PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I wrote this login script and I get $num = 0 everytime I try to log in. Is this because I'm using md5 encryption for pass when I register? Please let me know of you have any idea what's wrong with my script.
I've tryed copying and paste the md5 encrypted password for each user and it doesn't work either. Any suggestions? Please? I should get a $num = 1 because the username and pass I try to log in with exist in the DB.
Edit: Another question, shall I use session_register(); before the $_SESSION keys?
Not really fellah, the $ sign is okay there because if you check "global $connect, $table", I take the $table variable from outside of the function. It is included in 'dbconnect.php', that's why the dollar sign is there.
Nope, because if I got what you mean, the action is in the script. :S I mean, this is a login script, the html code is in it too, and the action i between <? and ?>.
After a brief scan over your code I can see 2 places for improvement.
Functions should always return something, so I would change your function so that it does; maybe remove the header call and return true instead (also remove your error message in the function and change that for reutrn false) and then run your function in an if block, if it returns true, trigger the header call, if it's false, print the error.
As others said, but you misinterpreted, your form tag is missing an action attribute. Add action="#" to your form tag.
jayshields wrote:Functions should always return something, so I would change your function so that it does; maybe remove the header call and return true instead(also remove your error message in the function and change that for reutrn false)and then run your function in an if block, if it returns true, trigger the header call, if it's false, print the error.
BOLD: I don't get what you mean there, like I want to redirect the client to the main site after log in, why return true? And btw, how do I return true there?
? Yeah, I can delete that but how change it to return false?
UNDERLINE: if block? What? if it returns true, I trigger the header call, yes I understand that. but I'd appreciate if you write an example how to return true or false?
I'm sorry but I'm newp. ^_^ And I'd love to learn more and more.
$md5pw= md5($mypassword);
mysql_escape_string($md5pw); //<--this does nothing, but its okay, since the md5-ed password is SQL-safe
$query= "SELECT * FROM $table WHERE name='".mysql_escape_string($myusername)."' AND pw='$md5pw'";
$username = mysql_real_escape_string($myusername); //mysql_real_escape_string is better than mysql_escape_string
$password = mysql_real_escape_string($mypassword);
$query= "SELECT * FROM `$table` WHERE `name`='$username' AND pw=MD5('$password')"; //using SQL's md5
Even better, select some ID for this user and keep it in the session as well, it is awkward to keep the username and password in the session just to be able to identify the user (although not a problem per se).
Make sure that the registration process will catch if someone tries to register an existing username.
Okay, that looks better, thanks for the suggestion. And no worries, I've already covered that case. No one can register an existent username. Neither an e-mail address.
Ohh, I didn't get the last two functions, what's the problem with session_start(); ?