username and password problem
Hi how are yo doing? I try to run this program,but it is not working. When I input username and password, the next page should come up " Welcome back $user". However, it doesn't show anything.

Please help me this script

My php is 4.2

Here is codes


<html>
<body></body>

<?php
if (isset($_POST['formSubmitted']) AND $_POST['formSubmitted'] == "yes"){
$con = mysql_connect("localhost","itohideo","1234");
if(!$con) {
print("Fail DB Connection<br>\n");
exit;
}
if(!mysql_select_db("itohideo")) {
print("Fail DB Selection<br>\n");
exit;
}

$username=$_POST['username'];
$password=$_POST['password'];
$password=md5($password);
$sql="select * from pk where username='$username' and password='$password'";

if(!mysql_query($sql))
{

echo"Username or Password is incorrect. Please try again.";
exit();

}
else

{

$row=mysql_fetch_array($result);
extract($row);
echo"welcome back<strong>".$username."</strong>";
}

}

?>
Login:
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<input type="text" name="username" size="23"><br>
<input type="password" name="password" size="23"><br>
<input type="submit" value="Send" name="submit">
<?
{}
?>
</body>
</html>


Thank you very much

I suppose this form is calling the same page again, as indicated by you using $_SEVER['PHP_SELF']. The problem might lie in this line:


if (isset($_POST['formSubmitted']) AND $_POST['formSubmitted'] == "yes"){


So you are checking if a POST variable named "formSubmitted" exists and if it has the value "yes". Only that in your form, there is no field named "formSubmitted". So the code can't execute, since it does not pass this first check.

Try changing the above line to


if (isset($_POST['submit']) AND $_POST['submit'] == "Send"){


That corresponds to the submit button of your form and should at least make the script pass the first check.

still not working
Hi how are you

YOu are right? Here is a problem

if (isset($_POST['formSubmitted']) AND $_POST['formSubmitted'] == "yes"){

chaged like this


if (isset($_POST['submit']) AND $_POST['submit'] == "Send"){


but it has warning

my php editor says
"Notice: Undefined variable: result in c:\itohideo\ito5.php on line 32

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in c:\itohideo\ito5.php on line 32

Warning: extract() expects first argument to be an array in c:\itohideo\ito5.php on line 33"

I just want to show "welcome back username" when I click send, I just don't want to show form(text from) again.

Please help me

Thank you for your time

If you look closely enough at line 32, you'll see that $result is used, but that variable has not been defined previously. So all other functions have to fail, since you want to operate on an resultset that is not reachable by $result.

Tip: Look at the line with mysql_query(), and compare that to the example at http://se.php.net/manual/en/function.mysql-query.php

I try to do every means but not working

I read it but I don't get it.


Please fix my codes if you can

thanks very much

I won't give up; you will find the error yourself:

Your line 32:


if(!mysql_query($sql))


The line of the example in the manual:


$result = mysql_query("SELECT my_col FROM my_tbl")
or die ("Invalid query");


There's something different, obviously. And in your code, you miss a variable named $result later in your script.

I am sorry to ask you again

I changed like this

$result=mysql_query($sql) or die ("Invalid query");

$row=mysql_fetch_array($result);
extract($row);
echo"welcome back<strong>".$username."</strong>";

but my php editor says"Warning: extract() expects first argument to be an array in c:\itohideo\ito6.php on line 29"

I can't find my mistake and run this porgram. When I input different username and password, it still comes up "Welcome back username" It should come up " Invalid query"

I tried to run this program so many times, but not working

Please help me

thanks

Now that's strange. I thought the last error would be the missing $result variable, but now it seems like your query gets executed correctly, but no result set gets returned. Have you made sure the query is correct, i.e. when you run this query in phpMyAdmin, do you get a result set or "no rows returned"?

You can check that with doing


$result = ..... // your query here

if ($result) {
$numRows = mysql_num_rows($result);
echo "rows" . $numRows;
} else {
echo "no rows returned";
}


Check also that the column containing the md5ived password is of a text type and long enough to accomodate the whole hash string.

my query is like this


username itohideo
password 1234

that command is insert into pk (username,password) values('itohideo','1234)

I created my query like this

is that ok

thanks you very much

No, if I shall take this query literally, it's not correct:


insert into pk (username,password) values('itohideo','1234)


Your password starts as a string but doesn't get terminated by a single quote. I really doubt that this query worked, but maybe it's just a copy-paste error.

