Why wont this work
Posted: Tue Jul 31, 2007 8:00 pm
feyd | Please use
feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Oh PHP Gurus I beseech you
I am trying to create a login for a web page i am working on. I will be the first to tell you i am not (as of yet) a web developer but I am trying to get my feet wet with php. Most of this code is from a tutorial with my musings intertwined. Basically i am trying to display a few text boxes for user name and password and allow the user to get into a new page if the username and password are correct and match against a record in a mysgl db. I am running apache server and mysql both on localhost; the db is scubadms with a user tom and a password tom720 and i am trying to select stuff from tblUser. Ive tried my code with http://127.0.0.1, http://localhost, http://127.0.0.1/~tom/, http://localhost/~tom, localhost, 127.0.0.1 etc but nothing seems to work. Here is the code i am using i know it is simple and not likely to be secure but for the time being i would like to know what is wrong and possibly why it is wrong. As of right now it is displaying an error message starting at line 21 of my code where it says MySQL ERROR! ".
I have tested this using Opera, firefox, and safari but none of it works. Any help or guidance would be greatly appreciated.
thanks
Tom
code below:Code: Select all
<?php
session_start();
ini_set('session.gc_maxlifetime', 24*60*60);
ini_set('display_errors', 1);
error_reporting(E_ERROR);
error_reporting(E_ALL);
$errorMessage = $_GET["errorMessage"];
$theNextPage = $_GET["theNextPage"];
function mySQLQuery($theQuery) {
$databaseHost = '127.0.0.1\~tom';
$databaseUser = 'tom';
$databasePassword = 'tom720';
$databaseName = 'scubadms';
$databaseConnection = mysql_pconnect($databaseHost, $databaseUser, $databasePassword) or die('Error Connecting To The MySQL Database!');
mysql_select_db($databaseName);
//$theStartTime = microtime();
$theResult = mysql_query($theQuery) or die("<b style=\"color: red;\">MySQL ERROR! " . mysql_error() . ", While Executing Query: <i>$theQuery</i></b>");
//$theLastID = mysql_insert_id();
//$theEndTime = microtime();
//$theTimeQueryTook = $theEndTime - $theStartTime;
//TODO: Add query logging/display functions.
mysql_close($databaseConnection);
return $theResult;
}
if (isset($_POST['theUsername']) && isset($_POST['thePassword'])) {
$theUsername = $_POST['theUsername'];
$thePassword = $_POST['thePassword'];
$theResult = mySQLQuery("SELECT * FROM tblUser WHERE cUserName = '$theUsername' AND cPassword = PASSWORD('$thePassword');");
if (mysql_num_rows($theResult) == 1) {
$theID = mysql_result($theResult, 0, "id");
$_SESSION['userLoggedIn'] = true; // the username and password match, so set the session
$_SESSION['theUsername'] = $theUsername;
$_SESSION['theUserID'] = $theID;
//Move the user along to the correct page.
if($theNextPage == "") {
header("Location: index.php");
} else {
header("Location: $theNextPage");
}
//TODO: Log the Succesful login to the database (with timestamp and username/password)
exit;
} else {
//TODO: Log the error to the database (with timestamp, username and the password that was tried, useful for detecting attempted break-ins).
$errorMessage = 'Sorry, That Username / Password Combination Is Not Valid.';
}
}
?>
<HTML>
<HEAD>
<a href="http://www.google.com/" target="_blank">
<IMG src="images/logo.gif" alt="A neat image">
</a>
<meta Http-equiv="Content-Type" content= "text/html; charset-iso-8859-1">
<style type="text/css">
#user,#password{
text-align: left;
font-size:1em;
width: 100px;
margin: 0 auto;
}
#login{
text-align: left;
font-size: 1em;
width: 100px;
margin:0 auto;
}
#submit {
text-align: left;
position: relactive;
width: 100px;
margin: 0 auto;
}
.loginError {
text-align: center;
color: #990000;
font-weight: bold;
font-size: 26pt;
tect-align: center;
padding: 10px;
border: 2px solid #990000;
background: #CE675B;
margin-bottom: 20px;
}
</style>
</head>
<body>
<?php if($errorMessage != '') {?>
<div class="loginError">
<?php echo $errorMessage; ?>
</div>
<?php } ?>
<div id="login">
<form action="" method="POST" name="theLoginForm" id="theLoginForm">
<input name="theNextPage" value="<?php echo $theNextPage;?>" type="hidden">
<p><label>Username:<br><input name="theUsername" size="2" tabindex="1" type="text" id="user"></label></p>
<p><label>Password:<br> <input name="thePassword" id="password" value="" size="2" tabindex="2" type="password"></label></p>
<p class="submit"><input name="submit" id="submit" value="Login › " tabindex="4" type="submit"></p>
<p><label>Dont have a username?</label><label> <a href="http://www.google.com/" target="_blank"> Register</a></label>
</form>
</div>
</body>
</html>feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]