problems with Login page (PHP, mySQL}

D

digitalimages

New Member
Messages
47
Reaction score
0
Points
0
I have created a log in page and I have created a data base called "tiwebs_members" with a table called "members". I have added a test username and password to the table.
The login form code is:

Code: 
<form name='login' method='POST' action='checklogin.php' accept-charset='UTF-8'>
            <input type='hidden' name='sfm_form_submitted' value='yes'>
            
            <table cellspacing='0' cellpadding='5' border='0' bgcolor='#c1d0d7'>
               <tr>
                  <td>
                     <table cellspacing='2' cellpadding='2' border='0'>
                        <tr>
                           <td colspan='2' align='center' class='form_heading'>
Client Login
                           </td>
                        </tr>
                        <tr>
                           <td align='right' class='normal_field'>
Username:
                           </td>
                           <td class='element_label'>
                              <input type='text' name='Name' size='30'>
                           </td>
                        </tr>
                        <tr>
                           <td align='right' class='normal_field'>
Password:
                           </td>
                           <td class='element_label'>
                              <input type='password' name='Password' size='30'>
                           </td>
                        </tr>
                        <tr>
                           <td colspan='2' align='center'>
                              <div id='login_Submit_errorloc' class='error_strings'>
                              </div>
                              <input type='submit' name='Submit' value='Login'>
                           </td>
                        </tr>
                     </table>
                  </td>
               </tr>
            </table>
         </form>



The checklogin. php is below.
Code: 
<?php
ob_start();
 $host="localhost"; // Host name
$username="removed_for _security"; // Mysql username 
$password="removed_for _security"; // Mysql password 
$db_name="tiwebs_members"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>

I have remove the actual password and username for myphpadmin for security.
When I try to login with the test user name and password I get an error message saying: "Wrong Username or Password " I assume that the code is working correctly but somehow not finding the data base. Using PHP 5.2
Any obvious problems? Suggestions? :dunno:
Thanks for any help.
 
Last edited:
gomarc

gomarc

Member
Messages
516
Reaction score
18
Points
18
If the credentials you used to connect were your cPanel username/password, then it will not work.

If this is the case, go to CPanel > MySQL Databases and use the “Add New User” give the proper permissions and then do the “Add User To Database” step and use these new username and password to connect.

-- Edit --
I also noticed that your html does not post 'myusername' but ‘Name’.

Code: 
(html)
<input type='text' name='[COLOR="Red"][B]Name[/B][/COLOR]' size='30'>

(php)
$myusername=$_POST['[COLOR="Red"][B]myusername[/B][/COLOR]'];

Give them the same name. Same thing for ‘password’.
 
Last edited:
D

digitalimages

New Member
Messages
47
Reaction score
0
Points
0
Thanks gomark.....
the username and password were created in myPHPadmin and no way resemble my cpanel log in.
I changed the form from "name" to "myusername" and that didn't make any difference.
Thanks anyway....

I noticed that I posted this in the wrong section...should have been in "
Programming Help "
 
Last edited:
gomarc

gomarc

Member
Messages
516
Reaction score
18
Points
18
Code: 
(php)
$sql="SELECT * FROM [COLOR=Red][B]'[/B][/COLOR]$tbl_name[COLOR=Red][B]'[/B][/COLOR] WHERE ...
Edit:
Please note:

Use of session_register() is deprecated
$barney = "A big purple dinosaur.";
session_register("barney");

// Use of $_SESSION is preferred, as of PHP 4.1.0
$_SESSION["zim"] = "An invader from another planet.";
Click to expand...

Source: http://us2.php.net/manual/en/function.session-register.php
 
Last edited:
D

digitalimages

New Member
Messages
47
Reaction score
0
Points
0
thanks again gomarc ...(sorry for wrong spelling above):redface:
I did change both calls in the login form.
I have changed a few things but am still getting erros around the "session" functions.
I have changed the code to the following but still think that there is a syntax error in the "SESSION" area.

Code: 
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "private.php"
$_SESSION["myusername"];
$_SESSION["mypassword"];
header("private.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>
I guess that things have changed from earlier php to 5
thanks again
 
gomarc

gomarc

Member
Messages
516
Reaction score
18
Points
18
You are still missing the apostrophes surrounding $tbl_name:

gomarc said:
Code: 
(php)
$sql="SELECT * FROM [SIZE=3][COLOR=Red][B]'[/B][/COLOR][/SIZE]$tbl_name[SIZE=3][COLOR=Red][B]'[/B][/COLOR][/SIZE] WHERE ...
Click to expand...
 
gomarc

gomarc

Member
Messages
516
Reaction score
18
Points
18
Code: 
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
This query seems to be correct. No single quotes wrapping $tbl_name, and singles quotes wrapping '$myusername' and '$mypassword'

However, please check the spelling of your field names username and password in your table ‘members’. They must be exactly username and password (remember that php is case sensitive)

Then, add ‘location: ’ to your header:
Code: 
header("[B]location:[/B] private.php");
 
You must log in or register to reply here.
Top