need a full working user auth

mikewooten

i am new to working with mysql with php
i need a full working user auth
can anyone take a look at the code below and let me know
what else i would need to add to make the user auth work?
if there is anything that i need to add, can you write out the
code for me below along with my user auth file.
thanks

$host ="localhost";

$username="user";

$password="pass";

$database="database";

$table_name = "tablename";

$connection = mysql_connect( $host, $username, $password ) or die( "Connection Error" );
mysql_select_db($db);

$user = $POST['auser'];
$pass = $POST['apass'];

$result = mysql_query("SELECT * FROM $table_name WHERE auser == '$user' AND apass == '$pass'");

if ($auser == "$auser" AND $apass == "$apass")
{
echo " <center>Welcome $auser Click here to logon ";

echo "

<form action='login.html' method='post'>
<input type='hidden' name='select2' value='$auser'>
<a href='login.html'>login</a>
</form>
";

}
elseif ($auser <> "$auser" AND $apass <> "$apass")
{
echo "You are rejected, information has not been accepted as valid. <a href='login.html'>Login</a>";
}
else
{
echo ("YOU GOT REJECTED, YOU MUST LOGIN FIRST BEFORE YOU MOVE ON <a

href='login.html'>LOGIN</a> ");
}

nemonoman

Don't use == in MySQL queries: use ONE = only.
In this case, I'd guess you want to select an record field, like 'name', not *.

So rewrite:

$result = mysql_query("SELECT name FROM $table_name WHERE auser = '$user' AND apass = '$pass'");

You need to FETCH THE RESULT.

I assume you only have one row/record with this username / pass. (If you have more records, you'd need a while loop to fetch them all.)

$row=mysql_fetch_array($result);

Your comparison as written will always be true.

/*YOURS*/if ($auser == "$auser" AND $apass == "$apass")

Rewrite to actually check result of your query:

$name=$row[0]; 
//first element of your returned array. Make sure that element has a value in every record.
//Then check to see that a record was returned; otherwise the user ain't authorized.

if ($name){
echo "<br><br><center><font size='+2'>Welcome $name":}

PS other notes:

and (lowercase) not AND in PHP

If($x==true and $y==true)
THEN IT FOLLOWS THAT
($x<>true and $y<>true)

So your structuire
if($x==true and $y==true) {}//A }
elseif ($x<>true and $y<>true) { }//B
else {} //C -- THIS CASE IS NEVER EVER GOING TO BE REACHED. Can you tell why?

Maybe you meant:

if($x==true and $y==true) {
echo 'both OK';
}
elseif ($x<>true ) {echo 'x was false, y was true'; }
elseif ($y<>true ){echo 'x was true, y was false';}
else  {echo 'both false';}

mikewooten

i have fixed the code a little, would the code look like this or what else would need to be changed for this user auth to work?

thanks

$host ="localhost";
$username="user";
$password="pass";
$database="database";
$table_name = "tablename";

$connection = mysql_connect( $host, $username, $password ) or die( "Connection Error" );
mysql_select_db($db);

$user = $POST['auser'];
$pass = $POST['apass'];

$result = mysql_query("SELECT auser, apass FROM $table_name WHERE auser == '$user' AND apass == '$pass'");

while ($row = mysql_fetch_array($result)) {
echo $row["auser"];
echo $row["apass"];

$row=mysql_fetch_array($result);

$name=$row[0];

if ($name){
echo " <center>Welcome $name":}

nemonoman

As written won't work:

$result = mysql_query("SELECT auser, apass FROM $table_name WHERE auser == '$user' AND apass == '$pass'");

<<THE WHILE LOOP BELOW FETCHES ALL YOUR ROWS FROM THE THE SELECT ABOVE>>
while ($row = mysql_fetch_array($result)) {
echo $row["auser"];
echo $row["apass"];

}

<<THE COMMAND BELOW RETURNS NOTHING...ALL ROWS ALREADY FETCHED ABOVE>>
$row=mysql_fetch_array($result);

<<$name BELOW is NULL. >>

$name=$row[0];
<<ALSO $row[0] from YOUR select statement would return 'auser'...you can identify your individual record elements by number (starting with 0), or name. Based on select above $row[0]==$row['auser']>>

<<THIS CONDITION WILL ALWAYS BE FALSE since $name is null>>
if ($name){

mikewooten

i have removed some things fromt he code, should it work?
if not, what else would i need to get it to work?
can you write out the code i would need to get it to work?
how could i get the mysql query to work?
thanks

$host ="localhost";
$username="user";
$password="pass";
$database="database";
$table_name = "tablename";

$connection = mysql_connect( $host, $username, $password ) or die( "Connection Error" );
mysql_select_db($db);

