Page 1 of 1

A little advice with login

Posted: Fri Nov 10, 2006 10:37 am
by jm999
Hey everyone, sorry for all of the newb questions. I've been trying to create a simple login script and I can't seem to get it to work. Here is the code for login.php. Its not finalized, but I'm just trying to get it working so I can go from there. When the form is submitted, login.php is just a blank white screen so there must be a parse error of some sort.

Code: Select all

<?php

if (!isset($_POST['submit'])) {
   include ('loginform.php');

else {

$username = ($_POST['username']);
$pswd = ($_POST['pswd']);

$query = 'SELECT * FROM users WHERE email = "$username" AND pass = "$pswd"'; 
$result = mysql_query($query) or die(mysql_error());
$numrow = mysql_num_rows($result);

	if ($numrow = "0") {
	echo ('That information does not exist in our database, please try again.');
	}
	
	else {
	$_SESSION['username'] = $username;
	echo ('You have logged in successfully!');
	}
  }
}
?>
Is that the proper way to register a session variable? Could that be the problem? I'm sure its something simple that I just can't put my finger on.

Posted: Fri Nov 10, 2006 10:41 am
by jm999
Oops, I put a curly brace in the wrong spot. Man this stuff makes me feel REALLY stupid sometimes.

Posted: Fri Nov 10, 2006 11:04 am
by RobertGonzalez
Are you developing/testing locally or are you testing on a hosted server? I only ask because you might want to set up a server on your personal computer so you can create what is essentially your development environment. You can change your php.ini settings so that display_errors is on to help identify the areas in your code that might have problems. Then test on your personal compute before pushing your work to your live (or production) hosted server.

Posted: Fri Nov 10, 2006 11:07 am
by Jenk
I'd also suggest you have a read about sql injection attacks and how to prevent it. :)

In brief, you need to safeguard your database values with mysql_real_escape_string()

Posted: Fri Nov 10, 2006 11:19 am
by jm999
Everah wrote:Are you developing/testing locally or are you testing on a hosted server? I only ask because you might want to set up a server on your personal computer so you can create what is essentially your development environment. You can change your php.ini settings so that display_errors is on to help identify the areas in your code that might have problems. Then test on your personal compute before pushing your work to your live (or production) hosted server.
I'm testing on my hosted server. I have control over the php.ini settings and I just set display_errors to on and discovered the problem. I think I will set up a server on my computer for testing, thanks for the advice.

Posted: Fri Nov 10, 2006 11:21 am
by jm999
Jenk wrote:I'd also suggest you have a read about sql injection attacks and how to prevent it. :)

In brief, you need to safeguard your database values with mysql_real_escape_string()
I have read up on this and plan to implement it. I just like to start simple to make sure something is working before I add security measures. I'm new to this so I get a bit overwhelmed when staring at line after line of code . I usually wind up looking something like this : 8O