1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

PHP login

Discussion in 'PHP' started by W3C, Dec 20, 2006.

  1. W3C

    W3C New Member

    I am making a login system and its not going so well. The reason why is because the old one I had can log in with any password that was on the DB. So I tried to make my own and it doesn't except the username or password. It gives me the error I wrote "That is the wrong usernameThat is the wrong password". And it won't go past the 43rd line. There is a comment that says line 43 on it.

    Code:
    PHP:
    <?php
    session_start
    ();
    oB_start();
    // allows you to use cookies.
    include("config.php");
    //include("check.php");
    if (!$logged[username])
    {
    if (!
    $_REQUEST[login])
    {
    echo(
    "
    <center><form method=\"REQUEST\">
    <table>
    <tr>
    <td align=\"right\">
    Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
    </td>
    </tr>
    <tr>
    <td align=\"right\">
    Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
    </td></tr><tr>
    <td align=\"center\">
    <input type=\"submit\" name=\"login\" value=\"Login\">
    </td></tr><tr>
    <td align=\"center\">
    <a href=\"register.php\">Register Here</a>
    </td></tr></table></form></center>"
    );
    }
    if(
    $_REQUEST['login']) {
    $username htmlspecialchars($_REQUEST['username']);
    $password htmlspecialchars($_REQUEST['password']);
    //$password = $password;
    $sql mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
    if(
    mysql_num_rows($sql)>0) {
    $_SESSION['auth'] = true;
    }
    if(
    $sql[username] != $username) {
    echo 
    "That is the wrong username";

    if(
    $sql[password] != $password) {
    echo 
    "That is the wrong password";
    }
    }
    //>>>>>>>>>This is line 43!!!!!!!!!!!!<<<<<<<<<<
    else{
    $query mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
    $user = @mysql_fetch_array($query);

    setcookie("id"$user[id],time()+(60*60*24*5), "/""");
    setcookie("pass"$user[password],time()+(60*60*24*5), "/""");
    echo (
    "<meta http-equiv=\"Refresh\" content=\"0; URL=http://localhost/KS%20Prac%20Sites/KRAZY_SPACE/login5.php>Thank You! You will be redirected");
    }

    // modify the above line...add in your site url instead of yoursite.com
    }
    }

    else
    {
    // we now display the user controls.
    echo ("<center>Welcome <b>$logged[username]</b><br /></center>
    - <a href=\"editprofile2.php\" target=mainFrame>Edit Profile</a><br />
    - <a href=\"members.php\" target=mainFrame>Member List</a><br />
    - <a href=\"uploadfiles.php\">Upload images to your profile</a><br />
    - <a href=\"logout.php\" target=mainFrame>Logout</a>"
    );
    }
    ?>
    Old code with the login with any password on DB.:
    PHP:
    <?php
    oB_start
    ();
    // allows you to use cookies.
    include("config.php");
    if (!
    $logged[username])
    {
    if (!
    $_POST[login])
    {
    echo(
    "
    <center><form method=\"POST\">
    <table>
    <tr>
    <td align=\"right\">
    Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
    </td>
    </tr>
    <tr>
    <td align=\"right\">
    Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
    </td></tr><tr>
    <td align=\"center\">
    <input type=\"submit\" name=\"login\" value=\"Login\">
    </td></tr><tr>
    <td align=\"center\">
    <a href=\"register.php\">Register Here</a>
    </td></tr></table></form></center>"
    );
    }
    if (
    $_POST[login]) {
    // the form has been submitted.  We continue...
    $username=$_POST['username'];
    $password=$_POST['password'];
    // the above lines set variables with the submitted information.  
    $info mysql_query("SELECT * FROM users WHERE 'password' = '$password' AND 'username' = '$username'") or die(mysql_error());
    $data mysql_fetch_array($info);
    if(
    $data[password] != $password ) {
    // the password was not the user's password!
    echo "Incorrect username or password!";
    }else{
    // the password was right!
    $query mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
    $user mysql_fetch_array($query);
    // gets the user's information
    setcookie("id"$user[id],time()+(60*60*24*5), "/""");
    setcookie("pass"$user[password],time()+(60*60*24*5), "/""");
    // the above lines set 2 cookies. 1 with the user's id and another with his/her password.  
    echo ("<meta http-equiv=\"Refresh\" content=\"0; URL=http://localhost/KS%20Prac%20Sites/KRAZY_SPACE/login.php>Thank You! You will be redirected");
    // modify the above line...add in your site url instead of yoursite.com
    }
    }
    }
    else
    {
    // we now display the user controls.
    echo ("<center>Welcome <b>$logged[username]</b><br /></center>
    - <a href=\"editprofile2.php\" target=mainFrame>Edit Profile</a><br />
    - <a href=\"members.php\" target=mainFrame>Member List</a><br />
    - <a href=\"uploadfiles.php\">Upload images to your profile</a><br />
    - <a href=\"logout.php\" target=mainFrame>Logout</a>"
    );
    }
    ?>
     
  2. pradeep

    pradeep Team Leader

    You have fetched the resultset into $sql, and then you are trying to match the username using this..
    PHP:
    if($sql[username] != $username) {
    echo 
    "That is the wrong username";
    but before doing that you'll have to fetch the rows using mysql_fetch_array()
     
  3. W3C

    W3C New Member

    When I put the
    PHP:
    mysql_fetch_array($sql)
    into the code in between the if statement and what I assigned $sql as, it comes up as an error message that says:

    "Parse error: parse error, unexpected T_IF in C:\wamp\www\KS Prac Sites\KRAZY_SPACE\login5.php on line 36"
     
  4. pradeep

    pradeep Team Leader

    PHP:
     $sql mysql_fetch_array($sql);
     
    That's the correct syntax, please check the documentation for mysql_fetch_array here.
     

Share This Page