FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


PhP/mySQL problem need help!





darkjoker
Crying or Very sad ok i just got a register and login system put in i did it my self and just to let you know im not very good at ethier. But this is what is confuseing me. When i test it and register a user name and password the user name and pass are both logged on my database but when i test it(i.e login in) i get my error msg(i.e there is no password register for that name try agian) if someone could help me fix this it would be a very big help thanks.
coreymanshack
could you post the code please? there is no possible way we can give you a solution to your problem without seeing your code. there are several things that could be wrong with your code...
darkjoker
Code:
<?php
ob_start();

include("config.php");

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

$match = "select id from $table where username = '".$_POST['username']."'
and password = '".$_POST['password']."';";
 
$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);
 

if ($num_rows <= 0) {
echo "Sorry, there is no username $username with the specified password.<br>";
echo "<a href=index.html>Try again</a>";
exit;
} else {

setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "$username");
echo "You are now logged in!<br>";
echo "Continue to the <a href=members.php>members</a> section.";
}
ob_end_flush();
?>
Sorry bout that .
darkjoker
Another reason that it has to be the login.php page is because if you try to register 2 of the same names it will tell you can't. So i know it is connecting to the database. But when it tries to login theres ethier something missing or somethings wrong with the script.
mathiaus
Please don't double post.

I would hope that the stored passwords are encrypted in which case you need to encrypt the posted password and search for that in the database.
darkjoker
I didn't mean to double post i apologize. See i don't know anything about php or MySQL this is my first code. and the whole registering part works. Its pulling the username and password from the database when the person logs in thats were the problem is.
hexkid
Increase the level of error reporting in your script. Add these two lines right after the first <?php tag
Code:
error_reporting(E_ALL);
ini_set('display_errors', '1');



And if you don't mind having the password displayed on the browser while you're debugging the code, try this
Code:
// ...
if ($num_rows <= 0) {
echo "Sorry, there is no username $username with the specified password.<br>";
echo "<a href=index.html>Try again</a>";

### add this line for debugging purposes
echo 'The query was: <b><tt>', $match, '</tt></b>.';

exit;
} else {
// ...
}
rohan2kool
don't use $_POST variables directly in your script. For two reasons:

1. SQL injections. (directly using variables in queries) you must be aware of them. Search for it at wikipedia in case u need more info.


2. Don't use it anywhere in the script due to XSS vulnerabilities. now i don't know how that can be caused.. although i myself am searching for that. I just know that it causes some sort of XSS (Cross site scripting) attacks.

i know it's a bit offtopic.. so please don't mind it Very Happy
snowboardalliance
Did you verify the data is present in MySQL? Through phpMyAdmin probably. Also, besided the fact that you should be using mysql_real_escape_string() on the query, you should probably force user names to be lowercase, or make sure your type the exact case you registered in (UserName, cannot be logged in as username, Username, USERNAME, etc.)
darkjoker
snowboardalliance wrote:
Did you verify the data is present in MySQL? Through phpMyAdmin probably. Also, besided the fact that you should be using mysql_real_escape_string() on the query, you should probably force user names to be lowercase, or make sure your type the exact case you registered in (UserName, cannot be logged in as username, Username, USERNAME, etc.)
yes i have verified that the username and passwords are being saved in phpmyadmin. and everything is in lower case and being typed in the same case.
darkjoker
rohan2kool wrote:
don't use $_POST variables directly in your script. For two reasons:

1. SQL injections. (directly using variables in queries) you must be aware of them. Search for it at wikipedia in case u need more info.


2. Don't use it anywhere in the script due to XSS vulnerabilities. now i don't know how that can be caused.. although i myself am searching for that. I just know that it causes some sort of XSS (Cross site scripting) attacks.

i know it's a bit offtopic.. so please don't mind it Very Happy
sorry bout the double post just trying to reply to two messeges but if i shouldn't use $_POST what should i use instead.
darkjoker
Hey everyone who tried to help thanks for the help i fixed the problem come to find out it wasn't in the login code it was in the form code on the index page all i had to do was change this

Code:
<FORM name="" method="POST" action="login.php" enctype="application/x-www-form-urlencoded">
<INPUT type="text" style="position:absolute;left:123px;top:15px;width:144px;z-index:0" size="18" name="T1" value="">
<INPUT type="submit" name="login" value="Login" style="position:absolute;left:158px;top:88px;width:75px;height:24px;z-index:1">
<DIV style="position:absolute;left:59px;top:13px;width:60px;height:22px;z-index:2" align="left">
<FONT style="font-size:19px" color="#FFFFFF" face="Arial">Name:</FONT>
</DIV>
<DIV style="position:absolute;left:26px;top:51px;width:97px;height:22px;z-index:3" align="left">
<FONT style="font-size:19px" color="#FFFFFF" face="Arial">Password:</FONT>
</DIV>

<INPUT type="password" style="position:absolute;left:122px;top:50px;width:144px;z-index:5" size="18" name="T1" value="">

</FORM>


to this
Code:

<form action="login.php" method="post">
<FONT style="font-size:19px" color="#FFFFFF" face="Arial">Name:</FONT> <input type="text" name="username" style="position:absolute;left:123px;top:15px;width:144px;z-index:0" size="20"><br><br><br>
<FONT style="font-size:19px" color="#FFFFFF" face="Arial">Password:</FONT> <input type="password" name="password" style="position:absolute;left:122px;top:50px;width:144px;z-index:5" size="20"><br>
<input type="submit" value="Log In">
</form>
so thank you all MODs And admins can you please close this topic .
rohan2kool
truly speaking even i don't what. It's that you HAVE to use $_POST, but not directly. It's like escaping the mysql query parameters... search on wikipedia for XSS. Me doing the same Smile
Related topics
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.