...

View Full Version : HELP!!!! Problem with my MySQL connected PHP login form :'(



RossBryan
08-20-2011, 09:58 PM
Hey people, Im new to PHP and MySQL and have bumped into a little problem trying to get my username and password verified. Most of the script is functional for example not granting access if the both/one of the login fields are empty.

But, it actually seems to allow the user to login if they have entered text into both the username and password fields regardless of whether these (username/password) are stored in the corresponding login database.

Here is the main script:


<html>
<body>

<form action="index3.php?login=yes" method="POST">
Username:<input type="text" name="user"><br />
Password:<input type="password" name="pass"><br/>
<input type="submit" name="login" value="login" ><p>
</form>

<?php

$user=$_POST['user'];
$pass=$_POST['pass'];
$login=$_POST['login'];

function denied()
{
echo '<h3><span style= "color:red"> Access Denied!!! </span></h3><br><br>';
}

function granted ($user) //function with username parameter retrieved
{
echo '<h3><span style= "color:green"> Access Granted!!! </span></h3>';
echo 'Welcome, ' . $user;
}

if($login=='login')
{
$con= include_once "mysql_connect.php";

$query = "SELECT id FROM login WHERE user='$user' AND pass='$pass' ";
echo $query;
$result = mysql_query($query) or die ("ERROR IN SQL STATEMENT: ".mysql_error());
$row = mysql_fetch_assoc($result);


if (empty($user) || empty($pass))
{
denied();
die("<br>Please fill out user login fields carefully....<br>");
}

if ($result!=1)
{
granted($user);
}

else
{
denied ();
}
}

?>

</body>
</html>


And the following is external scripting associated with the the above:



<?php

$db_host = "localhost";
$db_username = "rossbryan";
$db_pass = "security";
$db_name = "login";

@mysql_connect("$db_host", "$db_username", "$db_pass") or die ("Could not connect to MySQL");
@mysql_select_db("$db_name") or die ("No $db_name Database ");

?>


Any ideas of what the problem is and how i could possibly resolve this issue?

For some reason i believe it could be something to do with the password not being verified correctly once retrieved from the database, maybe in the $return variable but im not entirely sure, just a guess. Even if it is that i wouldn't know another way of going about fixing it.

mlseim
08-20-2011, 10:27 PM
if (mysql_num_rows($result)==1)
{
granted($user);
}

else
{
denied ();
}


And then, if the login is valid, you should set a SESSION variable so
you know they are logged-in, when you go to a different page/script.

RossBryan
08-21-2011, 02:27 AM
:thumbsup: Brilliant!. Thanks so much, that really did sort it. Such a simple thing solved a problem i spent ages trying to resolve. I appreciate you taking the time to have a look at my post and providing me with advice.

Will get on to setting up a SESSION variable as advised. I believe ive read up on that aspect so should be pretty striaght forward (hopefully).

Thanks dude.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum