Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Dec 2010
    Posts
    22
    Thanks
    13
    Thanked 0 Times in 0 Posts

    what's wrong with it.

    here is my code everytime i try to login using this code it gives the same message
    Please try again

    Code:
    <?php
    if(isset($_POST['login']))
    {
    	require_once('mysql_connect.php');
    	function escape_data($data)
    		{
    			global $con;
    				if(ini_get('magic_quotes_gpc'))
    					{
    						$data = stripslashes($data);
    					}
    				return mysql_real_escape_string($data, $con);
    		}
    		$lmessage = NULL;
    		if(empty($_POST['email']))
    		{
    			$e = FALSE;
    			$lmessage .= '<p>Forgot to enter Email</p>';
    		}
    		else
    		{
    			escape_data($_POST['email']);
    		}
    		if(empty($_POST['password']))
    		{
    			$p = FALSE;
    			$lmessage .= '<p>Forgot to enter Password</p>';
    		}
    		else
    		{
    			escape_data($_POST['password']);
    		}
    		if($e && $p)
    		{
    			$query = "SELECT ID, FirstName FROM Family WHERE Email='$e' AND Password=PASSWORD('$p')";
    			$result = @mysql_query($query);
    			$row = mysql_fetch_array($result, MYSQL_NUM);
    				if($row)
    					{
    						session_name('YourVisitID');
    						session_start();
    						$_SESSION['FirstName'] = $row[1];
    						$_SESSION['ID'] = $row[0];
    						header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php");
    						exit();
    					}
    				else
    				{
    					$lmessage = '<p>Email and Password do not match.</p>';
    				}
    				mysql_close();
    				
    		}
    		else
    		{
    			$lmessage .= '<p>Please try again.</p>';
    		}
    }
    ?>
    <html>
    <body>
        	<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginForm">
            
             <table> 
            <tr><td>E-mail</td></tr>
            <tr><td><input type="text" name="email" style="font-family:Verdana, Geneva, sans-serif; font-size:12px" /></td></tr>
            <tr><td>Password</td></tr>
            <tr><td><input type="password" name="password" style="font-family:Verdana, Geneva, sans-serif; font-size:12px" /></td></tr> 
            <tr><td><input type="submit" name="login" value="Login" /></td></tr>
            </table>
              
    		</form>
         </body>
         </html>
            <?php
            if(isset($lmessage))
    		{
    		echo '<font color="red">' , $lmessage, '</font>';
    		}
    		?>
    Being a newbie I cant see anywrong with my code.

  • #2
    Regular Coder
    Join Date
    Jul 2010
    Location
    Sheffield
    Posts
    824
    Thanks
    93
    Thanked 18 Times in 18 Posts
    I think its the "if($e && $p)", try
    Code:
    if((isset($e)) && (isset($p)))

  • #3
    kgb
    kgb is offline
    New to the CF scene
    Join Date
    Aug 2009
    Posts
    7
    Thanks
    0
    Thanked 2 Times in 2 Posts
    PHP Code:
    <?php
    if(isset($_POST['login']))
    {
            require_once(
    'mysql_connect.php');
            function 
    escape_data($data)
                    {
                            global 
    $con;
                                    
    //if(ini_get('magic_quotes_gpc'))
                                    //      {
                                    //              $data = stripslashes($data);
                                    //      }
                                    
    return mysql_real_escape_string(stripslashes($data$con); // magic_quotes isn't a good idea to be relied on.
                    
    }
                    
    $lmessage NULL// no need of this line, just remove it
                    
    if(empty($_POST['email']))
                    {
                            
    $e FALSE;
                            
    $lmessage .= '<p>Forgot to enter Email</p>';
                    }
                    else
                    {
                            
    escape_data($_POST['email']); // you're not doing anything useful here, try to put that directly into the query
                                                          // or assign the returned & escaped value to variable, e.g. $email = escape_data($_POST['email']);
                                                          // or "SELECT ID, FirstName FROM Family WHERE Email = '".escape_data($_POST['email'])."' AND Password=PASSWORD('".escape_data($_POST['password'])."')"