After all, what did the code tell I posted above? And most importantly, if you are inserting the password as plain text, why do you compare it against a md5() treated version of it in your php script?

Hi how are you doing? Thank you for helping me.

actually, i don't know this part $password=md5($password);

You said My query is wrong, so how should I fix it.

I tried as eveybody said

but not working

I think that my query is wrong.


Please help me

Thanks all

Originally posted by 0810
actually, i don't know this part $password=md5($password);


Before you use code you don't understand, you should at least read up on this function in the very detailed manual:
http://se.php.net/manual/en/function.md5.php


You said My query is wrong, so how should I fix it.


I said already how to fix it, read my post carefully again.


I think that my query is wrong.


Which one now and why do you think it's wrong? Something you haven't told us by now?

Hi how are you doing mordred? Thanks for helping all the time.

first i did your way as you told me

$result = mysql_query($sql);
if ($result) {
$numRows = mysql_num_rows($result);
echo "rows" . $numRows;
} else {
echo "no rows returned";
}


but this code didn't work. When I input username and password, just blank my texts. (like reset). Nothing happened.


insert into pk (username,password) values('itohideo','1234')

I just forgot single quote. That's it

My query desn't match with database so it didn't work.

also I am using wrong codes Here it is

$password=md5($password);

Calculates the MD5 hash of str using


I try to think.

Please gide my script

Thanks mordred

Originally posted by 0810
but this code didn't work. When I input username and password, just blank my texts. (like reset). Nothing happened.


I don't understand what you mean with "texts" and "reset". All that the code above should do was to print whether rows were returned or not. If this message does not appear, than there was an error in your SQL query. Use


if (!$result) {
echo "Query: " . $sql . "<br>";
echo mysql_error();
}


and look at the error message. They are usually very helpful for debugging.

And of course, comparing a md5()-hashed password to a plain text password never gives you a match, so there can't be any rows returned even if the query itself works properly.

Hi how are you?

I did whatever you told me, but it is not working

I fixed as much as I can

Here is codes


<html>
<body></body>

<?php
if (isset($_POST['formSubmitted']) AND $_POST['formSubmitted'] == "yes")
// WHY NOT: if($_POST['formSubmitted'] == "yes')
{
$con = mysql_connect("localhost","itohideo","1234");
if(!$con)
{
print("Fail DB Connection<br>\n");
exit;
}
if(!mysql_select_db("itohideo"))
{
print("Fail DB Selection<br>\n");
exit;
}

$username=$_POST['username'];
$password=$_POST['password'];


$sql="SELECT * FROM pk WHERE username='$username' AND password='$password'";

$result = mysql_query($sql);
if (!$result) {
echo "Query: " . $sql . "<br>";
echo mysql_error();
}

else
{
$row=mysql_fetch_array($result);
$username = $row["username"]; // <- CHANGED
echo"welcome back<strong>".$username."</strong>";
}



}


?>

Login:

<form action="<?php echo($_SERVER['PHP_SELF']); ?>" method="post">

<input type="text" name="username" size="23"><br>
<input type="password" name="password" size="23"><br>
<input type="submit" value="Send" name="submit">
<input type='hidden' name='formSubmitted' value='yes'>
</form>
<?
{}
?>
</body>
</html>


Please look at it

Thank you for helping me

I am going to move this topic to the mysql forum as that is where php questions related to mysql should be at as stated in the description of that forum.

Originally posted by 0810
I did whatever you told me, but it is not working


*sigh*
0810, "it is not working" is an inadequate error description. I have simply no idea what exactly is not working, because I can't guess the output of your script, and obviously I can't reproduce that because your server/database environment might be totally different from mine.

So *what* did not work? Threw the PHP engine errors, warnings or notices? Does the $username not show up in the welcoming message? Was a mysql error printed by the code I provided? Is your server burning?

I'm sorry that I can't write a detailed reply like "fix line no. x with $phpcode" because of the reasons stated above. How hard I even try, I can't work magic.