auth module.

sri2002

I am having a problem with this script using the code from www.devarticles.com/printpage.php?articleId=163.
my page is in the server www.enddebtmiser.com/sri/mirs_login.php
Thoughts/ideas?
Thanks
Sri

sri2002

Sorry the URL is http://www.enddebtmisery.com/sri/mirs_login.php
Thanks
Sri

phynias

devarticles has a forum specific for the articles there. you should ask there. or if yourgonna ask here, u may want to give some code or an error, more people would help then

sri2002

I posted in the devarticles.com forum. But it is not active like this forum. Here is the code:
<?PHP

$db = mysql_connect('localhost', 'enddebtm_sri', '') or die("Couldn't connect to the database.");
mysql_select_db('enddebtm_Mirssurvey') or die("Couldn't select the database");

// Add slashes to the username, and make a md5 checksum of the password.
$POST['user'] = addslashes($POST['user']);
$POST['pass'] = md5($POST['pass']);

$result = mysql_query("SELECT count(id) FROM users WHERE password='$POST[pass]' AND username='$POST[user]'") or die("Couldn't query the user-database.");
$num = mysql_result($result, 0);

if (!$num) {

// When the query didn't return anything,
// display the login form.

echo "<h3>User Login</h3>
<form action='$_SERVER[PHP_SELF]' method='post'>
Username: <input type='text' name='user'><br>
Password: <input type='password' name='pass'><br><br>
<input type='submit' value='Login'>
</form>";

} else {

// Start the login session
session_start();

// We've already added slashes and MD5'd the password
$SESSION['user'] = $POST['user'];
$SESSION['pass'] = $POST['pass'];

// All output text below this line will be displayed
// to the users that are authenticated. Since no text
// has been output yet, you could also use redirect
// the user to the next page using the header() function.
// header('Location: page2.php');

echo "<h1>Congratulations</h1>";
echo "You're now logged in. Try visiting <a href='Page2.php'>Page 2</a>.";

}

?>
page2.php is :
<?PHP

// Start the login session
session_start();

if (!$SESSION['user'] || !$SESSION['pass']) {

// What to do if the user hasn't logged in
// We'll just redirect them to the login page.
header('Location: mirs_login.php');
die();

} else {

// If the session variables exist, check to see
// if the user has access.

$db = mysql_connect('localhost', 'enddebtm_sri', '') or die("Couldn't connect to the database.");
mysql_select_db('enddebtm_Mirssurvey') or die("Couldn't select the database");

$result = mysql_query("SELECT count(id) FROM users WHERE password='$SESSION[pass]' AND username='$SESSION[user]'") or die("Couldn't query the user-database.");
$num = mysql_result($result, 0);

if (!$num) {
// If the credentials didn't match,
// redirect the user to the login screen.
header('Location: mirs_login.php');
die();
}
}

// All output text below this line will be displayed
// to the users that are authenticated.

echo "<h1>Access Granted</h1>";
echo "You see? It travelled over these two pages.<br><br>";
echo "You are authenticated as " . $SESSION['user'] . "<br>";
echo "The MD5 checksum of your password is " . $SESSION['pass'];

?>
The error is Couldn't query the user-database. I checked the DB and I see a table user.
Thoughts/ideas?
Thanks
Sri