$sql = "SELECT * FROM $table_name WHERE name='UN' AND pass='PWD'";
$result = @($sql, $connection) or die("Your username and/or password are incorrect FOO!");
if(mysql_num_rows($result) == 0)
{
print "Login Failed!!!!";
}
else
{
print "Here's the blog foo!";
}
reg
kevin
For some reason, with that code my login is always failing. I've gone back to the database and rechecked the name and password-but it still says the login failed. Any ideas why this is?
how about I just show the whole code:
<html>
<head>
<title>Nathan's Blog</title>
</head>
<body>
<?
if (!($p))
{
$p=1;
}
switch ($p)
{
case 1:
/* Here's the Login Form */
?>
<FORM action="admin.php?p=2" method="POST" name="LoginForm">
<input TYPE="Hidden" NAME="UN_required" VALUE="You fool! You need a username.">
<input TYPE="Hidden" NAME="PWD_required" VALUE="For cryin' out loud...enter a password.">
<b>Username:</b>
<input type="text" name="UN"><br>
<b>Password:</b>
<input type="password" name="PWD">
<p align=center>
<input class=btn type="Submit" name="Submit" value="Admin Login">
<input class=btn type="RESET">
</p>
</FORM>
<?
break;
case 2:
/* Here's where the Username and Password are validated */
require("dbshell.php"); // Contains the db info
$test=0;
$table_name = "tblLogin";
$connection = @mysql_connect($db_host, $db_user, $db_pass) or die("Couldn't connect.");
$db = @mysql_select_db($db_name, $connection) or die("Couldn't select database.");
$sql = "SELECT * FROM $table_name WHERE name='UN' AND pass='PWD'";
/* $result = @mysql_query($sql, $connection) or die("Your username and/or password are incorrect FOO!"); */
$records = mySQL_query($sql);
$count = mySQL_num_rows($records);
If ($count == "0")
{
echo("Login Failed");
}
Else
{
echo("Login Passed");
}
break;
}
?>
</body>
</html>
My database table tblLogin contains 4 columns w/ just one row w/ the info:
ID name pass email
Make the following changes and see if that works for you.
<?
break;
case 2:
/* Here's where the Username and Password are validated */
require("dbshell.php"); // Contains the db info
extract($_POST); //Insert this to get variables if Register Globals is OFF
$test=0;
$table_name = "tblLogin";
$connection = @mysql_connect($db_host, $db_user, $db_pass) or die("Couldn't connect.");
$db = @mysql_select_db($db_name, $connection) or die("Couldn't select database.");
$sql = "SELECT * FROM $table_name WHERE name='$UN_required' AND pass='$PWD_required'"; //Change to match the names of the variables you are passing
/* $result = @mysql_query($sql, $connection) or die("Your username and/or password are incorrect FOO!"); */
$records = mySQL_query($sql);
$count = mySQL_num_rows($records);
If ($count == "0")
{
echo("Login Failed");
}
Else
{
echo("Login Passed");
}
break;
}
?> login still fails 
hmmm
but u added the "_required" is that needed? anyone see the error?
heres a screenshot of the database table
DEBUG!! ....
make this change ..
$sql = "SELECT * FROM $table_name WHERE name='UN' AND pass='PWD'";
$result =mysql_query($sql, $connection) or die("Your username and/or password are incorrect FOO!");
echo $sql;
if (mysql_error()){
echo mysql_error();
}
$count = mysql_num_rows($result);
if this doesnt work, see the output of echo $sql and run it in the database .
reg
kevin
$sql = "SELECT * FROM $table_name WHERE name='UN' AND pass='PWD'";
$result =mysql_query($sql, $connection) or die("Your username and/or password are incorrect FOO!");
echo $sql;
if (mysql_error())
{
echo mysql_error();
}
$count = mysql_num_rows($result);
if($count==0)
{
print "Didn't work foo!";
}
else
{
print "It worked foo";
}
There's the code and here's the output:
SELECT * FROM tbllogin WHERE name='UN' AND pass='PWD'Didn't work foo!
what do i do with it again?
Sorry about adding the _required. I looked at your form wrong the first time.
You should check to make sure your register globals is on... either that or add the following:
extract($_POST);
above your query.
This will extract the form variables you are passing with your POST method, so you should get the following variables:
$UN_required = You fool! You need a username.
$PWD_required = For cryin' out loud...enter a password
$UN = (The entered user name)
$PWD = (The entered password)
Also, in your select query, add the $ sign to your variables...
$sql = "SELECT * FROM $table_name WHERE name=$UN AND pass=$PWD";
This way your SQL statement knows you are trying to compare the name and pass fields with variables instead of with trying to compare with text. I think your SQL atatement is being tried literally. In other words, the query is looking for a name of UN and a password of PWD literally...
Thanks for the help--I found the answer, and for anyone that wants to see the code here is again-
<html>
<head>
<title>Nathan's Blog</title>
</head>
<body>
<?
if (!$p) $p = 1;
switch ($p)
{
case 1:
/* Here's the Login Form */
?>
<FORM action="NoName01.php" method="POST" name="LoginForm">
<input TYPE="hidden" name="p" value="2">
<input TYPE="Hidden" NAME="UN_required" VALUE="You fool! You need a username.">
<input TYPE="Hidden" NAME="PWD_required" VALUE="For cryin' out loud...enter a password.">
<b>Username:</b>
<input type="text" name="UN"><br>
<b>Password:</b>
<input type="password" name="PWD">
<p align="center">
<input class=btn type="Submit" name="Submit" value="Admin Login">
<input class=btn type="RESET">
</p
</FORM>
<?
break;
case 2:
/* Here's where the Username and Password are validated */
require("dbshell.php");
$test=0;
$table_name = "tblLogin";
$connection = @mysql_connect($db_host, $db_user, $db_pass) or die("Couldn't connect.");
$db = @mysql_select_db($db_name, $connection) or die("Couldn't select database.");
$sql = "SELECT * FROM $table_name WHERE name='$UN' AND pass= '$PWD'";
$result = @mysql_query($sql, $connection) or die("Your username and/or password are incorrect FOO!");
/* Here come the CF code */
if (@mysql_num_rows($result) == 0)
{
echo "LOGIN FAILED HOSER!!!!!!!";
}
else
{
echo "where do you want to go from here?";
}
break;
}
?>
</body>
</html>
Those pesky $$$ will get you every time ;-)