Page 1 of 1

Login System does not work

Posted: Sat Dec 02, 2006 8:05 am
by adamb10
http://adamb10.com/pb2/index.php
The first textbox is the username. The login info is adam/123

It's gonna tell you that it's wrong. Time for some code/pix

Image
Database Structure

Code: Select all

<?
session_start();
db_connect();
$username=$_POST['username'];
$password=$_POST['password'];
 $settings_query = mysql_query("SELECT * FROM guestbook_settings WHERE setting_id='2'='$username' AND setting_id='3'='$password'") or die(mysql_error());
while ($row = mysql_fetch_assoc($settings_query))
{
    $settings[$row['setting_id']] = $settings[$row['setting_name']] = $row['setting_value'];
}
mysql_real_escape_string($username);
mysql_real_escape_string($password);

if (mysql_num_rows($settings_query)== 0){

	
	//Login Details = incorrect?
	session_destroy();
	echo 'Login failed because of the following error returned:<br>
	<b>You entered in a wrong username/password</b>';
} else {
    echo 'Hey! your like logged in man!';
}            
 ?>
So any reason why it wont work?

Thanx!

Posted: Sat Dec 02, 2006 8:09 am
by volka
adamb10 wrote:setting_id='2'='$username'
What's that supposed to do?
adamb10 wrote:mysql_real_escape_string($username);
mysql_real_escape_string($password);
this does not make much sense after the actual sql query, and the result of mysql_real_escape_string() isnÄt assigned to anything.

Posted: Sat Dec 02, 2006 8:11 am
by adamb10
It's for the columns/rows I think.

Posted: Sat Dec 02, 2006 8:15 am
by volka
:?:
There are two = signs. Doesn't make much sense
WHERE setting_id='2'='$username' -> WHERE setting_is equals 2 equals username
even worse: WHERE setting_id='2'='$username' AND setting_id='3'='$password'
WHERE setting equals 2 equals username equals 3 equals password, that can never be fulfilled.
adamb10 wrote:It's for the columns/rows I think.
So you don't know. Where did you get this from?

Posted: Sat Dec 02, 2006 8:17 am
by adamb10
I believe the code is to actually assign variables. Someone told me to do it months ago when I switched to that Database structure.

As for the WHERE clause, yeah I had a feeling that would return nothing but how do I get it to return something?

Posted: Sat Dec 02, 2006 8:18 am
by feyd
setting_id cannot be 2 and 3 at the same time.

Code: Select all

SELECT * FROM guestbook_settings WHERE (setting_id = '2' AND setting_value ='$username') OR (setting_id = '3' AND setting_value = '$password'
Your assignment line in the while loop needs to be fixed too.

In order to "pass" the number of rows must be two and only two.

Posted: Sat Dec 02, 2006 8:22 am
by adamb10
I'm not exactly good at loops. :(

Posted: Sat Dec 02, 2006 8:26 am
by feyd
Now is a good time to learn.

I'm not sure how you want to build the result data variable(s) so you should probably study this page for a while and play around until you figure out what you want to use.

Posted: Sat Dec 02, 2006 8:32 am
by adamb10
What I actually should do is code my own session system and actually learn PHP beyond the if statement.

Posted: Sat Dec 02, 2006 8:45 am
by feyd
Sounds like a plan...

And we'd be happy to nudge you along the way. ;)

Posted: Sat Dec 02, 2006 9:15 am
by adamb10
Yeah, I usually just take code for something I dunno how to do instead of actually learning to do it myself. :p