Login script simply wont work....

tommykent1210 · 10-29-2009, 10:39 PM

Ok, im quite new to php. I have a tutorial booklet that helped me code this, however it wont work, its supposed to redirect me to admincp.php when i successfully login, and redirect back to index when login fails. However it only ever redirects to index.

here:

index:

PHP Code:


			
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>mysite</title>
<script language="javascript">
function Validate(){
    var username = document.frmLogin.txtUsername.value;
    var lenusername = username.length;
    var password = document.frmLogin.txtPassword.value;
    var lenpassword = password.length;
    if(username <1) {
        alert("Please enter your username.");
        document.frmLogin.txtUsername.value = "");
        return false;
    }
    else if(lenpassword <1) {
        alert("Please enter your passowrd.");
        document.frmLogin.txtPassword.value = "");
        return false;
    }
    else {
        frmLogin.Submit.disabled = true;
        return true;
    }
}
</script>
// ----------------------------------------------------------------------\
// Tom's Website                                                          |
// Copyright 2009 GFX-Core                                                  |
//                                                                          |
// Redistribution prohibited without written permission                      |
// ______________________________________________________________________/
</head>

<body>
<H3>My Website</h3>
<br/>
<table>
    <form name="frmLogin" action="login.php" method="post" onSubmit="return Validate()">
    <input type="hidden" value="agentlogin" />
    <tr>
        <td><input name="txtUsername" type="text" id="txtUsername" maxlength="30" />
        Username</td>
    </tr>
    <tr>
        <td><input name="txtPassword" type="password" id="txtPassword" maxlength="10" />
        Password </td>
     </tr>  
    <tr>
        <td><input type="submit" name="submit" value="Login" /></td>
    </tr>
    </form>
</body>
</html>

Login.php:

PHP Code:


			
<?php
include("inc/config.php");

session_start();
header("Cache-control: private");
$username = trim($_POST['txtUsername']);
$password = trim($_POST['txtPassword']);
    if ($username != "" && $password != "") {

//Connect to Database
     $db = mysql_connect("$dbhost, $dbuser, $dbpass");
     mysql_select_db("$dbname, $db");
    $sql = "SELECT * FROM users WHERE username ='" .$username."'AND password ='" .$password."'";
    $result = mysql_query($sql);
//Count number of records
    $num=mysql_num_rows($result);
    if($num==0){
            //close DB
            mysql_close();
            //then redirect to index
            header("Location: index.php");
    }
    else {
        //login ok!
        $_SESSION['ID'] = mysql_result($result,0,"ID");
        //go to menu
        header("Location: admincp.php");
    }
    //close database
    mysql_close();
}
    else{
        $_SESSION['ID'] ="";
    header("Location: index.php");
    }
?>

Herlp would be appreciated

Phil Jackson · 10-29-2009, 11:09 PM

$num=mysql_numrows($result);

to

$num=mysql_num_rows($result);

for a start

tommykent1210 · 10-29-2009, 11:54 PM

ok, fixed. still doesnt solve the probelm... Is the include config.php file bit correct?

_Aerospace_Eng_ · 10-29-2009, 11:57 PM

This is wrong

PHP Code:


			
$db = mysql_connect("$dbhost, $dbuser, $dbpass");
     mysql_select_db("$dbname, $db");

It should be

PHP Code:


			
$db = mysql_connect($dbhost, $dbuser, $dbpass);
     mysql_select_db($dbname, $db);

Learn to follow the tutorial better. I doubt it told you to put all of those in quotes. Also there is a of other stuff wrong. The main thing I see is you aren't protecting yourself from mysql_injection and sooner or later you site will likely get hacked.

http://www.tizag.com/mysqlTutorial/m...-injection.php

Phil Jackson · 10-29-2009, 11:58 PM

dont know... change it to

PHP Code:


			

$dir = "inc/config.php";
if(file_exists($dir))
{
    include($dir);
}
else
{
    echo "dir does not exist";
}

Phil Jackson · 10-29-2009, 11:59 PM

change

PHP Code:


			
$result = mysql_query($sql);

to

PHP Code:


			
$result = mysql_query($sql) or die("Error: ".mysql_error());

tommykent1210 · 10-30-2009, 12:15 AM

It seems that it wont connect to the mysql. It says;

Code:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'nobody'@'10.50.0.58' (using password: NO) in /home/a9541859/public_html/mysite/login.php

yet the password is being used, it just doesnt seem to recognise it....

tommykent1210 · 10-30-2009, 12:17 AM

then:

Code:

Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host 'MYWEBHOSTMYSQL, MYSQLUSERNAME, PASSWORD' (3) in /home/a9541859/public_html/mysite/login.php

obviously i have removed my details

Phil Jackson · 10-30-2009, 12:20 AM

("$dbhost, $dbuser, $dbpass");

to

($dbhost, $dbuser, $dbpass);

tommykent1210 · 10-30-2009, 12:26 AM

Ah-ha! that worked, thanks

better correct this book then lol, written for A-level and ive found 3 mistakes already

Phil Jackson · 10-30-2009, 12:37 AM

no worries