PHP login problem! (simple!!!)

fluppet

Not a big problem, but i cant get over the or die error i get with my sql query.

This is the login form, and after it the action it goes to.

echo("<form enctype=\"text/plain\" action=\"login-go.php\" method=\"post\">
<input type=\"text\" name=\"fusername\" size=\"20\" value=\"username\"> <br>
<input type=\"text\" name=\"fpassword\" size=\"20\" value=\"password\"> <br>
<input type=\"submit\" name=\"submit\" value=\"Login\"></form>");

<?php 
include("config.php");
if($loged=='yes')
{
 echo "You are already loged in!";
 echo "<p align=\"right\"><a href=\"logout.php\">Logout.</a>";
}
else 
{ 

include("config.php");
$conn = mysql_connect("$server", "$db_user","$db_pass") 
or die("Count not connect to database");

$rs = mysql_select_db("$database",$conn) 
or die ("Could not select database");  

$sql = 'SELECT * ';
$sql .= 'FROM `users` ';
$sql .= 'WHERE username=\"$fusername\" AND ';
$sql .= 'PASSWORD=\"$fpassword\" LIMIT 0, 30'; 
$rs=mysql_query($sql,$conn) or die("NOT HAVING THIS!");
$num=mysql_num_rows($rs);
if($num=="0"){echo("Sorry, login dosent exist");}
else
{
 setcookie("loged","yes",time()+3600);
 setcookie("username","$username",time()+3600);
 setcookie("name","$name",time()+3600);
 setcookie("email","$email",time()+3600);
 echo("<a href=\"index.php\" style=\"font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; color: #000000;\">Click here to finish loging in!</a> ");

}?>

<?php
}
?>

Whats the problem? It dont make any sense to me - it has an error with the sql query and gives me the die error. You can look at the files at

http://xeon.createworld.net/~fluppet/class/login.php
http://xeon.createworld.net/~fluppet/class/login-go.php

Can anyone help me with the sql query? its fine if i get rid of the $fusername and $fpassword, but then it goes wrong when i change it to strings not values! ARRRGG

Thanks in advance, chris.

Nehle

Try it without using global variables by putting

extract($_POST);

before the reste of the code. Also, you might want to write the SLQ query as one string instead of appending all the time. And $conn is not necessary unless you use more than one connection

fluppet

"CREATE TABLE users (
id int(11) NOT NULL auto_increment,
username varchar(250) NOT NULL default '',
password varchar(250) NOT NULL default '',
email varchar(250) NOT NULL default '',
fname varchar(250) NOT NULL default '',
sname varchar(250) NOT NULL default '',
level varchar(1) NOT NULL default '4',
country text NOT NULL,
city text NOT NULL,
interests text NOT NULL,
picture text NOT NULL default '',
PRIMARY KEY (id)
) TYPE=MyISAM;"

Thats the SQL structure if you were wondering.

Thanks ill give it a go and tell you whether it helped

LordShryku

Ok, so let me pick this apart...

1) You include the config file twice. Dunno why

include("config.php");
if($loged=='yes')
{
 echo "You are already loged in!";
 echo "<p align=\"right\"><a href=\"logout.php\">Logout.</a>";
}
else 
{ 

include("config.php");

2) The single quotes, double quotes backwards just throws me off. Maybe they actually do work this way, but I don't do that. Either way, here's what I would do...

$sql = "SELECT * 
        FROM users 
        WHERE username='".$_POST['fusername']."' 
        AND PASSWORD='".$_POST['fpassword']."'"; 
$rs=mysql_query($sql) or die("NOT HAVING THIS!");

Also, the fields are case sensitive. Din't know if the password field in your DB is all caps, but worth making sure

fluppet

nup, i put it $sql as one string, put in extract($_POST); at the begginging and the query still dies.

to LordShryku - i couldnt get it to work, so i copied it directly from PHPMyAdmin, so it cant be wrong.

LordShryku

Just cuz phpMyadmin works, doesn't mean it's automatically right. Why not actually TRY the code I gave you? On top of that, add a mysql_error() to the die statement, and find out what the problem is