Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Jul 2013
    Thanked 0 Times in 0 Posts

    First basic login form. Help needed!

    Alright, so I am fairly new to PHP and after writing a few basic scripts, reading a lot, and watching various guides I decided to jump into something a bit more complicated. I started writing what I think to be a fairly basic login form yesterday. After jumping into it I realized that some aspects are beyond my current understanding. However I am still determined to get this done. So here I am, asking for some help.

    My intent is to have the script connect to the database, and check it for user information. After the information is confirmed to be there it should redirect to "login_success.php". I have already placed login data into the database but when I try to log in, it gives me my message "The Username and Password you entered where invalid or incorrect. Please try again". I would like someone to help me understand why this is happening and how I might go about fixing it. Keep in mind that I did use parts of other people's code (yes I know, I'm lame) and I do not fully understand it. For example I dont really understand

    $login = mysql_query("SELECT * FROM $tbl_name WHERE username='$username' and password='$password'");


    $username = $_POST['username'];
    $password = $_POST['password'];

    Keeping all of this in mind. Here is the full script.

    mysql_connect("$server", "$mysql_username", "$mysql_password") or die ("Cannot connect to MySQL.");
    mysql_select_db("$db_name") or die ("Cannot connect to database.");
    //Retrieving data from html form
    $username = $_POST['username'];
    $password = $_POST['password'];
    //protection from mysql injection
    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);
    //checking if such data exist in our database and display result
    $login = mysql_query("SELECT * FROM $tbl_name WHERE username='$username' and password='$password'");
    if(mysql_num_rows($login) == 1) { header("location:login_success.php");
    else {echo "The Username and Password you entered where invalid or incorrect. Please try again";

  • #2
    Senior Coder
    Join Date
    Sep 2010
    Thanked 231 Times in 231 Posts
    You need a way of 'remembering' that the person is logged in as they go from page to page. One way is called $_SESSION, which is a global array that you can store information in during a site visit, another is to place a cookie on the user's machine. The cookie can keep them logged in much longer than the session.
    Welcome to http://www.myphotowizard.net

    where you can edit images, make a photo calendar, add text to images, and do much more.

    When you know what you're doing it's called Engineering, when you don't know, it's called Research and Development. And you can always charge more for Research and Development.

  • #3
    Regular Coder
    Join Date
    Nov 2012
    Thanked 12 Times in 12 Posts
    Kind of off-topic, 2 things to consider:

    1. As you're new to PHP, I'd advise you to skip the MySQL stuff and go straight to MySQLi. It will save you time now and again later when PHP 5.5 will become main stream. The standard MySQL library will be deprecated as of PHP 5.5 and removed from PHP 6 as far as I'm aware.

    2. You're probably only running this on a test server (judging by the 'root' login and 'test' database), but please consider that before going live you're going to need at least some form of encrypting your passwords.

    As for your original question, apparently mysql_num_rows($login) isn't equal to 1, otherwise it would've forwarded you to the second page. If you have access to phpMyAdmin (or similar) to directly access your database, do the following:

    1. After the line starting with $login, add the following:
    PHP Code:
    echo "SELECT * FROM $tbl_name WHERE username='$username' and password='$password'"
    2. Log-in as you'd normally do
    3. Now you'll see the exact query sent to the database. Copy this and use phpMyAdmin to query your database with it.
    4. See what the result is. You should see either none or more than one result appearing. That would be what's bothering your script.

    On your side-notes:
    PHP Code:
    $username $_POST['username'];
    $password $_POST['password']; 
    Once you've filled in your login form and click the button, the values entered in the text-boxes will be sent along to the script set in your forms ACTION (the one you posted) as $_POST-values. These two lines will check for these values and store them in PHP-variables. This might actually be the cause of your problem. Could you post your login-form too?

    PHP Code:
     $login mysql_query("SELECT * FROM $tbl_name WHERE username='$username' and password='$password'"); 
    This will send the query between the double quotes to the database and store the result-set in PHP variable $login. With this $login variable you can then perform result-set related things, like the mysql_num_rows or mysql_fetch_array (but as said, switch to MySQLi now, it'll save you rewriting scripts too!)

    Hope this helps =)
    Last edited by Thyrosis; 07-06-2013 at 10:22 AM.


    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts