Hey , ive been trying to get a simple authentication script to work that checks a SQL database and allows users in based on that but at present i am getting the message :
Error in query: SELECT userid from usertable WHERE (username = '') AND (password = ''). No Database Selected
But i have selected the database and all the values seem right. $formsal and $formpass come in from an html form , $dbuser,$dbname,$dbpwd,$dbadd are all held in a separate database file and included.
<?
include 'dbcnf.php';
// authenticate using form variables
$status = authenticate($formuser, $formpass);
// if user/pass combination is correct
if ($status == 1)
{
// initiate a session
session_start();
// register some session variables
session_register("SESSION");
// including the username
session_register("SESSION_UNAME");
$SESSION_UNAME = $user;
// redirect to protected page
header("Location: /secret.php");
exit();
}
else
// user/pass check failed
{
// redirect to error page
header("Location: /error.php?e=$status");
exit();
}
// authenticate username/password against a database
// returns: 0 if username and password is incorrect
// 1 if username and password are correct
function authenticate($user, $pass)
{
// check login and password
// connect and execute query
$db = mysql_connect($dbadd,$dbusr,$dbpwd) or die("Could not connect... ");
mysql_select_db($dbname,$db);
$query = "SELECT userid from usertable WHERE (username = '$user') AND (password = '$pass')";
$result = mysql_query($query, $db) or die ("Error in query: $query. " . mysql_error());
// if row exists -> user/pass combination is correct
if (mysql_num_rows($result) == 1)
{
return 1;
}
// user/pass combination is wrong
else
{
return 0;
}
}
?>
