PDA

View Full Version : php login?

Josué Alba
08-12-2005, 11:15 AM
Hi i have this code in php and I'm getting a selection of the data base error but I'm sure the database is there ans is well seted up.

Here is my code.
Some one could chek if there is something wrong with it?


<?php session_start(); echo'<html>';

//gets variables
$username=$_POST['username'];
$password=$_POST['password'];

// connect to database with username: database_user and password: password
$db = mysql_pconnect('localhost', 'database_name', 'password');

// error if cannot connect
if(!$db){echo 'Error: could not connect to the database'; exit;}


// select database named database_name
$db = mysql_select_db ("database_name");

// error if cannot select
if(!$db){echo '<b>Error: </b>could not select database'; exit;}

// query database and find a user that matches with the same username and password
$authenticate = mysql_query("select * from users where name='$username' and pass='$password'");

// error if cannot query
if(!$authenticate){echo '<b>Error: </b>could not query database'; exit;}

// mysql_num_rows($authenticate) is the number of rows that matched. therefore...


//if there were no matches or more than one match, do not authenticate

if(mysql_num_rows($authenticate)!=1){echo'<b>Error : </b>Invalid username or password';
session_destroy(); exit;}

//if one match was found, authenticate

if(mysql_num_rows($authenticate)==1){echo'<b>Congr adulations!</b> You have logged in successfuly as '.$username.'<br>';

$_SESSION['username']=$username;
$_SESSION['password']=$password;

echo'Display logged in info here</html>';
}
?>
TJ_Tigger
08-12-2005, 11:59 AM
I don't know much about PHP and how it translates variables but I was wondering about your query line. It looks like you are quering for the string $username. Do you have to concatenate the variable to the string

$authenticate = mysql_query("select * from users where name='".$username."' and pass='".$password."'");

I think a single period [ . ]is the concatenation character for PHP

Tigg
yss
08-13-2005, 09:40 AM
Please tell me if you got it solved, I have this code ready somewhere.
If you cannot solve it let me know and i'll post it here

Yoram
Josué Alba
08-13-2005, 10:53 AM
No i haven't been able to solve this, in fact I'm thinking on installing some php suite.
But I would be reall nice if i could get yours.
ianhull
08-20-2005, 12:56 PM
I was working on this all day yesterday and now it works fine. maybe you could modify it.

<?php
include ("connect.php");
$sql = "SELECT companyname, firstname, lastname, email, password, ulevel, username FROM users WHERE username='$_REQUEST[usrname]' AND password='$_REQUEST[pwd]' ORDER BY companyname";

$r = mysql_query($sql);
if(!$r) {
$err=mysql_error();
print $err;
exit();
}
if(mysql_affected_rows()==0){
print include_once("failedlogin.php");
exit();
}
else{

}
echo "\n";

while ($line = mysql_fetch_array($r))
{
extract($line);
}
echo "\n";
$usrlevel = "$ulevel";
$adminlevel = "Yes";
{
if ($usrlevel == $adminlevel){
echo include("admincontent.php");
} else {
echo include("usercontent.php");
}
}
?>
ianhull
08-20-2005, 02:33 PM
<?php session_start(); echo'<html>';

//gets variables
$username=$_POST['username'];
$password=$_POST['password'];

// connect to database with username: database_user and password: password
$db = mysql_pconnect('localhost', 'database_name', 'password');

// error if cannot connect
if(!$db){echo 'Error: could not connect to the database'; exit;}


// select database named database_name
$db = mysql_select_db ("database_name");

// error if cannot select
if(!$db){echo '<b>Error: </b>could not select database'; exit;}

// query database and find a user that matches with the same username and password
$authenticate = mysql_query("select (USE TABLE NAMES HERE NOT *) from users where name='$_POST['username']' and pass='$_POST['password']'");

// error if cannot query
if(!$authenticate){echo '<b>Error: </b>could not query database'; exit;}

// mysql_num_rows($authenticate) is the number of rows that matched. therefore...


//if there were no matches or more than one match, do not authenticate

if(mysql_num_rows($authenticate)!=1){echo'<b>Error : </b>Invalid username or password';
session_destroy(); exit;}

//if one match was found, authenticate

if(mysql_num_rows($authenticate)==1){echo'<b>Congratulations!</b> You have logged in successfuly as '$_POST['username']'<br>';

$_SESSION['username']=$username;
$_SESSION['password']=$password;

echo'Display logged in info here</html>';
}
?>
ianhull
08-20-2005, 02:39 PM
Just noticed on line 8 you have

$db = mysql_pconnect('localhost', 'database_name', 'password');

Should this not be

$db = mysql_connect('localhost', 'database_name', 'password');

?
Corey
08-22-2005, 11:00 PM
Well from what I can see it should be at the very least:

$db = mysql_connect('localhost', 'database_name', $password);

Possibly:

$db = mysql_connect('localhost', $database_name, $password);

Depending upon which values are meant to be literal or variable. In PHP variables are prefaced with a dollar sign "$" so the variable retrieved with this line:

$password=$_POST['password'];

Must be referenced as $password (no quotes) as opposed to "password". :yes