$user = $POST['auser'];
$pass = $POST['apass'];

$result = mysql_query("SELECT auser and apass FROM $table_name WHERE auser == '$user' AND apass == '$pass'");

while ($row = mysql_fetch_array($result)) {
echo $row["auser"];
echo $row["apass"];

nemonoman

Why did you change this and make it wrong?
$result = mysql_query("SELECT auser and apass FROM $table_name

You had it right before:

$result = mysql_query("SELECT auser , apass FROM $table_name

ALSO STOP USING == in SQL QUERIES!!
ONE = ONLY in SQL QUERIES!!

where a=b <<SQL SELECT
if($a==$b) <<PHP conditional test

$result = mysql_query("
SELECT auser, apass
FROM $table_name
WHERE auser = '$user'
AND apass = '$pass'
");

Are you saying your query isn't working? Have you correctly populated '$table_name'? I just assumed you had done so, though it's nowhere in your code.

Are you just copying this out of some tutorial? Copy it all correctly, and/or Try RTFM.

Are trying out your code for real? or just desk debugging? Because you will also need to make sure that your data is right, ie that you have inserted one and only one record for this username/password combo.

mikewooten

when i view the file, i get this message, how can this message be fixed, what would i have to do and what code would i have to use?
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource

thanks

nemonoman

Are you really using these values?

$host ="localhost";
$username="user";
$password="pass";
$database="database";
$table_name = "tablename";

In which case your problem is obvious.

Have you connected to the database at all? Is there a record there at all?

Show us the real values you are using..."xxx" for password.

mikewooten

this is the real values i am really using

$host="localhost";
$username="mwooten1";
$password="xxx";
$database="mwooten1_sampledb";
$table_name = "ecom";

nemonoman

OK. Try it in steps:

$connection = mysql_connect( $host, $username, $password ) or die( "Connection Error" );
// OK that would die on failure.

mysql_select_db($db);

//WHAT IS $db?

//Don't you mean:

mysql_select_db($database);

//??

//Better would be:

$selected=mysql_select_db($database) or die("Couldn't select Database");

$result = mysql_query("SELECT auser, apass FROM $table_name WHERE auser = '$user' AND apass = '$pass'")

mikewooten

ok, i have entered the information, and now i am getting an Parse error, how can i correct that for the user auth to work?
thanks

mikewooten

i'm getting this message saying that it couln't select the database
what should i do?
thanks
here is the code i have below

$host="localhost";
$username="mwooten1";
$password="xxx";
$database="mwooten1_sampledb";
$table_name = "ecom";

or die( "Connection Error" );

$connection = mysql_connect($host, $username, $password);
$selected=mysql_select_db($connection) or die("Couldn't select Database");
$result = mysql_query("SELECT auser, apass FROM $table_name WHERE auser == '$user' AND apass == '$pass'");

nemonoman

Please see my edited version...I posted before proofreading.

Change:
$selected=mysql_select_db($connection) or die("Couldn't select Database");

To:
$selected=mysql_select_db($database) or die("Couldn't select Database");

AND PLEASE REMOVE THE ^&*%$$#

DOUBLE EQUALS (==)

FROM YOUR ^&)#!!

SELECT STATEMENT!!!!

SINGLE EQUALS ONLY!!

HAVE SAID THIS 3 TIMES!!!!!

mikewooten

the code works when the user wants to enter any kind of information that they want, how can i make the user auth work only when they sign up for a user name and password and use that user name and password to get in and when they don't use the right username with the right password, it'll reject them?

i have changed everything, including the double == and the connection?
can you let me know what else i would have to do
thanks
here the code

            $host="localhost";
$username="mwooten1";
$password="mikeswoo";
$database="mwooten1_sampledb";
$table_name = "ecom";

$connection = mysql_connect($host, $username, $password);
$selected=mysql_select_db($database) or die("Couldn't select Database");
$result = mysql_query("SELECT auser, apass FROM $table_name WHERE auser = '$user' AND apass = '$pass'");

$user = $POST['auser'];
$pass = $POST['apass'];

while ($row = mysql_fetch_array($result)) {
echo $row["auser"];
echo $row["apass"];

}

nemonoman

I'm done now.

FIRST set the values:

$user = $POST['auser'];
$pass = $POST['apass'];

THEN do the query:
$result = mysql_query("SELECT auser, apass FROM $table_name WHERE auser = '$user' AND apass = '$pass'");

All this does:

while ($row = mysql_fetch_array($result)) {
echo $row["auser"];
echo $row["apass"];
}

Is print out the username and password from the database.

Figure the rest out yourself. I can't keep up with the ways you add new errors to your code, or that you can't figure out what you're trying to accomplish.

Move further questions to the NEWBIEs forum.