LOgin Script problem

redwall_hp · August 28, 2006

I have a membership system I've been working on. The login page is at http://www.siteofrequirement.com/myportkey/login.php. If you enter the username test and the password test it should display a link to another page (early development stage). Instead, the page refrshes and nothing happens. Here is the code if anyone can help.

<?php//access config$dbhost = '[host]';$dbusername = '[db username]';$dbuserpass = '[db password]';$dbname = '[db name]';$badlogin = 0;Session_start();//connectmysql_connect($dbhost, $dbusername, $dbuserpass);mysql_select_db($dbname) or die("Error. Cannot conect to database. Please inform the webmaster via email");if ($POST['username']) {//password and username supplied?$username = $_POST['username'];$password = $_POST['password'];$query = mysql_query("SELECT username,password FROM portkey_table WHERE username = '$username'") or die (mysql_error());$data = mysql_fetch_array($query);if ($data['password'] != $password) {echo "Wrong password.";$badlogin = 1;}if ($data['username'] != $username) {echo "Wrong username";$badlogin = 1;}if ($badlogin = 0) {$query = mysql_query ("SELECT username,password FROM portkey_table WHERE username = '$username'") or die (mysql_error());$row = mysql_fetch_array ($query);$_SESSION["s_username"] = $row['username'];echo "You are now logged in. <a href='admin.php'>Click here to continue.</a>";}}?><form action="login.php">Username: <input type="text" name="username"><br>Password: <input type="password" name="password"><br><input type="submit" value="login"></form>

skym · August 28, 2006

Changeif ($POST['username']) {toif ($_POST['username']) {

redwall_hp · August 29, 2006

Cant believe I missed that, but it still isn't working.

skym · August 29, 2006

Cant believe I missed that, but it still isn't working.

I didn't see it yesterday, put method="post" in the <form>, and also changeif ($badlogin = 0) {toif ($badlogin == 0) {

Millar · August 29, 2006

Forms default method is GET so you have to remember to set method to POST if you want to use the $_POST variable.Also [ if ($badlogin = 0) { ] Would automaticaly set $badlogin to 0 rather than see if the value is equal.

reportingsjr · August 29, 2006

I think thise is wrong:if ($data['password'] != $password) {I dont see an array called data.. and if you are trying to use $_GET or $_POST then this is wrong, you can use $_REQUEST for this but thats a bad idea considering people can use mysql injection with that.. also around everything going into mysql use mysql_real_escape_string like so:$query = mysql_query("SELECT username,password FROM portkey_table WHERE username = '{mysql_real_escape_string($username)}'")

skym · August 29, 2006

There is $data = mysql_fetch_array($query);

justsomeguy · August 29, 2006

$query = mysql_query("SELECT username,password FROM portkey_table WHERE username = '{mysql_real_escape_string($username)}'")

You can't put a function name in brackets like that, only string replacement. It would have to be like this:$query = mysql_query("SELECT username,password FROM portkey_table WHERE username = '" . mysql_real_escape_string($username) . "'");

redwall_hp · August 29, 2006

Everything is working now. You can test it if you want at http://www.siteofrequirement.com/myportkey/login.php. Use test as username and test as password. The code is as follows, thanks for the help.

<?php//access config$dbhost = 'db1.awardspace.com';$dbusername = '<CENSORED FOR SECURITY>';$dbuserpass = '<CENSORED FOR SECURITY>';$dbname = 'redwall_hp_db';$badlogin = 0;Session_start();//connectmysql_connect($dbhost, $dbusername, $dbuserpass);mysql_select_db($dbname) or die("Error. Cannot conect to database. Please inform the webmaster via email");if ($_POST['username']) {//password and username supplied?$username = $_POST['username'];$password = $_POST['password'];$query = mysql_query("SELECT username,password FROM portkey_table WHERE username = '$username'") or die (mysql_error());$data = mysql_fetch_array($query);if ($data['password'] != $password) {echo "Wrong password.";$badlogin = 1;}if ($data['username'] != $username) {echo "Wrong username";$badlogin = 1;}if ($badlogin == 0) {$query = mysql_query ("SELECT username,password FROM portkey_table WHERE username = '$username'") or die (mysql_error());$row = mysql_fetch_array ($query);$_SESSION["s_username"] = $row['username'];echo "You are now logged in. <a href='admin.php'>Click here to continue.</a>";}}?><form action="login.php" method="post">Username: <input type="text" name="username"><br>Password: <input type="password" name="password"><br><input type="submit" value="login"></form>

Sign In

LOgin Script problem

Recommended Posts

redwall_hp

Link to comment

Share on other sites

skym

Link to comment

Share on other sites

redwall_hp

Link to comment

Share on other sites

skym

Link to comment

Share on other sites

Millar

Link to comment

Share on other sites

reportingsjr

Link to comment

Share on other sites

skym

Link to comment

Share on other sites

justsomeguy

Link to comment

Share on other sites

redwall_hp

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Browse

Activity