coding bugs(plz help)

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
cty
Forum Newbie
Posts: 4
Joined: Thu Dec 14, 2006 11:03 pm

coding bugs(plz help)

Post by cty »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


my problem is :whenever i log in ,it always shown 'You are not log in'.
Never show "You are logged in as xx"

For example:i do a testing,i input username:abc and password:1234 in "user" table.
Next,i try to log in using abc and 1234.But,still shown 'You are not log in'

can anyone tell me which part have bugs?or how i edit the code?

I already use a phpeditor to check bugs,but no warning shown.

Hope u able to help me.
TQ 
[syntax="html"]//login.html
<html>

<head>


<title>Login here</title>
</head>

<body>

<form method="POST" action="login.php">
	
	
	Username
	<input type="text" name="username" size="20"></p>
	Password
	<p><input type="text" name="password" size="20"></p>
	
 <input type="submit" value="Submit" name="B1">
 <input type="reset" value="Reset" name="B2"></p>
</form>

</body>

</html>
[/syntax]

Code: Select all

//login.php

<?php
session_start();

if(isset($_POST['username'])&&isset($_POST['password']))
{

$username=$_POST['username'];
$password=$_POST['password'];

$db=new mysqli('localhost','root','','kelly'); 

if(mysqli_connect_errno()){
echo 'Connection to database failed:'.mysqli_connect_error();
exit();
}

$query='select* from user '
."where username='$username'"
 ."and password=sha1('$password')";

$result=$db->query($query);



if($result->num_rows >0)
{
$_SESSION['valid_user']=$username;
}

$db->close();
}
?>

<html>
<body>
<h1>Home Page</h1>
<?php

if(isset($_SESSION['valid_user']))
{
	echo'You are logged in as :'.$_SESSION['valid_user'].'<br />';
}
else
{
	echo'You are not log in';
}

?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
iknownothing
Forum Contributor
Posts: 337
Joined: Sun Dec 17, 2006 11:53 pm
Location: Sunshine Coast, Australia

Post by iknownothing »

I may or may not be right, but I'll throw you a few things to try...

register your session variable (valid_user)

Code: Select all

session_register("valid_user");
try echoing the standard variable instead of the session variable.

Code: Select all

if(isset($_SESSION['valid_user']))
{
   echo'You are logged in as :'$username'<br />';
}
else
{
   echo'You are not log in';
}
and also, I always have my SELECT's on a single line, dont know if its necessary but...

Code: Select all

$query=MYSQL_QUERY("SELECT * FROM user WHERE username = '$username' AND password=sha1('$password')");
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

iknownothing wrote:I may or may not be right, but I'll throw you a few things to try...

register your session variable (valid_user)

Code: Select all

session_register("valid_user");
No, this is now deprecated behaviour. You should just write directly to the $_SESSION superglobal.
iknownothing wrote:and also, I always have my SELECT's on a single line, dont know if its necessary but...

Code: Select all

$query=MYSQL_QUERY("SELECT * FROM user WHERE username = '$username' AND password=sha1('$password')");
SQL allows whitespace. Spreading across several lines is fine, and often makes it easier to read ;)

What does the DB class look like? You want to use mysqli_error() after you run the query since your query could be failing.
cty007
Forum Newbie
Posts: 9
Joined: Thu Dec 14, 2006 11:15 pm

To d11wtq

Post by cty007 »

I dont understand what u trying to tel me,Since i am newbie in php.
So,can u do me a favour and guide me how to edit my code?
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

My guess would be that you need a space between "select" and "*" in your MySQL statement.

It's always a good idea to use some MySQL error reporting, like so:

Code: Select all

$result=$db->query($query) or die('OOPS: '.$db->mysql_error());
Cheers,
Kieran
Post Reply