Can't get my login PHP to work

Website Building
#1

I am trying to create a login script for a part of my website. I have a database to hold the information and I want to compare the user input from my html form to information in the database.

A sample of my code is listed below. So far, only the “fail” part of my script is working and will redirect me to login again. I’m not sure if it is connecting to the database and checking the input for the correct information.

Would anyone out there know if I am doing this correctly?
Thank you in advance your time.

<?php
// Define username and password variables for returned post method from input form
$Name = $_POST[“user”];
$Pass = $_POST[“mail”];

if($Name != “” || $Pass != “”)
{

// Select database and log on
$con = mysql_connect(“mysql13.000webhost.com”, “DATABASE NAME HIDDEN”, “PASSWORD HIDDEN”);
if (!$con)
{
die('Could not connect: ’ . mysql_error());
}

mysql_select_db(“DATABASE NAME HIDDEN”, $con);

//ScrName and Email are the field names from the table that need to be verified.
$query = mysql_query(“SELECT * FROM Mix WHERE ScrName = '” . $ScrName . “’ AND Email = '” . $Email . "’ ", $con);

$num = mysql_num_rows($query);
echo $num;

if($num != 0)
{
$result = mysql_result($query, 0);
echo $result;
}

$row=mysql_fetch_array($result);
{
$SN=$row[‘ScrName’];
$EM=$row[‘Email’];
}

//I want to compare the values from the input form to the values in the table
if($Name == $SN && $Pass ==$EM)
{
header(“Location: mixsetup.html”);
}
else if($Pass!= $EM ||$Name != $SN )
{
echo(“Please Enter Correct Username and Password …”);
header(“Location: Loginfail.html”);
}
}

?>

#2

//ScrName and Email are the field names from the table that need to be verified.
$query = mysql_query(“SELECT * FROM Mix WHERE ScrName = '” . $ScrName . “’ AND Email = '” . $Email . "’ ", $con);

$Name = $_POST[“user”];
$Pass = $_POST[“mail”];

The $_POST values are defined as above, so you need to change as follows:

$query = mysql_query(“SELECT * FROM Mix WHERE ScrName = '” . $Name . “’ AND Email = '” . $Pass . "’ ", $con);

#3

Thank you very much for looking at this. I did make the change but I don’t think that it is making the connection or looking at the database to verify the input.

I have a table in my database called Mix with the field names ScrName and Email. I want to compare the user input on the form which come in as:

$Name = $_POST[“user”];
$Pass = $_POST[“mail”];

and compare it to my fields in the table (ScrName and Email). I’m not sure if my code in the first post is actually making that comparison.

Thank you again, I really do appreciate your time and effort.

#4

Could you show us the code for login form?

#5

Here is the form.

<h3>Welcome to The Mix</h3>
If you are new, please click on the link below to register your login information. If you’re already a member, just enter your screen name and email address and hit login.<br>

<form
method="post"
action=“login.php”>

Enter Your Email Address: <input type=“text” name=“mail” size=“30”/>
<br>
Enter Your Screen Name: <input type=“text” name=“user” size=“20”/>
<br>

<input type=“submit” value=“Login”/> <input type=“reset” value=“Reset”/>
<a href=“New Contact.html”> Register </a>
</form>

#6

you code looks realy ugly for it being a realy simple login code
there part were you have

if($Name != "" || $Pass != "")

you could of just put

if($Name && $Pass){
//code here
}else {
    echo "You must submit all the fields!";
}

and your never doing a check to make shure the login button was clicked

also with

// Select database and log on
$con = mysql_connect("mysql13.000webhost.com", "DATABASE NAME HIDDEN", "PASSWORD HIDDEN");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("DATABASE NAME HIDDEN", $con);

you could of just put this as a connection.php file


<?php

$con = mysql_connect("mysql13.000webhost.com", "DATABASE NAME HIDDEN", "PASSWORD HIDDEN") or die(mysql_error());
$db = mysql_select_db("DATABASE NAME HIDDEN", $con);

?>

and included it to your login file

and with this part

//ScrName and Email are the field names from the table that need to be verified.
$query = mysql_query("SELECT * FROM Mix WHERE ScrName = '" . $ScrName . "' AND Email = '" . $Email . "' ", $con);

it should be


//ScrName and Email are the field names from the table that need to be verified.
$query = mysql_query("SELECT * FROM `Mix` WHERE `crName`='".$ScrName."' AND `Email`='".$Email."'");

plus with this part

$num = mysql_num_rows($query); echo $num;

and you shouldn’t echo out a mysql query

and this is how you check if something is in a database


$res = mysql_query($query);

if(mysql_num_rows($res) > 0){
//code in here
}else {
echo "Incorrect username and or password combination!";
}

and to do a login and get it to work you nead to put session_start() at the top

also you nead to set a session variable like this $_SESSION[‘id’] = $row[‘id’];

this is a sample login script that i made


<?php

session_start();

include "./connect.php";

