Page 1 of 1

Why wont this work

Posted: Tue Jul 31, 2007 8:00 pm
by blkbird
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Oh PHP Gurus I beseech you

I am trying to create a login for a web page i am working on.  I will be the first to tell you i am not (as of yet) a web developer but I am trying to get my feet wet with php.  Most of this code is from a tutorial with my musings intertwined.  Basically i am trying to display a few text boxes for user name and password and allow the user to get into a new page if the username and password are correct and match against a record in a mysgl db.  I am running apache server and mysql both on localhost; the db is scubadms with a user tom and a password tom720 and i am trying to select stuff from tblUser.  Ive tried my code with http://127.0.0.1, http://localhost, http://127.0.0.1/~tom/, http://localhost/~tom, localhost, 127.0.0.1 etc but nothing seems to work.  Here is the code i am using i know it is simple and not likely to be secure but for the time being i would like to know what is wrong and possibly why it is wrong.  As of right now it is displaying an error message starting at line  21 of my code where it says MySQL ERROR! ".
I have tested this using Opera, firefox, and safari but none of it works.  Any help or guidance would be greatly appreciated.

thanks
Tom

code below:

Code: Select all

<?php
	session_start();
	ini_set('session.gc_maxlifetime', 24*60*60);
	ini_set('display_errors', 1);
	error_reporting(E_ERROR);
	error_reporting(E_ALL);
	
	$errorMessage = $_GET["errorMessage"];
	$theNextPage = $_GET["theNextPage"];

	function mySQLQuery($theQuery) {
		$databaseHost = '127.0.0.1\~tom';
		$databaseUser = 'tom';
		$databasePassword = 'tom720';
		$databaseName = 'scubadms';

		$databaseConnection = mysql_pconnect($databaseHost, $databaseUser, $databasePassword) or die('Error Connecting To The MySQL Database!');
		mysql_select_db($databaseName);
		
		//$theStartTime = microtime();
		$theResult = mysql_query($theQuery) or die("<b style=\"color: red;\">MySQL ERROR! " . mysql_error() . ", While Executing Query: <i>$theQuery</i></b>");
		//$theLastID = mysql_insert_id();
		//$theEndTime = microtime();
		
		//$theTimeQueryTook = $theEndTime - $theStartTime;

		//TODO: Add query logging/display functions.
		
		mysql_close($databaseConnection);		
		return $theResult;
	}

	if (isset($_POST['theUsername']) && isset($_POST['thePassword'])) {
	    $theUsername = $_POST['theUsername'];
	    $thePassword = $_POST['thePassword'];

	    $theResult = mySQLQuery("SELECT * FROM tblUser WHERE cUserName = '$theUsername' AND cPassword = PASSWORD('$thePassword');");

	    if (mysql_num_rows($theResult) == 1) {
			$theID = mysql_result($theResult, 0, "id");
			
	        $_SESSION['userLoggedIn'] = true; // the username and password match, so set the session
			$_SESSION['theUsername'] = $theUsername;
			$_SESSION['theUserID'] = $theID;
			
			//Move the user along to the correct page.
			if($theNextPage == "") {
				header("Location: index.php");
			} else {
				header("Location: $theNextPage");
			}
			
			//TODO: Log the Succesful login to the database (with timestamp and username/password)
	        exit;
	    } else {
			//TODO: Log the error to the database (with timestamp, username and the password that was tried, useful for detecting attempted break-ins).
	        $errorMessage = 'Sorry, That Username / Password Combination Is Not Valid.';
	    }
	}
?>

<HTML>
<HEAD>
	<a href="http://www.google.com/" target="_blank">
	<IMG src="images/logo.gif" alt="A neat image">
	
	</a>
	<meta Http-equiv="Content-Type" content= "text/html; charset-iso-8859-1">
	<style type="text/css">
	#user,#password{
		text-align: left;
		font-size:1em;
		width: 100px;
		margin: 0 auto;
	}
		
	#login{
		text-align: left;
		font-size: 1em;
		width: 100px;
		margin:0 auto;
	}
		
	#submit {
		text-align: left;
		position: relactive;
		width: 100px;
		margin: 0 auto;
	}
		
	.loginError {
		text-align: center;
		color: #990000;
		font-weight: bold;
		font-size: 26pt;
		tect-align: center;
		padding: 10px;
		border: 2px solid #990000;
		background: #CE675B;
		margin-bottom: 20px;	
	}
	</style>
</head>

