...

View Full Version : Login by mysql user and password



niko-cola
03-22-2010, 03:06 AM
I can't make it work.
The table users has email and password fields.
Please help me.


<?php
// we must never forget to start the session
session_start();
$errorMessage = '';


function dbConnect()
{
global $mysql_host, $mysql_user, $mysql_pass, $mysql_db;
@mysql_connect(localhost, root, root) or error( mysql_error() );
mysql_select_db(database);
//sets encoding to utf8
mysql_query("SET NAMES utf8");
}
ob_start();
dbConnect();
$query="SELECT * FROM users WHERE email='$txtUserId' && password='$txtPassword'";
$result=mysql_query($query);
$num=mysql_num_rows($result);
if ($num==1) {
// the user id and password match,
// set the session
$_SESSION['basic_is_logged_in'] = true;

// after login we move to the main page
header('Location: b-main.php');
ob_end_flush();
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}

?>


<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input type="submit" name="btnLogin" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>

mlseim
03-22-2010, 03:18 AM
There could be a number of problems here.

The first is that I don't see any $_POST used to get the variables
from your form. This is probably because your script is really old
and these days, "register_globals" is normally disabled. So the
values from the form are never getting read by the script.

Not being able to test it myself, try this and see what happens:


<?php
// we must never forget to start the session
session_start();
$errorMessage = '';

// Get form variables via POST method and sanitize any variables used in a query ...
$txtUserId = mysql_real_escape_string($_POST['txtUserID']);
$txtPassword = mysql_real_escape_string($_POST['txtPassword']);

function dbConnect()
{
global $mysql_host, $mysql_user, $mysql_pass, $mysql_db;
@mysql_connect(localhost, root, root) or error( mysql_error() );
mysql_select_db(database);
//sets encoding to utf8
mysql_query("SET NAMES utf8");
}
ob_start();
dbConnect();
$query="SELECT * FROM users WHERE email='$txtUserId' && password='$txtPassword'";
$result=mysql_query($query);
$num=mysql_num_rows($result);
if ($num==1) {
// the user id and password match,
// set the session
$_SESSION['basic_is_logged_in'] = true;

// after login we move to the main page
header('Location: b-main.php');
ob_end_flush();
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}

?>


<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input type="submit" name="btnLogin" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>

niko-cola
03-22-2010, 03:25 AM
I added the $_POST.
still not working.


<?php
// we must never forget to start the session
session_start();
$errorMessage = '';


function dbConnect()
{
global $mysql_host, $mysql_user, $mysql_pass, $mysql_db;
@mysql_connect( $mysql_host, $mysql_user, $mysql_pass ) or error( mysql_error() );
mysql_select_db( $mysql_db );
//sets encoding to utf8
mysql_query("SET NAMES utf8");
}
ob_start();
require('paramlinks.inc.php');
dbConnect();
$txtUserId=$_POST['txtUserId'];
$txtPassword=$_POST['txtPassword'];
$query="SELECT * FROM users WHERE email='txtUserId' && password='$txtPassword'";
$result=mysql_query($query);
$num=mysql_num_rows($result);
$email=$row[email];
$password=$row[password];
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
// check if the user id and password combination is correct
if ($_POST['txtUserId'] === '$email' && $_POST['txtPassword'] === '$password') {
ob_start();
$_SESSION['basic_is_logged_in'] = true;

// after login we move to the main page
header('Location: b-main.php');
ob_end_flush();
exit;
} else {
$errorMessage = 'Sorry, wrong user id / password';
}
}
?>


<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150">&nbsp;</td>
<td><input type="submit" name="btnLogin" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>

mlseim
03-22-2010, 01:28 PM
Start troubleshooting by inserting an echo into various parts.

Example, after this line,
$num=mysql_num_rows($result);

Insert an echo and halt the program:

$num=mysql_num_rows($result);
echo "Number of finds: $num";
exit;

It will tell you what the value is, and stop the program at that place.
If $num = 0, then you didn't find any user/pass

Keep doing that in various places, using different variables.
You'll eventually see where the program is not working.

niko-cola
03-22-2010, 04:56 PM
still can't get in.

mlseim
03-22-2010, 05:19 PM
When you put this into your code, what was the result?

echo "Number of finds: $num";
exit;

Did $num = 1 or 0 ?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum