...

View Full Version : PHP account login help



amcf1992
09-17-2011, 12:30 AM
So basically in account.php, I want to do a SELECT*FROM users WHERE email=$email.....and display first name and last name
Here are all the files associated with the login/account. i would appreciate the help


dologin.php


<?php
include("dbsettings.php");
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));

$sql="SELECT * FROM `user` WHERE `username`='{$username}' AND `password`='{$password}'";
$result=mysql_query($sql);

// do the check
if($result)
{
if(mysql_num_rows($result) == 1)
{
$_SESSION['username'];
$_SESSION['password'];

header("location: account.php");
exit();
}
else
{
echo "Wrong username/password.";
}
}
else
{
echo "The query is not true.";
}
?>

login.php


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<titleLogin</title>
</head>
<body>

<form method="POST" action="dologin.php">
Username: <br /><input type="text" name="username" size="30" style="width:250px; height:50px; font-size: 18px;"> <br />
Password:<br /><input type="password" name="password" size="30" style="width:250px; height:50px; font-size: 18px;">
<br /> <br />
<div align="left">
<p><input type="submit" value="Login" /></p>
Don't have an account?<a href="signup.php"> Signup </a>


</body>
</html>

account.php

<?php session_start(); ?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Account Dashboard</title>
</head>
<body>
<?php
include('dbsettings.php');

$con = mysql_connect("$host","$user","$password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("$db_name", $con);
$username= $_POST['username'];

$sql="SELECT * FROM `user` WHERE `username`='{$username}'";

$result = mysql_query("$sql");

while($row = mysql_fetch_array($result))
{
echo $row['firstname'] . " " . $row['lastname'];
echo "<br />";
}

mysql_close($con);
?>
<a href="logout.php"> Log Out </a>
</body>
</html>

mlseim
09-17-2011, 12:37 AM
So what is the problem or question ....?
We can't run your scripts, so what are we supposed to do?


.

amcf1992
09-17-2011, 01:13 AM
account.php is not selecting correctly

$sql="SELECT * FROM `user` WHERE `username`='{$username}'";

mlseim
09-17-2011, 01:45 AM
Make sure $username has something in it ... test it before you query.

echo $username;
exit;


and remove brackets.

$sql="SELECT * FROM `user` WHERE `username`='$username'";

and remove quotes ...

$result = mysql_query($sql);



.

amcf1992
09-17-2011, 02:47 AM
Ok well the $username echo didn't work, how can i fix this, remove brackets and quotes

Wanna
09-17-2011, 10:44 AM
<?php
// session_start(); // Uncomment this line if you don't have a session_start
include("dbsettings.php");
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));

$sql="SELECT * FROM `user` WHERE `username`='{$username}' AND `password`='{$password}'";
$result=mysql_query($sql);

// do the check
if($result)
{
if(mysql_num_rows($result) == 1)
{
$_SESSION['username'] = $username; // Editted
$_SESSION['password'] = $password; // Editted

header("location: account.php");
exit();
}
else
{
echo "Wrong username/password.";
}
}
else
{
echo "The query is not true.";
}
?>




<?php session_start(); ?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Account Dashboard</title>
</head>
<body>
<?php
include('dbsettings.php');

$con = mysql_connect("$host","$user","$password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("$db_name", $con);
$username= $_SESSION['username']; // Editted

$sql="SELECT * FROM `user` WHERE `username`='{$username}'";

$result = mysql_query("$sql");

while($row = mysql_fetch_array($result))
{
echo $row['firstname'] . " " . $row['lastname'];
echo "<br />";
}

mysql_close($con);
?>
<a href="logout.php"> Log Out </a>
</body>
</html>

mlseim
09-17-2011, 05:33 PM
I just noticed this ...

These lines:

// session_start(); // Uncomment this line if you don't have a session_start
include("dbsettings.php");
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));


You need to read-in the variables first ...

// session_start(); // Uncomment this line if you don't have a session_start
include("dbsettings.php");

$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");




.

BluePanther
09-18-2011, 11:08 AM
I just noticed this ...

These lines:

// session_start(); // Uncomment this line if you don't have a session_start
include("dbsettings.php");
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));


You need to read-in the variables first ...

// session_start(); // Uncomment this line if you don't have a session_start
include("dbsettings.php");

$username = mysql_real_escape_string($_POST['username']);
$password = md5(mysql_real_escape_string($_POST['password']));

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");




.

It appears that dbsettings.php that's included has the mysql information in it, and his mysql information to connect etc. isn't working so I wouldn't make any changes like that.

Like Wanna posted, and what mlseim means, the OP needs to add a assignment to $username as there's currently nothing in it.

@amcf1992 - look at Wanna's posted code, and see the line commented '// Edited'



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum