Mysql login question

ofSHIZ

I have a question.. My code that I have doesnt really work so.. anyways.. I have MYSQL, PHP, and a APACHE Server. I have a login box for people to login. Whats the script to make it check if your username is stored in MySQL.. if you want to see me code it's this..

<?
session_start();
session_register("log");
$log = "";
?>
<html>
<head>
<title></title>
</head>
<body>
<?
$conn = mysql_connect("localhost", "xxxxxxxx", "xxxxxxxxxxx") or die ("Could not connect to database!");
$db = mysql_select_db("xxxxxxxxxxxxx") or die ("Could not select database");
if (isset($signin)){
$log = $username;
$query = "select * from table where username='$username' and password=(password('$password'))";
$result = mysql_query($query) or die (mysql_error());
$isAuth = false;
while($row = mysql_fetch_array($result))
{
if($row['username'] == $username)
{
$isAuth = true;
}
}
if($isAuth)
{
?>
<br><br>
You are logged In!!
<?
}
else
{
?>            <br>
<h2><font color="red">Invalid username or password</font></h2>
<form name="login" action="login.php" method="post"><br>
Username: <input name="username" type="text"><BR>
Password: <input name="password" type="password"><BR>
<input type="submit" name="signin" value="Sign In">
<?
}
}
else
{
?>
<form name="login" action="login.php" method="post"><br>
<b>Login Area for Intranet</b><br><br>
Username: <input name="username" type="text"><BR>
Password: <input name="password" type="password"><BR>
<input type="submit" name="signin" value="Sign In"><br>
<?
}
?>
</form>
</body>
</html>

Whenever I uses this it doesn't validate it or anything.
Also.. for my code to register..

<html>
<head>
<title></title>
<body>
<?
$conn = mysql_connect("localhost", "xxxxxxxxx", "xxxxxxxxxxxx") or die ("Could not connect to database!");
$db = mysql_select_db("xxxxxxxxxxxxxxx") or die ("Could not select database");

if (isset ($create))
{
$queryc = "select * from table where username = '$username';";
$resultc = mysql_query($queryc) or die ("Can not select user database");
$alfonse = false;
while ($rowc = mysql_fetch_array($resultc))
{
if ($uname == $rowc['uname'])
{
$alfonse = true;
}
else
{
}
}
if ($alfonse)
{
echo "<h3>Username already in use.<br>Please select another name.</h3>";
?>
<form name="create" method="POST" action="create.php">
Username <input type="text" name="username"><br>
Password <input type="password" name="password"><br>
<input type="submit" name="create" value="Create Account">
</form>
<?
}
else
{
$query = "insert into table (username,  password) values ('$username', password('$password'));";
$result = mysql_query($query) or die ("Could not add to user");
}
}
else
{
?>
<form name="create" method="POST" action="create.php">
Username <input type="text" name="username"><br>
Password <input type="password" name="password"><br>
<input type="submit" name="create" value="Create Account">
</form>
<?
}
?>
</body>
</html>

When I uses this code.. I type in the the username and password.. and then it doesn't add it to MySQL.. it just goes to the next page... create.php.. why???
My Site

rheroux

Well, for starters you're not using the correct MySQL syntax for inserting records.

This part here:

if (isset ($create))
{
$queryc = "select * from table where username = '$username';";
$resultc = mysql_query($queryc) or die ("Can not select user database");

Should be changed to something like this if I'm understanding the flow of your code correctly:

if (isset ($create))
{
$queryc = "INSERT INTO table (username, password) VALUES ('".$_POST['username']."', '".$_POST['password']."'";
$resultc = mysql_query($queryc) or die ("Can not select user database");

However, I recommend reading this tutorial on devarticles.com. It doesn't cover user registration, but it should give you a better handle on how to register session variables correctly.

cgraz

there are a few diff ways to check if a user is logged in. Here's one

$query = mysql_query("SELECT * FROM your_table WHERE username='" . $_POST['username'] . "' AND password=password('" . $_POST['password'] . "')") or die(mysql_error());

if(mysql_num_rows($query) == '0') {
   // the user's info doesn't exist in table. NOT LOGGED IN
} else {
   // user's info found. IS LOGGED IN
}

Cgraz

ofSHIZ

Well i'm still hving the same problem.. Clcik here, and try to make an account
This is a picture of what my winmysqladmin thingy looks like
Maybe it's wrong?
MySQL Pic
My Code is

<html>
<head>
<title>Test mother fucker</title>
<body>
<?
$conn = mysql_connect("localhost", "myuser", "pass") or die ("Could not connect to database!");
$db = mysql_select_db("mydb") or die ("Could not select database");

if (isset ($create))
{
$queryc = "INSERT INTO table (username, password) VALUES ('".$_POST['username']."', '".$_POST['password']."'";
$resultc = mysql_query($queryc) or die ("Can not select user database");
$alfonse = false;
while ($rowc = mysql_fetch_array($resultc))
{
if ($uname == $rowc['uname'])
{
$alfonse = true;
}
else
{
}
}
if ($alfonse)
{
echo "<h3>Username already in use.<br>Please select another name.</h3>";
?>
<form name="create" method="POST" action="create.php">
Username <input type="text" name="username"><br>
Password <input type="password" name="password"><br>
<input type="submit" name="create" value="Create Account">
</form>
<?
}
else
{
$query = "insert into table (username,  password) values ('$username', password('$password'));";
$result = mysql_query($query) or die ("Could not add to user");
}
}
else
{
?>
<form name="create" method="POST" action="create.php">
Username <input type="text" name="username"><br>
Password <input type="password" name="password"><br>
<input type="submit" name="create" value="Create Account">
</form>
<?
}
?>
</body>
</html>

ofSHIZ

Anyone?

ofSHIZ

????????

cgraz

change these parts of your code to the following:

$query = "insert into table (username,  password) values ('$username', password('$password'))"; // you had 2 semi-colons here
print $query . "<br>"; // print query
$result = mysql_query($query) or die ("Could not add to user");


$queryc = "INSERT INTO table (username, password) VALUES ('".$_POST['username']."', '".$_POST['password']."'";
print $queryc . "<br>"; // print query
$resultc = mysql_query($queryc) or die ("Can not select user database");

What do those print?

Cgraz

ofSHIZ

it still doesn't work..
The database name is mydb..
The table is mydb.. and then the mydb thing has a - arrow behing it.. and a ling going down which is named.. auth_table..
Please Refer Here to the Picture of my Database, If it's to small, save it and use magnifing lens on it?
Thanks for all you guys's help!!😉

cgraz

Posted by Cgraz
What do those print?

My code would have told you what the problem is. That's what mysql_error() does.

If your table name is auth_table, then why are you using INSERT INTO table

should be INSERT INTO auth_table (rest of code here)

Cgraz

ofSHIZ

omg.. i'm a dumbass
let's try it out!

ofSHIZ

is there any code i should put on the Create.php page??

cgraz

i thought the code you posted was for create.php Not sure what you're asking here.

Cgraz