Home > Archive > PHP Language > March 2006 > php and MySQL - login problems
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
php and MySQL - login problems
|
|
| computing_guy 2006-03-24, 7:00 pm |
| Hey,
I am a newbie, trying to produce a login form which will compare the
user name and password entered by the user to a database in MySQL which
contains a user name and password previously entered in a registration
form. At the moment i have code which allows users to pass through to
the 'members section' however.. it will allow a user with an invalid
password to enter.. here is the code for the login html and php as i
have written it:
<html>
<head>
</head>
<body>
<BODY BGCOLOR="teal">
<left>
<img src="http://users.cs.cf.ac.uk/S.J.Crocker/pictures/cardiff.bmp">
</left><br>
<center>
<img src="http://users.cs.cf.ac.uk/S.J.Crocker/pictures/reunited.bmp">
</center>
<form method = "POST" action="members.html"
onSubmit="returnverifyform(this)">
<h1> Please enter your password to use member only facilities: </h1>
<br>User Name: <input type = "text" name = "user_name">
<font color="black">*</font><br>
<br>Password: <input type = "password" name = "password">
<font color="black">*</font><br>
<br><input type="submit" name = "enter" value = "Enter">
<input type="reset" name = "clear" value = "Clear">
<li><a href = "register.html">Register Free!!</a></li>
<?php
$connection = mysql_connect("sentinel.cs.cf.ac.uk","scm5sjc",
"**MY PASSWORD HERE**");
$password=$_POST['password'];
$user_name=$_POST['user_name'];
$errorMessage = '';
mysql_select_db("sjcdb",$connection) or die("failed!");
if ($row) {
if ($password == $row[9]){
header("Location:members.html");
}
else {
$errorMessage = 'Sorry, wrong user id / password';
echo $errorMessage;
}
}
mysql_close();
?>
</body>
</html>
Any help would be great, cheers
| |
| Geoff Berrow 2006-03-24, 7:00 pm |
| Message-ID: <1143216608.388692.148740@i40g2000cwc.googlegroups.com> from
computing_guy contained the following:
>Any help would be great, cheers
You need to run a query after you have selected the database..
e.g.
$result=mysql_query("SELECT * FROM table");
$row=mysql_fetch_assoc($result);
--
Geoff Berrow 0110001001101100010000000110
0011011010110110010001101111011001110010
11
1001100011011011110010111001110101011010
11
| |
| Damian Burrin 2006-03-24, 7:00 pm |
| >Any help would be great, cheers
You don't actually seem to query the database
//set up your sql query
$sql = "Select * FROM `members` WHERE `user_name` = \"" . $_POST[user_name]
.."\"";
//connect to sql sqlserver
$link = mysql_connect(SERVER, USER, PASSWORD) or die("Could not connect :
" . mysql_error());
//select required database
mysql_select_db(DATABASE) or die("Could not select database");
//run query
$result = mysql_query($sql) or die("Query failed : " . mysql_error());
//fetch result and place in $line array
$line = mysql_fetch_array($result);
//close database connection
mysql_close($link);
if ($_POST['password'] , $line['password'] == $line['password'])
{
do stuff
}else{
do different stuff
}
Hope this helps
Damian
--
Damian Burrin
UKRA 1159 Level 2 RSO
EARS 1115
http://www.ukrocketry.com
http://www.larf-rocketry.co.uk
LARF - Putting the amateur back in rocketry!!
"computing_guy" <gingercrock@hotmail.com> wrote in message
news:1143216608.388692.148740@i40g2000cwc.googlegroups.com...