<body>
	<?php if($errorMessage != '') {?>
		<div class="loginError">
			<?php echo $errorMessage; ?>
		</div>
	<?php } ?>
	<div id="login">
		<form action="" method="POST" name="theLoginForm" id="theLoginForm">
			<input name="theNextPage" value="<?php echo $theNextPage;?>" type="hidden">
			<p><label>Username:<br><input name="theUsername" size="2" tabindex="1" type="text" id="user"></label></p>
			<p><label>Password:<br> <input name="thePassword" id="password" value="" size="2" tabindex="2" type="password"></label></p>
			<p class="submit"><input name="submit" id="submit" value="Login &rsaquo; " tabindex="4" type="submit"></p>
			<p><label>Dont have a username?</label><label>  <a href="http://www.google.com/" target="_blank"> Register</a></label>
		</form>
	</div>
</body>
</html>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Jul 31, 2007 9:48 pm
by boo
This code you have is working for me

Only thing that I changed was the connection information

I would try just

Code: Select all

$databaseHost = 'localhost';
for your connection.

If you are still getting an error let me know what the full error is.

Posted: Thu Aug 02, 2007 4:46 pm
by blkbird
MySQL ERROR! " . mysql_error() . ", While Executing Query: $theQuery"); //$theLastID = mysql_insert_id(); //$theEndTime = microtime(); //$theTimeQueryTook = $theEndTime - $theStartTime; //TODO: Add query logging/display functions. mysql_close($databaseConnection); return $theResult; } if (isset($_POST['theUsername']) && isset($_POST['thePassword'])) { $theUsername = $_POST['theUsername']; $thePassword = $_POST['thePassword']; $theResult = mySQLQuery("SELECT * FROM tblUser WHERE cUserName = '$theUsername' AND cPassword = PASSWORD('$thePassword');"); if (mysql_num_rows($theResult) == 1) { $theID = mysql_result($theResult, 0, "id"); $_SESSION['userLoggedIn'] = true; // the username and password match, so set the session $_SESSION['theUsername'] = $theUsername; $_SESSION['theUserID'] = $theID; //Move the user along to the correct page. if($theNextPage == "") { header("Location: index.php"); } else { header("Location: $theNextPage"); } //TODO: Log the Succesful login to the database (with timestamp and username/password) exit; } else { //TODO: Log the error to the database (with timestamp, username and the password that was tried, useful for detecting attempted break-ins). $errorMessage = 'Sorry, That Username / Password Combination Is Not Valid.'; } } ?>

Is the error

and then it just displays the regular rendered html

Any ideas?

Tom

Posted: Thu Aug 02, 2007 5:10 pm
by pickle
1) Change your hostname to "localhost"
2) Change your database connection function from mysql_pconnect() to mysql_connect(). You don't need a persistent connection for this
3) echo your query before it's executed & try to run it from the command line. That should tell you what's wrong with the query if it isn't obvious from looking at it.

Posted: Thu Aug 02, 2007 6:37 pm
by RobertGonzalez
blkbird wrote:MySQL ERROR! " . mysql_error() . ", While Executing Query: $theQuery"); //$theLastID = mysql_insert_id(); //$theEndTime = microtime(); //$theTimeQueryTook = $theEndTime - $theStartTime; //TODO: Add query logging/display functions. mysql_close($databaseConnection); return $theResult; } if (isset($_POST['theUsername']) && isset($_POST['thePassword'])) { $theUsername = $_POST['theUsername']; $thePassword = $_POST['thePassword']; $theResult = mySQLQuery("SELECT * FROM tblUser WHERE cUserName = '$theUsername' AND cPassword = PASSWORD('$thePassword');"); if (mysql_num_rows($theResult) == 1) { $theID = mysql_result($theResult, 0, "id"); $_SESSION['userLoggedIn'] = true; // the username and password match, so set the session $_SESSION['theUsername'] = $theUsername; $_SESSION['theUserID'] = $theID; //Move the user along to the correct page. if($theNextPage == "") { header("Location: index.php"); } else { header("Location: $theNextPage"); } //TODO: Log the Succesful login to the database (with timestamp and username/password) exit; } else { //TODO: Log the error to the database (with timestamp, username and the password that was tried, useful for detecting attempted break-ins). $errorMessage = 'Sorry, That Username / Password Combination Is Not Valid.'; } } ?>

Is the error

and then it just displays the regular rendered html

Any ideas?

Tom
So you mean that this entire mash of code is being echo'ed to the screen?