...
PDA

Login script simply wont work....

tommykent1210
10-29-2009, 10:39 PM
Ok, im quite new to php. I have a tutorial booklet that helped me code this, however it wont work, its supposed to redirect me to admincp.php when i successfully login, and redirect back to index when login fails. However it only ever redirects to index.


here:

index:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>mysite</title>
<script language="javascript">
function Validate(){
var username = document.frmLogin.txtUsername.value;
var lenusername = username.length;
var password = document.frmLogin.txtPassword.value;
var lenpassword = password.length;
if(username <1) {
alert("Please enter your username.");
document.frmLogin.txtUsername.value = "");
return false;
}
else if(lenpassword <1) {
alert("Please enter your passowrd.");
document.frmLogin.txtPassword.value = "");
return false;
}
else {
frmLogin.Submit.disabled = true;
return true;
}
}
</script>
// ----------------------------------------------------------------------\
// Tom's Website |
// Copyright 2009 GFX-Core |
// |
// Redistribution prohibited without written permission |
// ______________________________________________________________________/
</head>

<body>
<H3>My Website</h3>
<br/>
<table>
<form name="frmLogin" action="login.php" method="post" onSubmit="return Validate()">
<input type="hidden" value="agentlogin" />
<tr>
<td><input name="txtUsername" type="text" id="txtUsername" maxlength="30" />
Username</td>
</tr>
<tr>
<td><input name="txtPassword" type="password" id="txtPassword" maxlength="10" />
Password </td>
</tr>
<tr>
<td><input type="submit" name="submit" value="Login" /></td>
</tr>
</form>
</body>
</html>


Login.php:

<?php
include("inc/config.php");

session_start();
header("Cache-control: private");
$username = trim($_POST['txtUsername']);
$password = trim($_POST['txtPassword']);
if ($username != "" && $password != "") {

//Connect to Database
$db = mysql_connect("$dbhost, $dbuser, $dbpass");
mysql_select_db("$dbname, $db");
$sql = "SELECT * FROM users WHERE username ='" .$username."'AND password ='" .$password."'";
$result = mysql_query($sql);
//Count number of records
$num=mysql_num_rows($result);
if($num==0){
//close DB
mysql_close();
//then redirect to index
header("Location: index.php");
}
else {
//login ok!
$_SESSION['ID'] = mysql_result($result,0,"ID");
//go to menu
header("Location: admincp.php");
}
//close database
mysql_close();
}
else{
$_SESSION['ID'] ="";
header("Location: index.php");
}
?>

Herlp would be appreciated :)
Phil Jackson
10-29-2009, 11:09 PM
$num=mysql_numrows($result);

to

$num=mysql_num_rows($result);

for a start
tommykent1210
10-29-2009, 11:54 PM
ok, fixed. still doesnt solve the probelm... Is the include config.php file bit correct?
_Aerospace_Eng_
10-29-2009, 11:57 PM
This is wrong
$db = mysql_connect("$dbhost, $dbuser, $dbpass");
mysql_select_db("$dbname, $db");
It should be
$db = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $db);
Learn to follow the tutorial better. I doubt it told you to put all of those in quotes. Also there is a of other stuff wrong. The main thing I see is you aren't protecting yourself from mysql_injection and sooner or later you site will likely get hacked.

http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php
Phil Jackson
10-29-2009, 11:58 PM
dont know... change it to



$dir = "inc/config.php";
if(file_exists($dir))
{
include($dir);
}
else
{
echo "dir does not exist";
}
Phil Jackson
10-29-2009, 11:59 PM
change

$result = mysql_query($sql);

to

$result = mysql_query($sql) or die("Error: ".mysql_error());
tommykent1210
10-30-2009, 12:15 AM
It seems that it wont connect to the mysql. It says;

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'nobody'@'10.50.0.58' (using password: NO) in /home/a9541859/public_html/mysite/login.php

yet the password is being used, it just doesnt seem to recognise it....
tommykent1210
10-30-2009, 12:17 AM
then:
Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host 'MYWEBHOSTMYSQL, MYSQLUSERNAME, PASSWORD' (3) in /home/a9541859/public_html/mysite/login.php

obviously i have removed my details ;)
Phil Jackson
10-30-2009, 12:20 AM
("$dbhost, $dbuser, $dbpass");

to


($dbhost, $dbuser, $dbpass);
tommykent1210
10-30-2009, 12:26 AM
Ah-ha! that worked, thanks :) better correct this book then lol, written for A-level and ive found 3 mistakes already ;)
Phil Jackson
10-30-2009, 12:37 AM
no worries

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum