Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Aug 2011
    Posts
    20
    Thanks
    2
    Thanked 0 Times in 0 Posts

    HELP!!!! Problem with my MySQL connected PHP login form :'(

    Hey people, Im new to PHP and MySQL and have bumped into a little problem trying to get my username and password verified. Most of the script is functional for example not granting access if the both/one of the login fields are empty.

    But, it actually seems to allow the user to login if they have entered text into both the username and password fields regardless of whether these (username/password) are stored in the corresponding login database.

    Here is the main script:

    PHP Code:
    <html> 
    <body> 

    <form action="index3.php?login=yes" method="POST"> 
    Username:<input type="text" name="user"><br /> 
    Password:<input type="password" name="pass"><br/> 
    <input type="submit" name="login" value="login" ><p> 
    </form> 

    <?php 

    $user
    =$_POST['user']; 
    $pass=$_POST['pass']; 
    $login=$_POST['login']; 

    function 
    denied() 
        { 
        echo 
    '<h3><span style= "color:red"> Access Denied!!! </span></h3><br><br>'
        } 
          
    function 
    granted ($user//function with username parameter retrieved 
        

        echo 
    '<h3><span style= "color:green"> Access Granted!!! </span></h3>'
        echo 
    'Welcome, ' $user
        } 

        if(
    $login=='login'
        { 
        
    $con= include_once "mysql_connect.php"
              
        
    $query "SELECT id FROM login WHERE user='$user' AND pass='$pass' "
        echo 
    $query
        
    $result mysql_query($query) or die ("ERROR IN SQL STATEMENT: ".mysql_error()); 
        
    $row mysql_fetch_assoc($result); 

                  
            if (empty(
    $user) || empty($pass)) 
            { 
            
    denied(); 
            die(
    "<br>Please fill out user login fields carefully....<br>"); 
            } 
              
            if (
    $result!=1
            { 
            
    granted($user); 
            } 
              
            else 
            { 
            
    denied (); 
            } 
        } 

    ?> 

    </body> 
    </html>
    And the following is external scripting associated with the the above:

    PHP Code:
    <?php 

    $db_host 
    "localhost"
    $db_username "rossbryan"
    $db_pass "security"
    $db_name "login"

    @
    mysql_connect("$db_host""$db_username""$db_pass") or die ("Could not connect to MySQL"); 
    @
    mysql_select_db("$db_name") or die ("No $db_name Database "); 

    ?>
    Any ideas of what the problem is and how i could possibly resolve this issue?

    For some reason i believe it could be something to do with the password not being verified correctly once retrieved from the database, maybe in the $return variable but im not entirely sure, just a guess. Even if it is that i wouldn't know another way of going about fixing it.

  • #2
    Master Coder mlseim's Avatar
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,397
    Thanks
    8
    Thanked 1,078 Times in 1,069 Posts
    if (mysql_num_rows($result)==1)
    {
    granted($user);
    }

    else
    {
    denied ();
    }


    And then, if the login is valid, you should set a SESSION variable so
    you know they are logged-in, when you go to a different page/script.
    Last edited by mlseim; 08-20-2011 at 09:30 PM.

  • #3
    New Coder
    Join Date
    Aug 2011
    Posts
    20
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Brilliant!. Thanks so much, that really did sort it. Such a simple thing solved a problem i spent ages trying to resolve. I appreciate you taking the time to have a look at my post and providing me with advice.

    Will get on to setting up a SESSION variable as advised. I believe ive read up on that aspect so should be pretty striaght forward (hopefully).

    Thanks dude.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •