Page 1 of 1

coding bugs(plz help)

Posted: Sun Dec 17, 2006 11:53 pm
by cty
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


my problem is :whenever i log in ,it always shown 'You are not log in'.
Never show "You are logged in as xx"

For example:i do a testing,i input username:abc and password:1234 in "user" table.
Next,i try to log in using abc and 1234.But,still shown 'You are not log in'

can anyone tell me which part have bugs?or how i edit the code?

I already use a phpeditor to check bugs,but no warning shown.

Hope u able to help me.
TQ 
[syntax="html"]//login.html
<html>

<head>


<title>Login here</title>
</head>

<body>

<form method="POST" action="login.php">
	
	
	Username
	<input type="text" name="username" size="20"></p>
	Password
	<p><input type="text" name="password" size="20"></p>
	
 <input type="submit" value="Submit" name="B1">
 <input type="reset" value="Reset" name="B2"></p>
</form>

</body>

</html>
[/syntax]

Code: Select all

//login.php

<?php
session_start();

if(isset($_POST['username'])&&isset($_POST['password']))
{

$username=$_POST['username'];
$password=$_POST['password'];

$db=new mysqli('localhost','root','','kelly'); 

if(mysqli_connect_errno()){
echo 'Connection to database failed:'.mysqli_connect_error();
exit();
}

$query='select* from user '
."where username='$username'"
 ."and password=sha1('$password')";

$result=$db->query($query);



if($result->num_rows >0)
{
$_SESSION['valid_user']=$username;
}

$db->close();
}
?>

<html>
<body>
<h1>Home Page</h1>
<?php

if(isset($_SESSION['valid_user']))
{
	echo'You are logged in as :'.$_SESSION['valid_user'].'<br />';
}
else
{
	echo'You are not log in';
}

?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Mon Dec 18, 2006 12:53 am
by iknownothing
I may or may not be right, but I'll throw you a few things to try...

register your session variable (valid_user)

Code: Select all

session_register("valid_user");
try echoing the standard variable instead of the session variable.

Code: Select all

if(isset($_SESSION['valid_user']))
{
   echo'You are logged in as :'$username'<br />';
}
else
{
   echo'You are not log in';
}
and also, I always have my SELECT's on a single line, dont know if its necessary but...

Code: Select all

$query=MYSQL_QUERY("SELECT * FROM user WHERE username = '$username' AND password=sha1('$password')");

Posted: Mon Dec 18, 2006 1:04 am
by Chris Corbyn
iknownothing wrote:I may or may not be right, but I'll throw you a few things to try...

register your session variable (valid_user)

Code: Select all

session_register("valid_user");
No, this is now deprecated behaviour. You should just write directly to the $_SESSION superglobal.
iknownothing wrote:and also, I always have my SELECT's on a single line, dont know if its necessary but...

Code: Select all

$query=MYSQL_QUERY("SELECT * FROM user WHERE username = '$username' AND password=sha1('$password')");
SQL allows whitespace. Spreading across several lines is fine, and often makes it easier to read ;)

What does the DB class look like? You want to use mysqli_error() after you run the query since your query could be failing.

To d11wtq

Posted: Mon Dec 18, 2006 6:39 am
by cty007
I dont understand what u trying to tel me,Since i am newbie in php.
So,can u do me a favour and guide me how to edit my code?

Posted: Mon Dec 18, 2006 10:37 am
by Kieran Huggins
My guess would be that you need a space between "select" and "*" in your MySQL statement.

It's always a good idea to use some MySQL error reporting, like so:

Code: Select all

$result=$db->query($query) or die('OOPS: '.$db->mysql_error());
Cheers,
Kieran