$form = "<table>
		<form action=\"login.php\" method=\"post\">
		<tr>
			<td>Username: </td><td><input type=\"text\" name=\"user\" />
		</tr>
		<tr>
			<td>Password: </td><td><input type=\"password\" name=\"pass\" />
		</tr>
		<tr>
			<td><input type=\"submit\" name=\"submit\" value=\"Login\" />
		</tr>
		</form>
		</table>";
		
if(!$_POST['submit']) {
	echo $form;
}else {
	$user = $_POST['user'];
	$pass = $_POST['pass'];
	
	if($user && $pass) {
		$sql = "SELECT `id` FROM `tutorial` WHERE `username`='".$user."'";
		$res = mysql_query($sql) or die(mysql_error());
		if(mysql_num_rows($res) > 0) {
			$sql2 = "SELECT `id` FROM `tutorial` WHERE `password`='".$pass."' AND `username`='".$user."'";
			$res2 = mysql_query($sql2);
			if(mysql_num_rows($res2) > 0){
				$row = mysql_fetch_assoc($res2);
				$_SESSION['uid'] = $row['id'];
				
				echo "You have been logged in as $user. Click <a href=\"member.php\">here</a> to the member page.";
			}else {
				echo "That username password combination doesn't exist! $form";
			}
		}else {
			echo "That username doesn't exist! $form";
		}
	}else {
		echo "You must submit all fields! $form";
	}
}

?>

the connect.php file
<?php

$con = mysql_connect("localhost","root","") or die(mysql_error());
$db = mysql_select_db("login tutorial",$con);

?>
#7

James, using (notset OR notset) gives less code, because you don’t need all the brackets.
And doing two queries for the same thing, don’t to, waste of resources.
Please start using require_once, more failproof and gives more error information uppon an error.

using
if(!var || !var) die();
is acctually a very nice way to show off errors
or maybe:
if(!var || !var) { header(“Location: index.php”); exit(); }
does work great aswell, once more for saving resources.

So I ended up with this:

<?php 

session_start(); 

require_once("connect.php"); // no need for dotslash here, it's in the same folder... and require_once is more failproof (could use include_once() aswell) but require gives more information uppon an error.

$form = "<table> 
			<form action='login.php' method='post'> 
			<tr> 
				<td>Username: </td><td><input type='text' name='user' /> 
			</tr> 
			<tr> 
				<td>Password: </td><td><input type='password' name='pass' /> 
			</tr> 
			<tr> 
				<td><input type='submit' name='submit' value='Login' /> 
			</tr> 
			</form> 
        </table>"; // Do NOT use \" when you still have the option to use singlequotes, looks so messy...

$user = $_POST['user']; 
$pass = $_POST['pass']; //defining these in the start makes the source looks nicer
	
if(!$_POST['submit']) die($form); // just kill the rest of the script if the form isn't submitted.
if(!$user || !$pass) die("Required fields missing<br /><br /> $form"); // killing the rest of the script and echoing the form and error
	
	$sql = "SELECT id FROM tutorial WHERE password = '$pass' AND username = '$user'"; // just like with the variables and prints/echoes, you don't need to ".$var." anything with double quotemarks
	$res = mysql_query($sql) or die(mysql_error()); 
	if(mysql_num_rows($res) > 0) { 
		$row = mysql_fetch_assoc($res); 
		$_SESSION['uid'] = $row['id']; 
		echo "You have been logged in as $
		user. Click <a href=\"member.php\">here</a> to the member page."; 
	} else { 
		echo "That username/password combination doesn't exist!<br /><br/> $form"; 
	} 

?> 

The connect.php file 
<?php 

$con = mysql_connect("localhost","root","") or die(mysql_error()); 
$db = mysql_select_db("login tutorial",$con); //no, no, no.. don't use spacing on names... use underscores.

?>
#8

Thank you all for helping me out. To say I’m a beginner is giving myself TOO MUCH credit. The php now works like a charm.

#9

this was just a simple sample script i made i didn’t say it was perfect