                            // at this point probably you'll want to assign true boolean to the $e variable, e.g. $e = true;
                    
    }
                    if(empty(
    $_POST['password']))
                    {
                            
    $p FALSE;
                            
    $lmessage .= '<p>Forgot to enter Password</p>';
                    }
                    else
                    {
                            
    escape_data($_POST['password']); // same applies here too (not doing anything useful), try assign var or use directly with the db query

                            // at this point probably you'll want to assign true boolean to the $p variable, e.g. $p = true;
                    
    }
                    if(
    $e && $p// both variables are always empty or false and you go to the else statement
                                 // isset() won't help you here but it can harm because it ALWAYS evaluates to TRUE except
                                 // when variable doesn't exist or its value is NULL, only then it return false.
                    
    {
                            
    $query "SELECT ID, FirstName FROM Family WHERE Email='$e' AND Password=PASSWORD('$p')"// you're using (comparing with) the wrong variables
                                                                                                                      // I hope you use mysql PASSWORD() function to encrypt passwords when inserting them to db
                                                                                                                      // otherwise that query won't work. You'll need to use the proper hashing algorithm or
                                                                                                                      // if you don't use any just compare against the plain text, which I won't recommend.
                            
    $result = @mysql_query($query); // Here you can add some debugging, so if something goes wrong it will help you.
                                                            // kinda of: @mysql_query() or die("Sql error: ".mysql_error());
                                                            // or if statement, e.g. if(!$result): echo 'Could not run query: ' . mysql_error(); exit; endif;
                            
    $row mysql_fetch_array($resultMYSQL_NUM); // here you can use mysql_fetch_row as it returns numerical array too, but it's not big deal if you prefer this way
                                    
    if($row// you can se here mysql_num_rows, e.g. if(mysql_num_rows($result) == 1)
                                            
    {
                                                    
    session_name('YourVisitID');
                                                    
    session_start(); // most of the time it is a good practice to declare the session stuff at the top of the code, before anything else
                                                    
    $_SESSION['FirstName'] = $row[1];
                                                    
    $_SESSION['ID'] = $row[0];
                                                    
    header("Location: http://" $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/loggedin.php"); // read more about $_SERVER at http://php.net/manual/en/reserved.variables.server.php
                                                                                                                                                           // and about dirname http://us.php.net/manual/en/function.dirname.php
                                                                                                                                                           // check the comments also. You may want to use $_SERVER['SERVER_NAME']
                                                                                                                                                           // or even code these things to configuration file. HTTP_HOST depends on headers
                                                                                                                                                           // send  by the browser, so if the browser doesn't send Host: header then you're
                                                                                                                                                           // stuck with http:///somepath/loggedin.php Also in some cases dirname can produce
                                                                                                                                                           // only slash '/' so you get urls like http://yourhost.com//loggedin.php
                                                    
    exit();
                                            }
                                    else
                                    {
                                            
    $lmessage '<p>Email and Password do not match.</p>';
                                    }
                                    
    // you can also free the result memory here by calling mysql_free_result($result)
                                    // keep in mind that all non-persistent connections to the db are closed and the end
                                    // of the script execution, also all result memory is automatically freed at te end of the execution.
                                    
    mysql_close();

                    }
                    else
                    {
                            
    $lmessage .= '<p>Please try again.</p>';
                    }
    }
    ?>
    <html>
    <body>
            <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginForm">

             <table>
            <tr><td>E-mail</td></tr>
            <tr><td><input type="text" name="email" style="font-family:Verdana, Geneva, sans-serif; font-size:12px" /></td></tr>
            <tr><td>Password</td></tr>
            <tr><td><input type="password" name="password" style="font-family:Verdana, Geneva, sans-serif; font-size:12px" /></td></tr>
            <tr><td><input type="submit" name="login" value="Login" /></td></tr>
            </table>

                    </form>
         </body>
         </html>
    <?php
    if(isset($lmessage)) // simple if($lmessage) is just fine
    {
            echo 
    '<font color="red">' $lmessage'</font>';
    }
    ?>

  • Users who have thanked kgb for this post:

    muzammil (04-24-2011)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •