Free Web Hosting Forum
(#1)
Old
phalbachjr phalbachjr is offline
Junior Member
phalbachjr is on a distinguished road
 
Posts: 9
Join Date: Nov 2010
Default Can't get my login PHP to work. - 03-02-2011, 12:43 PM

I am trying to create a login script for a part of my website. I have a database to hold the information and I want to compare the user input from my html form to information in the database.

A sample of my code is listed below. So far, only the "fail" part of my script is working and will redirect me to login again. I'm not sure if it is connecting to the database and checking the input for the correct information.

Would anyone out there know if I am doing this correctly?
Thank you in advance your time.

<?php
// Define username and password variables for returned post method from input form
$Name = $_POST["user"];
$Pass = $_POST["mail"];


if($Name != "" || $Pass != "")
{

// Select database and log on
$con = mysql_connect("mysql13.000webhost.com", "DATABASE NAME HIDDEN", "PASSWORD HIDDEN");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("DATABASE NAME HIDDEN", $con);

//ScrName and Email are the field names from the table that need to be verified.
$query = mysql_query("SELECT * FROM Mix WHERE ScrName = '" . $ScrName . "' AND Email = '" . $Email . "' ", $con);

$num = mysql_num_rows($query);
echo $num;

if($num != 0)
{
$result = mysql_result($query, 0);
echo $result;
}

$row=mysql_fetch_array($result);
{
$SN=$row['ScrName'];
$EM=$row['Email'];
}

//I want to compare the values from the input form to the values in the table
if($Name == $SN && $Pass ==$EM)
{
header("Location: mixsetup.html");
}
else if($Pass!= $EM ||$Name != $SN )
{
echo("Please Enter Correct Username and Password ...");
header("Location: Loginfail.html");
}
}

?>
Reply With Quote
(#2)
Old
grace1004 grace1004 is offline
Senior Member
grace1004 is on a distinguished road
 
Posts: 890
Join Date: Dec 2010
Default 03-02-2011, 01:07 PM

Quote:
//ScrName and Email are the field names from the table that need to be verified.
$query = mysql_query("SELECT * FROM Mix WHERE ScrName = '" . $ScrName . "' AND Email = '" . $Email . "' ", $con);
$Name = $_POST["user"];
$Pass = $_POST["mail"];

The $_POST values are defined as above, so you need to change as follows:

$query = mysql_query("SELECT * FROM Mix WHERE ScrName = '" . $Name . "' AND Email = '" . $Pass . "' ", $con);
Reply With Quote
(#3)
Old
phalbachjr phalbachjr is offline
Junior Member
phalbachjr is on a distinguished road
 
Posts: 9
Join Date: Nov 2010
Default 03-02-2011, 03:21 PM

Thank you very much for looking at this. I did make the change but I don't think that it is making the connection or looking at the database to verify the input.

I have a table in my database called Mix with the field names ScrName and Email. I want to compare the user input on the form which come in as:

$Name = $_POST["user"];
$Pass = $_POST["mail"];

and compare it to my fields in the table (ScrName and Email). I'm not sure if my code in the first post is actually making that comparison.

Thank you again, I really do appreciate your time and effort.
Reply With Quote
(#4)
Old
grace1004 grace1004 is offline
Senior Member
grace1004 is on a distinguished road
 
Posts: 890
Join Date: Dec 2010
Default 03-02-2011, 11:26 PM

Could you show us the code for login form?
Reply With Quote
(#5)
Old
phalbachjr phalbachjr is offline
Junior Member
phalbachjr is on a distinguished road
 
Posts: 9
Join Date: Nov 2010
Default 03-03-2011, 01:00 AM

Here is the form.

<h3>Welcome to The Mix</h3>
If you are new, please click on the link below to register your login information. If you're already a member, just enter your screen name and email address and hit login.<br>

<form
method="post"
action="login.php">

Enter Your Email Address: <input type="text" name="mail" size="30"/>
<br>
Enter Your Screen Name: <input type="text" name="user" size="20"/>
<br>

<input type="submit" value="Login"/> <input type="reset" value="Reset"/>
<a href="New Contact.html"> Register </a>
</form>
Reply With Quote
(#6)
Old
james11's Avatar
james11 james11 is offline
Senior Member
james11 is on a distinguished road
 
Posts: 174
Join Date: Nov 2010
Default 03-03-2011, 01:41 AM

you code looks realy ugly for it being a realy simple login code
there part were you have
PHP Code:
if($Name != "" || $Pass != ""
you could of just put
PHP Code:
if($Name && $Pass){
//code here
}else {
    echo 
"You must submit all the fields!";

and your never doing a check to make shure the login button was clicked

also with
PHP Code:
// Select database and log on
$con mysql_connect("mysql13.000webhost.com""DATABASE NAME HIDDEN""PASSWORD HIDDEN");
if (!
$con)
{
die(
'Could not connect: ' mysql_error());
}

mysql_select_db("DATABASE NAME HIDDEN"$con); 
you could of just put this as a connection.php file
PHP Code:
<?php

$con 
mysql_connect("mysql13.000webhost.com""DATABASE NAME HIDDEN""PASSWORD HIDDEN") or die(mysql_error());
$db mysql_select_db("DATABASE NAME HIDDEN"$con);

?>
and included it to your login file

and with this part
PHP Code:
//ScrName and Email are the field names from the table that need to be verified.
$query mysql_query("SELECT * FROM Mix WHERE ScrName = '" $ScrName "' AND Email = '" $Email "' "$con); 
it should be

