ok i just got a register and login system put in i did it my self and just to let you know im not very good at ethier. But this is what is confuseing me. When i test it and register a user name and password the user name and pass are both logged on my database but when i test it(i.e login in) i get my error msg(i.e there is no password register for that name try agian) if someone could help me fix this it would be a very big help thanks.PhP/mySQL problem need help!
ok i just got a register and login system put in i did it my self and just to let you know im not very good at ethier. But this is what is confuseing me. When i test it and register a user name and password the user name and pass are both logged on my database but when i test it(i.e login in) i get my error msg(i.e there is no password register for that name try agian) if someone could help me fix this it would be a very big help thanks.could you post the code please? there is no possible way we can give you a solution to your problem without seeing your code. there are several things that could be wrong with your code...
| Code: |
| <?php
ob_start(); include("config.php"); // connect to the mysql server $link = mysql_connect($server, $db_user, $db_pass) or die ("Could not connect to mysql because ".mysql_error()); // select the database mysql_select_db($database) or die ("Could not select database because ".mysql_error()); $match = "select id from $table where username = '".$_POST['username']."' and password = '".$_POST['password']."';"; $qry = mysql_query($match) or die ("Could not match data because ".mysql_error()); $num_rows = mysql_num_rows($qry); if ($num_rows <= 0) { echo "Sorry, there is no username $username with the specified password.<br>"; echo "<a href=index.html>Try again</a>"; exit; } else { setcookie("loggedin", "TRUE", time()+(3600 * 24)); setcookie("mysite_username", "$username"); echo "You are now logged in!<br>"; echo "Continue to the <a href=members.php>members</a> section."; } ob_end_flush(); ?> |
Another reason that it has to be the login.php page is because if you try to register 2 of the same names it will tell you can't. So i know it is connecting to the database. But when it tries to login theres ethier something missing or somethings wrong with the script.
Please don't double post.
I would hope that the stored passwords are encrypted in which case you need to encrypt the posted password and search for that in the database.
I would hope that the stored passwords are encrypted in which case you need to encrypt the posted password and search for that in the database.
I didn't mean to double post i apologize. See i don't know anything about php or MySQL this is my first code. and the whole registering part works. Its pulling the username and password from the database when the person logs in thats were the problem is.
Increase the level of error reporting in your script. Add these two lines right after the first <?php tag
And if you don't mind having the password displayed on the browser while you're debugging the code, try this
| Code: |
| error_reporting(E_ALL);
ini_set('display_errors', '1'); |
And if you don't mind having the password displayed on the browser while you're debugging the code, try this
| Code: |
| // ...
if ($num_rows <= 0) { echo "Sorry, there is no username $username with the specified password.<br>"; echo "<a href=index.html>Try again</a>"; ### add this line for debugging purposes echo 'The query was: <b><tt>', $match, '</tt></b>.'; exit; } else { // ... } |
don't use $_POST variables directly in your script. For two reasons:
1. SQL injections. (directly using variables in queries) you must be aware of them. Search for it at wikipedia in case u need more info.
2. Don't use it anywhere in the script due to XSS vulnerabilities. now i don't know how that can be caused.. although i myself am searching for that. I just know that it causes some sort of XSS (Cross site scripting) attacks.
i know it's a bit offtopic.. so please don't mind it
1. SQL injections. (directly using variables in queries) you must be aware of them. Search for it at wikipedia in case u need more info.
2. Don't use it anywhere in the script due to XSS vulnerabilities. now i don't know how that can be caused.. although i myself am searching for that. I just know that it causes some sort of XSS (Cross site scripting) attacks.
i know it's a bit offtopic.. so please don't mind it
Did you verify the data is present in MySQL? Through phpMyAdmin probably. Also, besided the fact that you should be using mysql_real_escape_string() on the query, you should probably force user names to be lowercase, or make sure your type the exact case you registered in (UserName, cannot be logged in as username, Username, USERNAME, etc.)
| snowboardalliance wrote: |
| Did you verify the data is present in MySQL? Through phpMyAdmin probably. Also, besided the fact that you should be using mysql_real_escape_string() on the query, you should probably force user names to be lowercase, or make sure your type the exact case you registered in (UserName, cannot be logged in as username, Username, USERNAME, etc.) |
| rohan2kool wrote: |
| don't use $_POST variables directly in your script. For two reasons:
1. SQL injections. (directly using variables in queries) you must be aware of them. Search for it at wikipedia in case u need more info. 2. Don't use it anywhere in the script due to XSS vulnerabilities. now i don't know how that can be caused.. although i myself am searching for that. I just know that it causes some sort of XSS (Cross site scripting) attacks. i know it's a bit offtopic.. so please don't mind it |
Hey everyone who tried to help thanks for the help i fixed the problem come to find out it wasn't in the login code it was in the form code on the index page all i had to do was change this
to this
so thank you all MODs And admins can you please close this topic .
| Code: |
| <FORM name="" method="POST" action="login.php" enctype="application/x-www-form-urlencoded">
<INPUT type="text" style="position:absolute;left:123px;top:15px;width:144px;z-index:0" size="18" name="T1" value=""> <INPUT type="submit" name="login" value="Login" style="position:absolute;left:158px;top:88px;width:75px;height:24px;z-index:1"> <DIV style="position:absolute;left:59px;top:13px;width:60px;height:22px;z-index:2" align="left"> <FONT style="font-size:19px" color="#FFFFFF" face="Arial">Name:</FONT> </DIV> <DIV style="position:absolute;left:26px;top:51px;width:97px;height:22px;z-index:3" align="left"> <FONT style="font-size:19px" color="#FFFFFF" face="Arial">Password:</FONT> </DIV> <INPUT type="password" style="position:absolute;left:122px;top:50px;width:144px;z-index:5" size="18" name="T1" value=""> </FORM> |
to this
| Code: |
|
<form action="login.php" method="post"> <FONT style="font-size:19px" color="#FFFFFF" face="Arial">Name:</FONT> <input type="text" name="username" style="position:absolute;left:123px;top:15px;width:144px;z-index:0" size="20"><br><br><br> <FONT style="font-size:19px" color="#FFFFFF" face="Arial">Password:</FONT> <input type="password" name="password" style="position:absolute;left:122px;top:50px;width:144px;z-index:5" size="20"><br> <input type="submit" value="Log In"> </form> |
truly speaking even i don't what. It's that you HAVE to use $_POST, but not directly. It's like escaping the mysql query parameters... search on wikipedia for XSS. Me doing the same 
 |