:I'd also suggest you have a read about sql injection attacks and how to prevent it. :)

In brief, you need to safeguard your database values with mysql_real_escape_string()
I have read up on this and plan to implement it. I just like to start simple to make sure something is working before I add security measures. I'm new to this so I get a bit overwhelmed when staring at line after line of code . I usually wind up looking something like this : 8O
Post Reply