PHP Code:
//ScrName and Email are the field names from the table that need to be verified.
$query mysql_query("SELECT * FROM `Mix` WHERE `crName`='".$ScrName."' AND `Email`='".$Email."'"); 
plus with this part
PHP Code:
$num mysql_num_rows($query); echo $num
and you shouldn't echo out a mysql query

and this is how you check if something is in a database

PHP Code:
$res mysql_query($query);

if(
mysql_num_rows($res) > 0){
//code in here
}else {
echo 
"Incorrect username and or password combination!";

and to do a login and get it to work you nead to put session_start() at the top

also you nead to set a session variable like this $_SESSION['id'] = $row['id'];

this is a sample login script that i made
PHP Code:
<?php

session_start
();

include 
"./connect.php";

$form "<table>
        <form action=\"login.php\" method=\"post\">
        <tr>
            <td>Username: </td><td><input type=\"text\" name=\"user\" />
        </tr>
        <tr>
            <td>Password: </td><td><input type=\"password\" name=\"pass\" />
        </tr>
        <tr>
            <td><input type=\"submit\" name=\"submit\" value=\"Login\" />
        </tr>
        </form>
        </table>"
;
        
if(!
$_POST['submit']) {
    echo 
$form;
}else {
    
$user $_POST['user'];
    
$pass $_POST['pass'];
    
    if(
$user && $pass) {
        
$sql "SELECT `id` FROM `tutorial` WHERE `username`='".$user."'";
        
$res mysql_query($sql) or die(mysql_error());
        if(
mysql_num_rows($res) > 0) {
            
$sql2 "SELECT `id` FROM `tutorial` WHERE `password`='".$pass."' AND `username`='".$user."'";
            
$res2 mysql_query($sql2);
            if(
mysql_num_rows($res2) > 0){
                
$row mysql_fetch_assoc($res2);
                
$_SESSION['uid'] = $row['id'];
                
                echo 
"You have been logged in as $user. Click <a href=\"member.php\">here</a> to the member page.";
            }else {
                echo 
"That username password combination doesn't exist! $form";
            }
        }else {
            echo 
"That username doesn't exist! $form";
        }
    }else {
        echo 
"You must submit all fields! $form";
    }
}

?>

the connect.php file
<?php

$con 
mysql_connect("localhost","root","") or die(mysql_error());
$db mysql_select_db("login tutorial",$con);

?>

Last edited by james11; 03-03-2011 at 03:01 AM.
Reply With Quote
(#7)
Old
Leder678's Avatar
Leder678 Leder678 is offline
Senior Member
Leder678 is on a distinguished road
 
Posts: 1,830
Join Date: Jan 2009
Location: Norway
Default 03-03-2011, 09:08 AM

James, using (notset OR notset) gives less code, because you don't need all the brackets.
And doing two queries for the same thing, don't to, waste of resources.
Please start using require_once, more failproof and gives more error information uppon an error.

using
if(!var || !var) die();
is acctually a very nice way to show off errors
or maybe:
if(!var || !var) { header("Location: index.php"); exit(); }
does work great aswell, once more for saving resources.

So I ended up with this:
PHP Code:
<?php 

session_start
(); 

require_once(
"connect.php"); // no need for dotslash here, it's in the same folder... and require_once is more failproof (could use include_once() aswell) but require gives more information uppon an error.

$form "<table> 
            <form action='login.php' method='post'> 
            <tr> 
                <td>Username: </td><td><input type='text' name='user' /> 
            </tr> 
            <tr> 
                <td>Password: </td><td><input type='password' name='pass' /> 
            </tr> 
            <tr> 
                <td><input type='submit' name='submit' value='Login' /> 
            </tr> 
            </form> 
        </table>"
// Do NOT use \" when you still have the option to use singlequotes, looks so messy...

$user $_POST['user']; 
$pass $_POST['pass']; //defining these in the start makes the source looks nicer
    
if(!$_POST['submit']) die($form); // just kill the rest of the script if the form isn't submitted.
if(!$user || !$pass) die("Required fields missing<br /><br /> $form"); // killing the rest of the script and echoing the form and error
    
    
$sql "SELECT id FROM tutorial WHERE password = '$pass' AND username = '$user'"// just like with the variables and prints/echoes, you don't need to ".$var." anything with double quotemarks
    
$res mysql_query($sql) or die(mysql_error()); 
    if(
mysql_num_rows($res) > 0) { 
        
$row mysql_fetch_assoc($res); 
        
$_SESSION['uid'] = $row['id']; 
        echo 
"You have been logged in as $
        user. Click <a href=\"member.php\">here</a> to the member page."

    } else { 
        echo 
"That username/password combination doesn't exist!<br /><br/> $form"
    } 

?> 

The connect.php file 
<?php 

$con 
mysql_connect("localhost","root","") or die(mysql_error()); 
$db mysql_select_db("login tutorial",$con); //no, no, no.. don't use spacing on names... use underscores.

?>


Follow me on twitter @Mortenrb

W3Fools - Read and learn

Please AT LEAST read the 10 bolded lines of the TOS at:
http://www.000webhost.com/includes/tos.php
Reply With Quote
(#8)
Old
phalbachjr phalbachjr is offline
Junior Member
phalbachjr is on a distinguished road
 
Posts: 9
Join Date: Nov 2010
Default 03-03-2011, 04:37 PM

Thank you all for helping me out. To say I'm a beginner is giving myself TOO MUCH credit. The php now works like a charm.
Reply With Quote
(#9)
Old
james11's Avatar
james11 james11 is offline
Senior Member
james11 is on a distinguished road
 
Posts: 174
Join Date: Nov 2010
Default 03-03-2011, 11:18 PM

this was just a simple sample script i made i didn't say it was perfect
Reply With Quote
Reply

Tags
help me, login, php

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com