alex86
05-06-2009, 10:31 PM
Hi everybody,
Right, I'm hoping somebody can help because I am going around in circles and making a complete mess of my code. I don't know php and mysql and have had to teach them myself but they're not making much sense.
I have a database called members, which I need for a login and registration form. I have the registration form working (I think) but can't get the login form working. Its a complete mess and have no idea what I'm doing so if anyone could point me in the right direction that would be really really helpful.
Here's the code called login2.php:
<?php
// login2.php
include('connection.php');
// Start a session. Session is explained below.
session_start();
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("members") or die(mysql_error());
// Same checking stuff all over again.
if(isset($_POST['submit'])) {
if(empty($_POST['username']) || empty($_POST['password'])) {
echo "Sorry, you have to fill in all forms";
header("Location: loginmain.html");
exit;
}
// Create the variables again.
$username = $_POST['username'];
$password = $_POST['password'];
// Encrypt the password again with the md5 hash.
// This way the password is now the same as the password inside the database.
//$password = md5($password);
// Store the SQL query inside a variable.
// ONLY the username you have filled in is retrieved from the database.
$query = "SELECT username, password
FROM `members`
WHERE username='$username'";
$result = mysql_query($query);
if(!$result) {
// Gives an error if the username given does not exist.
// or if something else is wrong.
echo "The query failed " . mysql_error();
} else {
// Now create an object from the data you've retrieved.
$row = mysql_fetch_object($result);
// You've now created an object containing the data.
// You can call data by using -> after $row.
// For example now the password is checked if they're equal.
if($row->password != $password) {
echo "I am sorry, but the passwords are not equal.";
header("Location: loginmain.html");
exit;
}
// By storing data inside the $_SESSION superglobal,
// you stay logged in until you close your browser.
$_SESSION['username'] = $username;
$_SESSION['sid'] = session_id();
// Make it more secure by storing the user's IP address.
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
// Now give the success message.
// $_SESSION['username'] should print out your username.
echo "Success! You are now logged in " . $_SESSION['username'];
echo "<a href=\"access.php\">Go here!</a>";
}
}
?>
and here's connection.php:
<?php
// Your host, 99% of the time it's localhost.
$db_host = 'localhost';
// Your username for MySQL.
$db_user = 'root';
// Your password for MySQL.
$db_pass = '""';
// And your given name for the database.
$db_name = 'members';
// The database connection.
$con = mysql_connect($db_host, $db_user, $db_pass);
if(!$con) {
die("Cannot connect. " . mysql_error());
}
// The database name selection.
$dbselect = mysql_select_db($db_name);
if(!$dbselect) {
die("Cannot select database " . mysql_error());
}
?>
oh and here's the login form:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
</head>
<body>
<form method="post" action="login2.php">
<label for="username">Username: </label><br>
<input type="text" name="username" id="username"><br>
<label for="password">Password: </label><br>
<input type="password" name="password" id="password"><br>
<input type="submit" name="submit" id="submit" value="Submit">
</form>
</body>
</html>
Basically, when someone logs in, the site is meant to check the database called members for the username and then the password but it just ends up printing the php code.
Oh, I hope this is in the right section.
Any help would be extremely useful and helpful and I would be very grateful for it.
Thank you in advance.
Right, I'm hoping somebody can help because I am going around in circles and making a complete mess of my code. I don't know php and mysql and have had to teach them myself but they're not making much sense.
I have a database called members, which I need for a login and registration form. I have the registration form working (I think) but can't get the login form working. Its a complete mess and have no idea what I'm doing so if anyone could point me in the right direction that would be really really helpful.
Here's the code called login2.php:
<?php
// login2.php
include('connection.php');
// Start a session. Session is explained below.
session_start();
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("members") or die(mysql_error());
// Same checking stuff all over again.
if(isset($_POST['submit'])) {
if(empty($_POST['username']) || empty($_POST['password'])) {
echo "Sorry, you have to fill in all forms";
header("Location: loginmain.html");
exit;
}
// Create the variables again.
$username = $_POST['username'];
$password = $_POST['password'];
// Encrypt the password again with the md5 hash.
// This way the password is now the same as the password inside the database.
//$password = md5($password);
// Store the SQL query inside a variable.
// ONLY the username you have filled in is retrieved from the database.
$query = "SELECT username, password
FROM `members`
WHERE username='$username'";
$result = mysql_query($query);
if(!$result) {
// Gives an error if the username given does not exist.
// or if something else is wrong.
echo "The query failed " . mysql_error();
} else {
// Now create an object from the data you've retrieved.
$row = mysql_fetch_object($result);
// You've now created an object containing the data.
// You can call data by using -> after $row.
// For example now the password is checked if they're equal.
if($row->password != $password) {
echo "I am sorry, but the passwords are not equal.";
header("Location: loginmain.html");
exit;
}
// By storing data inside the $_SESSION superglobal,
// you stay logged in until you close your browser.
$_SESSION['username'] = $username;
$_SESSION['sid'] = session_id();
// Make it more secure by storing the user's IP address.
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
// Now give the success message.
// $_SESSION['username'] should print out your username.
echo "Success! You are now logged in " . $_SESSION['username'];
echo "<a href=\"access.php\">Go here!</a>";
}
}
?>
and here's connection.php:
<?php
// Your host, 99% of the time it's localhost.
$db_host = 'localhost';
// Your username for MySQL.
$db_user = 'root';
// Your password for MySQL.
$db_pass = '""';
// And your given name for the database.
$db_name = 'members';
// The database connection.
$con = mysql_connect($db_host, $db_user, $db_pass);
if(!$con) {
die("Cannot connect. " . mysql_error());
}
// The database name selection.
$dbselect = mysql_select_db($db_name);
if(!$dbselect) {
die("Cannot select database " . mysql_error());
}
?>
oh and here's the login form:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
</head>
<body>
<form method="post" action="login2.php">
<label for="username">Username: </label><br>
<input type="text" name="username" id="username"><br>
<label for="password">Password: </label><br>
<input type="password" name="password" id="password"><br>
<input type="submit" name="submit" id="submit" value="Submit">
</form>
</body>
</html>
Basically, when someone logs in, the site is meant to check the database called members for the username and then the password but it just ends up printing the php code.
Oh, I hope this is in the right section.
Any help would be extremely useful and helpful and I would be very grateful for it.
Thank you in advance.