Login does not work but other php script does. What is wrong with the login??

Hitoshi

Please can someone tell me what's wrong with this login script?

<?php

if (isset($_POST['submit'])) {
require_once ('mysql_connect.php');

function escape_data ($data) {

global $dbc;

if (ini_get('magic_quotes_gpc')) {

$data = stripslashes($data);
}

return mysql_real_escape_string($data, $dbc);
}

$message = NULL;
if (empty($_POST['username']))
{
$u = FALSE;

$message .= '<p>You forgot to enter your username!</p>';
}

else {
$u = escape_data($_POST['username']);
}

if (empty($POST['password'])) {
$p = FALSE;
$message .= '<p>You forgot to enter your password!</p>';
} else {
$p = escape_data($POST['password']);
}

if ($u && $p) { // If everything's OK.
$query = "SELECT user_id, first_name FROM users WHERE username='$u' AND password=PASSWORD('$p')";
$result = @ ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);
if ($row) {

// Start the session, register the values & redirect.
session_name ('YourVisitID');
ini_set ('session.use_cookies', 0);
session_start();
$SESSION['first_name'] = $row[1];
$SESSION['user_id'] = $row[0];
header ("Location: [url]http://[/url]" . $SERVER['HTTP_HOST'] . dirname($SERVER['PHP_SELF']) . "/loggedin.php?" . SID);
exit();

	} else {
		$message = '<p>The username and password entered were not recognised.</p>'; 
	}
	mysql_close();
} else {
	$message .= '<p>Please try again.</p>';		
}

}
$page_title = 'Login';

if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset><legend><font color="000000">Enter your information in the form below:</font></legend>
<p><b>User Name:</b>

<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
<div align="center"><input type="submit" name="submit" value="Login" /></div>
</form>

There's nothing wrong with the mysql_connect file because I have gotten it to work on this script :

<?php

$page_title = 'HP';

include ('templates/header.inc');

require_once ('mysql_connect.php');

$id = 1;

$sql = 'SELECT HP,G FROM users WHERE user_id = '.$id;

$res = mysql_query($sql) or die("Query Error: ".mysql_error());

$data = mysql_fetch_array($res) or die("Fetch Error: ".mysql_error());

$hp = $data[HP];

$heal = 20;

$cost = 50;

if($data['G'] < 50)
{

echo 'You have insufficient Gold to do this.';
exit;
}

$query = "UPDATE users SET HP = HP+$heal, G = G-$cost WHERE user_id = $id";

$result_up = mysql_query( $query ) or die( mysql_error() );

echo 'HP increased by 20 - At the cost of 50Gold';

mysql_close();

?>

Please can someone tell me what my difference is between those two and why it wont work? :S does the login have errors in it?

jonno946

it might be a good idea to post the error message you are getting!!

Hitoshi

The username and password entered were not recognised.

jonno946

What is the PASSWORD('$p')"; all about on your query?

Shouldn't it be:

SELECT user_id, first_name FROM users WHERE username='$u' AND password='$p'";

Hitoshi

...now im getting this :
Parse error: parse error, expecting T_STRING' orT_VARIABLE' or `T_NUM_STRING' in /home/hitoshi/public_html/login.php on line 47

when i load the page

Hitoshi

It would be MUCH easier to work with if it wasnt so complex.. the thing is, that code has a validator in it as well... which im not really bothered about. Could someone write me a really simple login script?? features including : Save cookie for session, and display "Signed in" message. please..

jonno946

Heres a snippet of my login script.

If your passwords are raw text and not encrypted with md5(), you may need to alter the query a bit.


<?php

// Begin Session
session_start();

// Log into MySQL database
$db = mysql_connect("localhost", "db_username", "db_password") or die ("Could not connect"); 
mysql_select_db("db_name") or die ("Could not select db"); 

// Make Username and Password lowercase
$us = strtolower($us);
$pa = strtolower($pa);

// Check Both Username and Password Are Not Empty
if((!$us) || (!$pa)){
print "Please Ensure You Have Entered a Username and Password!";
exit;
}

// Check the Username Entered Exists in DB
$userexist = mysql_query("SELECT * FROM `users` WHERE username='$us'",$db); 
if(mysql_num_rows($userexist) == 0) {
print "The Username You Entered Does Not Exist.";
exit;
}

// Check Password
$login = mysql_query("SELECT * FROM `users` WHERE username='$us' and password='". md5($pa) ."'",$db); 
if(mysql_num_rows($login) == 0) {
print "Invalid Password For This Username!";
exit;
}

// Write Session Variables
$_SESSION[logged_in] = "yes";
$_SESSION[username] = $us;

// If All Correct, Print Confirmation
print "Logged In!";

?>

Good Luck!

Hitoshi

How would i make the log in form connect to this script? :/
really sorry.. im a total n00b to php lol

jonno946

make a form with 2 text boxes and a submit button. Name the username box 'un' and password box 'pa', and the submit action the name of the script 😕

Hitoshi

I really dont understand what u mean... cant u write it out!? would only take 5 secs and ive waited ages for a reply. lol

jonno946

i am willing to help you with php issues, but this is a simple html task.

It might be a good idea viewing the source of one of the many hundreds of thousends of login screens out there to see an example of how this is done.

Hitoshi

html?! no no... i think im quite ok with that. I've only been doing html for what, hmmm.. 4 years nearly?? What I meant was, what do u mean by name of the script? its not obvious. or what the submit action is supposed to have in it?

jonno946


<?php 

// Begin Session 
session_start(); 

// Log into MySQL database 
$db = mysql_connect("localhost", "db_username", "db_password") or die ("Could not connect");  

mysql_select_db("db_name") or die ("Could not select db");  

if((!$us) || (!$pa)) {
echo "
?>

<form method="POST" name="login" action="<?php print $PHP_SELF; ?>">
Username:
<input type=text name="us"><br>
Password:
<input type=password name="pa"><ce>
<input type=submit value="Log In">
</form>

<?php
";

} else {

// Make Username and Password lowercase 
$us = strtolower($us); 
$pa = strtolower($pa); 

// Check Both Username and Password Are Not Empty 
if((!$us) || (!$pa)){ 
print "Please Ensure You Have Entered a Username and Password!"; 
exit; 
} 

// Check the Username Entered Exists in DB 
$userexist = mysql_query("SELECT * FROM `users` WHERE username='$us'",$db);  

if(mysql_num_rows($userexist) == 0) { 
print "The Username You Entered Does Not Exist."; 
exit; 
} 

// Check Password 
$login = mysql_query("SELECT * FROM `users` WHERE username='$us' and password='". md5($pa) ."'",$db);  

if(mysql_num_rows($login) == 0) { 
print "Invalid Password For This Username!"; 
exit; 
} 

// Write Session Variables 
$_SESSION[logged_in] = "yes"; 
$_SESSION[username] = $us; 

// If All Correct, Print Confirmation 
print "Logged In!"; 

}

?>

Hitoshi

thank you! 😃 script finally works! but...
as soon as i hit submit it trys to connect to this?!!?
http://www.psorevolution.com/<?php%20print%20/login.php;%20?>

and of course, it comes up page cannot be found.

jonno946

just replace the <?php print $PHP_SELF; ?> with login.php then 🙂

Anyway i'm off to bed, night!

Hitoshi

Thank you!! 😃😃