What the heck am I doing wrong here?

VooDooRT

Every time, $user_name is coming up blank...WTF!

 
function login($user_name, $password){
	$pw_sql = "SELECT * FROM admin_info WHERE user_name = \"$user_name\"";
	$result = @mysql_query($pw_sql);
	$myrow = mysql_fetch_array($result);
	if($myrow[password] == $password and $user_name != NULL){
		return 1;
	}
	else {
		echo("
			<table width=500 cellspacing=0 cellpadding=0 height='109'>$pw_sql
		<tr><td width=100% bgcolor=black height='12'><center><font color=#cccccc size=1 face=arial>
			Site Admin login
		</td></tr>
						<tr><td width=100% bgcolor=black><center><font color=#cccccc size=1 face=arial>
			      <font color=red>Be warned</font>, any unauthorized access to this area will log your IP address and host address.</td></tr>
		<tr><td height='97'>
			<table cellspacing=0 cellpadding=0 width=503 height='53' style='border-collapse: collapse' bordercolor='#111111'>
			<tr><Td width='57' height='24'>
<form action='actions.php' method='post'>

<font size='1' face='Arial' color='#CCCCCC'>User Name:</font></td>
              <Td width='223' height='24'>


<font color=#cccccc size=1 face=arial>
<input type=text name=user_name length=30 size=15></font></td></tr>
			<tr><Td width='57' height='13'>


<font size='1' face='Arial' color='#CCCCCC'>Password:</font></td>
              <Td width='223' height='13'>


<font color=#cccccc size=1 face=arial>
<input type=password name=password length=30 size=15></font></td></tr></table>
            <p align='center'>
<font color=#cccccc size=1 face=arial>
<input type=submit value=Login!></font></td>
                  </tr></form>
                </table>
     ");

}
}
if(login($user_name, $password)){
//do stuff
}

barand

Try single quotes:-

$pw_sql = "SELECT * FROM admin_info WHERE user_name = '$user_name' ";

and remove the @ from the query, or test for error and echo mysql_error() so you can get a clue if something is going wrong.

hth

trooper

The man barand speaks the truth

You shoyld always get into the habit of putting error checking into your code.

VooDooRT

function login($user_name, $password){
	$pw_sql = "SELECT * FROM admin_info WHERE user_name = '$user_name'";

$result = mysql_query($pw_sql);
$myrow = mysql_fetch_array($result);
if($myrow[password] == $password and $user_name != NULL){
	return 1;
}
else {

I tried that, nothing...

VooDooRT

function login($user_name, $password){
	$pw_sql = "SELECT * FROM admin_info WHERE user_name = '$user_name'";

$result = mysql_query($pw_sql) or die ("<p>$fontString $pw_sql<P>".mysql_errno().": ".mysql_error());
$myrow = mysql_fetch_array($result);
if($myrow[password] == $password and $user_name != NULL){
	return 1;
}
else {

No dice...

trooper

why have you put username !=NULL?

NULL is a very dubious clause to check against

VooDooRT

Ok, I tried this, still no luck:

function login($user1, $pass) {
  global $fontString, $fontString2, $headString;
  global $myrow;
  $result = @mysql_query("SELECT * FROM admin_info WHERE user_name = \"$user\"");
  $myrow = mysql_fetch_array($result);
  if($myrow != NULL)
     extract($myrow);
  if($user1 == $user_name && $pass == $password) {
	if($disable != 1) {
		return 1;
	  }
	  else {
		echo("
			<center>$fontString
		<META HTTP-EQUIV=\"Refresh\" CONTENT=\"3; URL=actions.php\"> 
			For one reason or another, you're not allowed to view this page.  Wait while we forward you back.
	  	");
	  }
	}
	if($disable == 1) {
	  echo("
		$fontString
		You must have pissed someone off, cause you're DISABLED!
	  ");
	}
  else {
	if(!$user1) {

	echo("
		<table border=0 cellpadding=2 cellspacing=0 style=border-collapse:collapse collapse bordercolor=#111111 width=100% id=AutoNumber1>
          <tr>
            <td width=100% colspan=2>
            <p align=center>$headString
		Error: Username not found!<br></td>
          </tr>
          <tr><form action=actions.php method=post>
            <td width=24%>$fontString Username: </td>
            <td width=76%> <input type=text name=user_name size=15></td>
          </tr>
          <tr>
            <td width=24%>$fontString Password: </td>
            <td width=76%> <input type=password name=password size=15></td>
          </tr>
          <tr>
            <td width=100% colspan=2>
            <p align=center>
		<input type=submit value=Login></td>
          </tr>
        </table>		
	");

