Go4Expert

Go4Expert (http://www.go4expert.com/)
-   PHP (http://www.go4expert.com/forums/php/)
-   -   PHP login (http://www.go4expert.com/forums/php-login-t2307/)

W3C 21Dec2006 03:32

PHP login
 
I am making a login system and its not going so well. The reason why is because the old one I had can log in with any password that was on the DB. So I tried to make my own and it doesn't except the username or password. It gives me the error I wrote "That is the wrong usernameThat is the wrong password". And it won't go past the 43rd line. There is a comment that says line 43 on it.

Code:
PHP Code:

<?php
session_start
();
oB_start();
// allows you to use cookies.
include("config.php");
//include("check.php");
if (!$logged[username])
{
if (!
$_REQUEST[login])
{
echo(
"
<center><form method=\"REQUEST\">
<table>
<tr>
<td align=\"right\">
Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
</td>
</tr>
<tr>
<td align=\"right\">
Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
</td></tr><tr>
<td align=\"center\">
<input type=\"submit\" name=\"login\" value=\"Login\">
</td></tr><tr>
<td align=\"center\">
<a href=\"register.php\">Register Here</a>
</td></tr></table></form></center>"
);
}
if(
$_REQUEST['login']) {
$username htmlspecialchars($_REQUEST['username']);
$password htmlspecialchars($_REQUEST['password']);
//$password = $password;
$sql mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
if(
mysql_num_rows($sql)>0) {
$_SESSION['auth'] = true;
}
if(
$sql[username] != $username) {
echo 
"That is the wrong username";

if(
$sql[password] != $password) {
echo 
"That is the wrong password";
}
}
//>>>>>>>>>This is line 43!!!!!!!!!!!!<<<<<<<<<<
else{
$query mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$user = @mysql_fetch_array($query);

setcookie("id"$user[id],time()+(60*60*24*5), "/""");
setcookie("pass"$user[password],time()+(60*60*24*5), "/""");
echo (
"<meta http-equiv=\"Refresh\" content=\"0; URL=http://localhost/KS%20Prac%20Sites/KRAZY_SPACE/login5.php>Thank You! You will be redirected");
}

// modify the above line...add in your site url instead of yoursite.com
}
}

else
{
// we now display the user controls.
echo ("<center>Welcome <b>$logged[username]</b><br /></center>
- <a href=\"editprofile2.php\" target=mainFrame>Edit Profile</a><br />
- <a href=\"members.php\" target=mainFrame>Member List</a><br />
- <a href=\"uploadfiles.php\">Upload images to your profile</a><br />
- <a href=\"logout.php\" target=mainFrame>Logout</a>"
);
}
?>

Old code with the login with any password on DB.:
PHP Code:

<?php
oB_start
();
// allows you to use cookies.
include("config.php");
if (!
$logged[username])
{
if (!
$_POST[login])
{
echo(
"
<center><form method=\"POST\">
<table>
<tr>
<td align=\"right\">
Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
</td>
</tr>
<tr>
<td align=\"right\">
Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
</td></tr><tr>
<td align=\"center\">
<input type=\"submit\" name=\"login\" value=\"Login\">
</td></tr><tr>
<td align=\"center\">
<a href=\"register.php\">Register Here</a>
</td></tr></table></form></center>"
);
}
if (
$_POST[login]) {
// the form has been submitted.  We continue...
$username=$_POST['username'];
$password=$_POST['password'];
// the above lines set variables with the submitted information.  
$info mysql_query("SELECT * FROM users WHERE 'password' = '$password' AND 'username' = '$username'") or die(mysql_error());
$data mysql_fetch_array($info);
if(
$data[password] != $password ) {
// the password was not the user's password!
echo "Incorrect username or password!";
}else{
// the password was right!
$query mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$user mysql_fetch_array($query);
// gets the user's information
setcookie("id"$user[id],time()+(60*60*24*5), "/""");
setcookie("pass"$user[password],time()+(60*60*24*5), "/""");
// the above lines set 2 cookies. 1 with the user's id and another with his/her password.  
echo ("<meta http-equiv=\"Refresh\" content=\"0; URL=http://localhost/KS%20Prac%20Sites/KRAZY_SPACE/login.php>Thank You! You will be redirected");
// modify the above line...add in your site url instead of yoursite.com
}
}
}
else
{
// we now display the user controls.
echo ("<center>Welcome <b>$logged[username]</b><br /></center>
- <a href=\"editprofile2.php\" target=mainFrame>Edit Profile</a><br />
- <a href=\"members.php\" target=mainFrame>Member List</a><br />
- <a href=\"uploadfiles.php\">Upload images to your profile</a><br />
- <a href=\"logout.php\" target=mainFrame>Logout</a>"
);
}
?>


pradeep 21Dec2006 11:06

Re: PHP login
 
You have fetched the resultset into $sql, and then you are trying to match the username using this..
Code: PHP

if($sql[username] != $username) {
echo "That is the wrong username";


but before doing that you'll have to fetch the rows using mysql_fetch_array()

W3C 22Dec2006 05:56

Re: PHP login
 
When I put the
PHP Code:

mysql_fetch_array($sql

into the code in between the if statement and what I assigned $sql as, it comes up as an error message that says:

"Parse error: parse error, unexpected T_IF in C:\wamp\www\KS Prac Sites\KRAZY_SPACE\login5.php on line 36"

pradeep 22Dec2006 10:44

Re: PHP login
 
Code: PHP

$sql = mysql_fetch_array($sql);

That's the correct syntax, please check the documentation for mysql_fetch_array here.


All times are GMT +5.5. The time now is 06:32.