Page 1 of 1

User-Name Doesn't Exist

Posted: Sat Feb 16, 2008 8:54 pm
by IT-Guy
Hey everyone!

I developed a login script, and the login script does what its supposed to (checks the - username & password)
The problem is, Im getting an error, which is: "Username Does Not Exist" - Im pretty sure the script is working and I can't find anything wrong with it - I was curious if anyone had any suggestions:

The login script is pretty big, so Ill post it, but before I post it Ill post where I think the problem is: - Any suggestions?

Code: Select all

$SQL = "SELECT * FROM `users` WHERE uid = '".$username."' LIMIT 1";
        $QUERY = mysql_query($SQL) or die(mysql_error());
        if(mysql_num_rows == 0) {
            $error[] = "Your username doesnt exist";
The Whole Script:

Code: Select all

?php
##session_start();
$con = mysql_connect("****","****","****") or die('Could not connect: ' . mysql_error());
mysql_select_db("logins", $con);
 
 
 
if(!$_POST['submit']){
    echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
    echo "<form method=\"post\" action=\"login.php\">\n";
    echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
    echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
    echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"Login\" name=\"submit\"></td></tr>\n";
    echo "</form></table>\n";
}else {
 
 
    if(empty($_POST['username'])) {
        $error[] = "Your username was empty!";
    }
    else if(empty($_POST['password'])) {
        $error[] = "Your password was empty!";
    }
    else {
        $username = trim(htmlspecialchars(strip_tags($_POST['username'])));
        $password = trim(htmlspecialchars(strip_tags($_POST['password'])));
    
        $SQL = "SELECT * FROM `users` WHERE uid = '".$username."' LIMIT 1";
        $QUERY = mysql_query($SQL) or die(mysql_error());
        if(mysql_num_rows == 0) {
            $error[] = "Your username doesnt exist";
        }
        else {
            $ROW = mysql_fetch_array($QUERY);
    echo "<pre>"; print_r($ROW); echo "</pre>";
            if($password != $ROW['password']) {
                $error[] = "Your password was incorrect";
            }
            else {
                if((bool)$ROW['activated'] == FALSE) {
                    $error[] = "Your account is not activated!";
                }
            }
        }
 
 
 
    }
 
 
 
 
 
 
 
##  $user = mysql_real_escape_string(trim($_POST['username']));
##  $pass = mysql_real_escape_string(trim($_POST['password']));
##  $errors = array();
##  
##  if(!$user){
##      $error[] = "You did not supply a username!";
##  }else {
##      if(!$pass){
##          $error[] = "You did not supply a password!";
##      }else {
##          $sql = "SELECT count(*) FROM `users` WHERE `uid`='".$uid."'";
##          $res = mysql_query($sql) or die(mysql_error());
##          echo "<pre>"; print_r(mysql_fetch_Array($res)); echo "</pre><br><br> DIE"; die();
##          
##          if(mysql_num_rows($res) == 0){
##              $errors[] = "Username does not exist!";
##          }else {
##              $sql2 = "SELECT uid, activated, accesslevel, pass FROM `users` WHERE `uid`='".$user."' AND `pass`='".md5($pass)."' LIMIT 1";
##              $res2 = mysql_query($sql2); echo mysql_error();
##              if(mysql_num_rows($res2) == 0){
##                  $errors[] = "Incorrect username and password combination!";
##              }else {
##                  $row = mysql_fetch_array($res2);
##                  echo mysql_error();
##                  $array = array();
##                  #$array[] = "message";
##
##                  echo " The script will die after this.<br><br>";
##                  echo "<pre>"; print_r($row); echo "</pre><br><br> DIE"; die();
##
##                  if((bool)$row['activated'] == FALSE){
##                      $errors[] = "Your account is not activated! VALUE = ".$row['activated']." ::";
##                  }
##              }
##          }
##      }
##  }
    
    if(count($error) > 0){
        foreach($error AS $error){
            echo $error . "<br>\n";
        }
    }else {
        $_SESSION['uid'] = $ROW['uid'];
 
        echo "<html><head><script language = 'JavaScript' type = 'text/javascript'>\n";
 
 
 
 
        
        switch($ROW['accesslevel']){
            case 1:
                #header("Location: /new/index.php");
                echo "window.location = '/pilots/index.php';\n";
            break;
            
            case 2:
                #header("Location: /admin/index.php");
                echo "window.location = '/directors/index.php';\n";
            break;
            
            case 3:
                #header("Location: /manager/index.php");
                echo "window.location = '/manager/index.php';\n";
            break;
            
            case 4:
                #header("Location: /manager/index.php");
                echo "window.location = '/vps/index.php';\n";
            break;
 
            case 5:
                #header("Location: /manager/index.php");
                echo "window.location = '/exec/index.php';\n";
            break;
            default:
                #header("Location: /members/index.php");
                echo "window.location = 'index.php';\n";
        }
 
        echo "</script></head><body></html>";
    }
}
?>

Re: User-Name Doesn't Exist

Posted: Sat Feb 16, 2008 9:10 pm
by alex.barylski
Just a thought:

uid is usually an numerical ID and if your passing a username which is a string...could be why the query is failing to return. You can probably drop that LIMIT - there should never be more than a single unique identity in your users table.

Re: User-Name Doesn't Exist

Posted: Sat Feb 16, 2008 9:11 pm
by IT-Guy
Yep definitely, good thinking, because the UID is a 3 digit number. So you are suggesting to get rid of the limit.

Ok, Ill try it, and if it doesn't work, Ill post here again with any error messages, thanks for the tip.

Re: User-Name Doesn't Exist

Posted: Sat Feb 16, 2008 9:22 pm
by IT-Guy
Ok, tried the suggest task, now getting this error

Parse error: parse error, unexpected ']', expecting T_STRING or T_VARIABLE or T_NUM_STRING

Line 31

And Line 31 is where it says - $error[] = "Your username does not exist"; - Problem is there is nothing wrong with that :( line

Code: Select all

$SQL = "SELECT * FROM `users` WHERE uid = '".$username."';
        $QUERY = mysql_query($SQL) or die(mysql_error());
        if(mysql_num_rows == 0) {
            $error[] = "Your username doesnt exist";
Any suggestions?

Re: User-Name Doesn't Exist

Posted: Sat Feb 16, 2008 9:49 pm
by Christopher
If you echo $SQL, what does it contain? If you execute that string directly does it work?

Re: User-Name Doesn't Exist

Posted: Sat Feb 16, 2008 10:15 pm
by Jenk
General Discussion

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Re: User-Name Doesn't Exist

Posted: Sun Feb 17, 2008 1:55 am
by John Cartwright
What Jenk said..

Moved to PHP-Code.

Re: User-Name Doesn't Exist

Posted: Sun Feb 17, 2008 9:30 am
by markusn00b
Shouldn't

Code: Select all

 
        if(mysql_num_rows == 0) {
 
be

Code: Select all

 
        if(mysql_num_rows($QUERY) == 0) {
 
?