> Hey,
> I am a newbie, trying to produce a login form which will compare the
> user name and password entered by the user to a database in MySQL which
> contains a user name and password previously entered in a registration
> form. At the moment i have code which allows users to pass through to
> the 'members section' however.. it will allow a user with an invalid
> password to enter.. here is the code for the login html and php as i
> have written it:
>
> <html>
>
> <head>
>
> </head>
>
> <body>
>
> <BODY BGCOLOR="teal">
>
> <left>
> <img src="http://users.cs.cf.ac.uk/S.J.Crocker/pictures/cardiff.bmp">
> </left><br>
>
> <center>
> <img src="http://users.cs.cf.ac.uk/S.J.Crocker/pictures/reunited.bmp">
> </center>
>
>
> <form method = "POST" action="members.html"
> onSubmit="returnverifyform(this)">
>
> <h1> Please enter your password to use member only facilities: </h1>
>
> <br>User Name: <input type = "text" name = "user_name">
> <font color="black">*</font><br>
>
> <br>Password: <input type = "password" name = "password">
> <font color="black">*</font><br>
>
> <br><input type="submit" name = "enter" value = "Enter">
> <input type="reset" name = "clear" value = "Clear">
>
>
> <li><a href = "register.html">Register Free!!</a></li>
>
>
>
>
>
> <?php
> $connection = mysql_connect("sentinel.cs.cf.ac.uk","scm5sjc",
> "**MY PASSWORD HERE**");
>
>
> $password=$_POST['password'];
> $user_name=$_POST['user_name'];
> $errorMessage = '';
>
> mysql_select_db("sjcdb",$connection) or die("failed!");
>
>
> if ($row) {
>
> if ($password == $row[9]){
>
> header("Location:members.html");
> }
>
> else {
>
>
> $errorMessage = 'Sorry, wrong user id / password';
> echo $errorMessage;
> }
>
> }
> mysql_close();
>
> ?>
>
>
> </body>
>
> </html>
>
> Any help would be great, cheers
>
| |
| computing_guy 2006-03-25, 6:57 pm |
| hey, i have taking this on board, the new code is seen below. however
when i now try to login the page simply goes blank, is there a way of
finding out any errors using code? or can you see any errors i have not
picked up on? thanks alot for your help.
<html>
<head>
</head>
<body>
<BODY BGCOLOR="teal">
<left>
<img src="http://users.cs.cf.ac.uk/S.J.Crocker/pictures/cardiff.bmp">
</left><br>
<center>
<img src="http://users.cs.cf.ac.uk/S.J.Crocker/pictures/reunited.bmp">
</center>
<form method = "POST" action="members.html"
onSubmit="returnverifyform(this)">
<h1> Please enter your password to use member only facilities: </h1>
<br>Password: <input type = "password" name = "password">
<font color="black">*</font><br>
<br><input type="submit" name = "enter" value = "Enter">
<input type="reset" name = "clear" value = "Clear">
<li><a href = "register.html">Register Free!!</a></li>
<?php
$connection = mysql_connect("sentinel.cs.cf.ac.uk","scm5sjc",
"MY PASSWORD HERE");
$password=$_POST['password'];
mysql_select_db("sjcdb",$connection) or die("failed!");
$sql = mysql_query("SELECT * FROM users WHERE password =
'$_POST[password]'");
$result = mysql_query($query);
$row = mysql_fetch_array($result)
mysql_close($link);
if ($_POST['password'] , $line['password'] == $line['password'])
{
header("Location:members.html");
}else{
header("Location:register.html");
}
}
?>
</body>
</html>
cheers for any help
| |
| Geoff Berrow 2006-03-25, 6:57 pm |
| Message-ID: <1143300316.061763.185790@e56g2000cwe.googlegroups.com> from
computing_guy contained the following:
>hey, i have taking this on board, the new code is seen below. however
>when i now try to login the page simply goes blank, is there a way of
>finding out any errors using code? or can you see any errors i have not
>picked up on? thanks alot for your help.
well it's better but I'd do this (untested):
mysql_select_db("sjcdb",$connection) or die("failed!");
/sanitise password
$password=mysql_real_escape_string($_POS
T['password']);
//run query
$result=mysql_query("SELECT * FROM users WHERE password =$password") or
die("could not query database");
if (mysql_num_rows($result)>0){
header("Location:members.html");
}else{
header("Location:register.html");
}
Actually, what I'd really do is make it a username and password pair,
and make sure that the username was unique, but you get the idea.
--
Geoff Berrow 0110001001101100010000000110
0011011010110110010001101111011001110010
11
1001100011011011110010111001110101011010
11
|
|
|
|
|