}
else {
	echo("
		<table border=0 cellpadding=2 cellspacing=0 style=border-collapse:collapse collapse bordercolor=#111111 width=100% id=AutoNumber1>
          <tr>
            <td width=100% colspan=2>
            <p align=center>$headString
		Error: Password not found!<br></td>
          </tr>
          <tr><form action=actions.php method=post>
            <td width=24%>$fontString Username: </td>
            <td width=76%> <input type=text name=user_name size=15></td>
          </tr>
          <tr>
            <td width=24%>$fontString Password: </td>
            <td width=76%> <input type=password name=password size=15></td>
          </tr>
          <tr>
            <td width=100% colspan=2>
            <p align=center>
		<input type=submit value=Login></td>
          </tr>
        </table>
	");
}
  }

}

This ALWAYS logs you in. Without the NULL it will always log you in.

trooper

like the man barand said "get rid of the @"

VooDooRT

Originally posted by trooper
like the man barand said "get rid of the @"

I did, twice, nothing....

it keeps coming up as user_name = nothing

VooDooRT

//core.php
function login($user1, $pass) {
  global $fontString, $fontString2, $headString;
  global $myrow;
  $sql = "SELECT * FROM admin_info WHERE user_name = \"$user1\"";
  $result = mysql_query($sql) or die ("<p>$fontString $sql<P>".mysql_errno().": ".mysql_error());
  $myrow = mysql_fetch_array($result);
  if($myrow != NULL)
     extract($myrow);
  if($user1 == $user_name && $pass == $password && $user1 != NULL) {
	if($disable != 1) {
		return 1;
	  }
	  else {
		echo("
			<center>$fontString
		<META HTTP-EQUIV=\"Refresh\" CONTENT=\"3; URL=actions.php\"> 
			For one reason or another, you're not allowed to view this page.  Wait while we forward you back.
	  	");
	  }
	}
	if($disable == 1) {
	  echo("
		$fontString
		You must have pissed someone off, cause you're DISABLED!
	  ");
	}
  else {
	if(!$user1) {

	echo("
		<table border=0 cellpadding=2 cellspacing=0 style=border-collapse:collapse collapse bordercolor=#111111 width=100% id=AutoNumber1>
          <tr>
            <td width=100% colspan=2>
            <p align=center>$headString
		Error: Username not found!<br>$sql<br>$user1<br>$user_name<br>$username</td>
          </tr>
          <tr><form action=actions.php method=post>
            <td width=24%>$fontString Username: </td>
            <td width=76%> <input type=text name=user_name size=15></td>
          </tr>
          <tr>
            <td width=24%>$fontString Password: </td>
            <td width=76%> <input type=password name=password size=15></td>
          </tr>
          <tr>
            <td width=100% colspan=2>
            <p align=center>
		<input type=submit value=Login></td>
          </tr>
        </table>		
	");

}
else {
	echo("
		<table border=0 cellpadding=2 cellspacing=0 style=border-collapse:collapse collapse bordercolor=#111111 width=100% id=AutoNumber1>
          <tr>
            <td width=100% colspan=2>
            <p align=center>$headString
		Error: Password not found!<br>$sql</td>
          </tr>
          <tr><form action=actions.php method=post>
            <td width=24%>$fontString Username: </td>
            <td width=76%> <input type=text name=user_name size=15></td>
          </tr>
          <tr>
            <td width=24%>$fontString Password: </td>
            <td width=76%> <input type=password name=password size=15></td>
          </tr>
          <tr>
            <td width=100% colspan=2>
            <p align=center>
		<input type=submit value=Login></td>
          </tr>
        </table>
	");
}
  }

//actions.php

$user_name = $usercook;
$password = $passcook;

setcookie("usercook", $user_name);
setcookie("passcook", $password);

require("core.php");

//global $fontString, $tableColor, $fontString2, $myrow;
if(login($user_name, $password)){
//do stuff
}

Here is everything. It always comes up as Username not found and echo's $sql as:
SELECT * FROM admin_info WHERE user_name = ""

I'm not sure why it's not saying what $user1 is...I'm cornfused.... I know it's posting!!! No '@' and no errors at all, just not posting correctly...ugh...

barand

It's not a 'register_globals' problem is it?

Have u tried $user_id = $_POST['user_id'] first?