1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP login

Discussion in 'PHP' started by W3C, Dec 20, 2006.

  1. W3C

    W3C New Member

    Joined:
    Nov 24, 2006
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    0
    I am making a login system and its not going so well. The reason why is because the old one I had can log in with any password that was on the DB. So I tried to make my own and it doesn't except the username or password. It gives me the error I wrote "That is the wrong usernameThat is the wrong password". And it won't go past the 43rd line. There is a comment that says line 43 on it.

    Code:
    PHP:
    <?php
    session_start
    ();
    oB_start();
    // allows you to use cookies.
    include("config.php");
    //include("check.php");
    if (!$logged[username])
    {
    if (!
    $_REQUEST[login])
    {
    echo(
    "
    <center><form method=\"REQUEST\">
    <table>
    <tr>
    <td align=\"right\">
    Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
    </td>
    </tr>
    <tr>
    <td align=\"right\">
    Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
    </td></tr><tr>
    <td align=\"center\">
    <input type=\"submit\" name=\"login\" value=\"Login\">
    </td></tr><tr>
    <td align=\"center\">
    <a href=\"register.php\">Register Here</a>
    </td></tr></table></form></center>"
    );
    }
    if(
    $_REQUEST['login']) {
    $username htmlspecialchars($_REQUEST['username']);
    $password htmlspecialchars($_REQUEST['password']);
    //$password = $password;
    $sql mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
    if(
    mysql_num_rows($sql)>0) {
    $_SESSION['auth'] = true;
    }
    if(
    $sql[username] != $username) {
    echo 
    "That is the wrong username";

    if(
    $sql[password] != $password) {
    echo 
    "That is the wrong password";
    }
    }
    //>>>>>>>>>This is line 43!!!!!!!!!!!!<<<<<<<<<<
    else{
    $query mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
    $user = @mysql_fetch_array($query);

    setcookie("id"$user[id],time()+(60*60*24*5), "/""");
    setcookie("pass"$user[password],time()+(60*60*24*5), "/""");
    echo (
    "<meta http-equiv=\"Refresh\" content=\"0; URL=http://localhost/KS%20Prac%20Sites/KRAZY_SPACE/login5.php>Thank You! You will be redirected");
    }

    // modify the above line...add in your site url instead of yoursite.com
    }
    }

    else
    {
    // we now display the user controls.
    echo ("<center>Welcome <b>$logged[username]</b><br /></center>
    - <a href=\"editprofile2.php\" target=mainFrame>Edit Profile</a><br />
    - <a href=\"members.php\" target=mainFrame>Member List</a><br />
    - <a href=\"uploadfiles.php\">Upload images to your profile</a><br />
    - <a href=\"logout.php\" target=mainFrame>Logout</a>"
    );
    }
    ?>
    Old code with the login with any password on DB.:
    PHP:
    <?php
    oB_start
    ();
    // allows you to use cookies.
    include("config.php");
    if (!
    $logged[username])
    {
    if (!
    $_POST[login])
    {
    echo(
    "
    <center><form method=\"POST\">
    <table>
    <tr>
    <td align=\"right\">
    Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
    </td>
    </tr>
    <tr>
    <td align=\"right\">
    Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
    </td></tr><tr>
    <td align=\"center\">
    <input type=\"submit\" name=\"login\" value=\"Login\">
    </td></tr><tr>
    <td align=\"center\">
    <a href=\"register.php\">Register Here</a>
    </td></tr></table></form></center>"
    );
    }
    if (
    $_POST[login]) {
    // the form has been submitted.  We continue...
    $username=$_POST['username'];
    $password=$_POST['password'];
    // the above lines set variables with the submitted information.  
    $info mysql_query("SELECT * FROM users WHERE 'password' = '$password' AND 'username' = '$username'") or die(mysql_error());
    $data mysql_fetch_array($info);
    if(
    $data[password] != $password ) {
    // the password was not the user's password!
    echo "Incorrect username or password!";
    }else{
    // the password was right!
    $query mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
    $user mysql_fetch_array($query);
    // gets the user's information
    setcookie("id"$user[id],time()+(60*60*24*5), "/""");
    setcookie("pass"$user[password],time()+(60*60*24*5), "/""");
    // the above lines set 2 cookies. 1 with the user's id and another with his/her password.  
    echo ("<meta http-equiv=\"Refresh\" content=\"0; URL=http://localhost/KS%20Prac%20Sites/KRAZY_SPACE/login.php>Thank You! You will be redirected");
    // modify the above line...add in your site url instead of yoursite.com
    }
    }
    }
    else
    {
    // we now display the user controls.
    echo ("<center>Welcome <b>$logged[username]</b><br /></center>
    - <a href=\"editprofile2.php\" target=mainFrame>Edit Profile</a><br />
    - <a href=\"members.php\" target=mainFrame>Member List</a><br />
    - <a href=\"uploadfiles.php\">Upload images to your profile</a><br />
    - <a href=\"logout.php\" target=mainFrame>Logout</a>"
    );
    }
    ?>
     
  2. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,646
    Likes Received:
    86
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    You have fetched the resultset into $sql, and then you are trying to match the username using this..
    PHP:
    if($sql[username] != $username) {
    echo 
    "That is the wrong username";
    but before doing that you'll have to fetch the rows using mysql_fetch_array()
     
  3. W3C

    W3C New Member

    Joined:
    Nov 24, 2006
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    0
    When I put the
    PHP:
    mysql_fetch_array($sql)
    into the code in between the if statement and what I assigned $sql as, it comes up as an error message that says:

    "Parse error: parse error, unexpected T_IF in C:\wamp\www\KS Prac Sites\KRAZY_SPACE\login5.php on line 36"
     
  4. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,646
    Likes Received:
    86
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    PHP:
     $sql mysql_fetch_array($sql);
     
    That's the correct syntax, please check the documentation for mysql_fetch_array here.
     

Share This Page