redwall_hp Posted August 28, 2006 Share Posted August 28, 2006 I have a membership system I've been working on. The login page is at http://www.siteofrequirement.com/myportkey/login.php. If you enter the username test and the password test it should display a link to another page (early development stage). Instead, the page refrshes and nothing happens. Here is the code if anyone can help. <?php//access config$dbhost = '[host]';$dbusername = '[db username]';$dbuserpass = '[db password]';$dbname = '[db name]';$badlogin = 0;Session_start();//connectmysql_connect($dbhost, $dbusername, $dbuserpass);mysql_select_db($dbname) or die("Error. Cannot conect to database. Please inform the webmaster via email");if ($POST['username']) {//password and username supplied?$username = $_POST['username'];$password = $_POST['password'];$query = mysql_query("SELECT username,password FROM portkey_table WHERE username = '$username'") or die (mysql_error());$data = mysql_fetch_array($query);if ($data['password'] != $password) {echo "Wrong password.";$badlogin = 1;}if ($data['username'] != $username) {echo "Wrong username";$badlogin = 1;}if ($badlogin = 0) {$query = mysql_query ("SELECT username,password FROM portkey_table WHERE username = '$username'") or die (mysql_error());$row = mysql_fetch_array ($query);$_SESSION["s_username"] = $row['username'];echo "You are now logged in. <a href='admin.php'>Click here to continue.</a>";}}?><form action="login.php">Username: <input type="text" name="username"><br>Password: <input type="password" name="password"><br><input type="submit" value="login"></form> Link to comment Share on other sites More sharing options...
skym Posted August 28, 2006 Share Posted August 28, 2006 Changeif ($POST['username']) {toif ($_POST['username']) { Link to comment Share on other sites More sharing options...
redwall_hp Posted August 29, 2006 Author Share Posted August 29, 2006 Cant believe I missed that, but it still isn't working. Link to comment Share on other sites More sharing options...
skym Posted August 29, 2006 Share Posted August 29, 2006 Cant believe I missed that, but it still isn't working.I didn't see it yesterday, put method="post" in the <form>, and also changeif ($badlogin = 0) {toif ($badlogin == 0) { Link to comment Share on other sites More sharing options...
Millar Posted August 29, 2006 Share Posted August 29, 2006 Forms default method is GET so you have to remember to set method to POST if you want to use the $_POST variable.Also [ if ($badlogin = 0) { ] Would automaticaly set $badlogin to 0 rather than see if the value is equal. Link to comment Share on other sites More sharing options...
reportingsjr Posted August 29, 2006 Share Posted August 29, 2006 I think thise is wrong:if ($data['password'] != $password) {I dont see an array called data.. and if you are trying to use $_GET or $_POST then this is wrong, you can use $_REQUEST for this but thats a bad idea considering people can use mysql injection with that.. also around everything going into mysql use mysql_real_escape_string like so:$query = mysql_query("SELECT username,password FROM portkey_table WHERE username = '{mysql_real_escape_string($username)}'") Link to comment Share on other sites More sharing options...
skym Posted August 29, 2006 Share Posted August 29, 2006 There is $data = mysql_fetch_array($query); Link to comment Share on other sites More sharing options...
justsomeguy Posted August 29, 2006 Share Posted August 29, 2006 $query = mysql_query("SELECT username,password FROM portkey_table WHERE username = '{mysql_real_escape_string($username)}'")You can't put a function name in brackets like that, only string replacement. It would have to be like this:$query = mysql_query("SELECT username,password FROM portkey_table WHERE username = '" . mysql_real_escape_string($username) . "'"); Link to comment Share on other sites More sharing options...
redwall_hp Posted August 29, 2006 Author Share Posted August 29, 2006 Everything is working now. You can test it if you want at http://www.siteofrequirement.com/myportkey/login.php. Use test as username and test as password. The code is as follows, thanks for the help. <?php//access config$dbhost = 'db1.awardspace.com';$dbusername = '<CENSORED FOR SECURITY>';$dbuserpass = '<CENSORED FOR SECURITY>';$dbname = 'redwall_hp_db';$badlogin = 0;Session_start();//connectmysql_connect($dbhost, $dbusername, $dbuserpass);mysql_select_db($dbname) or die("Error. Cannot conect to database. Please inform the webmaster via email");if ($_POST['username']) {//password and username supplied?$username = $_POST['username'];$password = $_POST['password'];$query = mysql_query("SELECT username,password FROM portkey_table WHERE username = '$username'") or die (mysql_error());$data = mysql_fetch_array($query);if ($data['password'] != $password) {echo "Wrong password.";$badlogin = 1;}if ($data['username'] != $username) {echo "Wrong username";$badlogin = 1;}if ($badlogin == 0) {$query = mysql_query ("SELECT username,password FROM portkey_table WHERE username = '$username'") or die (mysql_error());$row = mysql_fetch_array ($query);$_SESSION["s_username"] = $row['username'];echo "You are now logged in. <a href='admin.php'>Click here to continue.</a>";}}?><form action="login.php" method="post">Username: <input type="text" name="username"><br>Password: <input type="password" name="password"><br><input type="submit" value="login"></form> Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now