Login Form Validation Problem (I think)

MystedVeil

My problem comes in it is not recognizing name or password. I have two names placed in the database table for membership that I use for testing.

The username and password entered do not match those on file.

if (isset($_POST['submit'])) { // Check if the form has been submitted.

require_once ('incl/mysql_connect.php'); // Connect to the database.

if (empty($_POST['name'])) { // Validate the username.
	$u = FALSE;
	echo '<p><font color="red">You forgot to enter your username!</font></p>';
} else {
	$u = escape_data($_POST['name']);
}

if (empty($_POST['password'])) { // Validate the password.
	$p = FALSE;
	echo '<p><font color="red">You forgot to enter your password!</font></p>';
} else {
	$p = escape_data($_POST['password']);
}

if ($u && $p) { // If everything's OK.

	// Query the database.
	$query = "SELECT member_id, name FROM membership WHERE name='$u' AND password=PASSWORD('$p')";		
	echo mysql_error(); 
	$result = @mysql_query ($query);
	$row = mysql_fetch_array ($result, MYSQL_NUM); 

	if ($row) { // A match was made.

			// Start the session, register the values & redirect.
			$_SESSION['name'] = $row[1];
			$_SESSION['member_id'] = $row[0];

			ob_end_clean(); // Delete the buffer.

			header ("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php");
			exit();

	} else { // No match was made.
		echo '<p><font color="red">The username and password entered do not match those on file.</font></p>'; 
	}

	mysql_close(); // Close the database connection.

} else { // If everything wasn't OK.
	echo '<p><font color="red">Please try again.</font></p>';		
}

} // End of SUBMIT conditional.

<table width=100% border=0 cellspacing=1 cellpadding=1 name=menu>
<tr><td class=menuheader align=center>Login</td></tr>
<tr><td class=menuBody>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

<input class=title name="name" type="text" id="name" style="width: 100px;" maxlength="30" value="">
<strong>Member Name</strong>
<input class=title style="width: 100px;" type="password" name="password" size="20" maxlength="20" /><br/><strong>Password</strong>
<br/><input type="submit" name="submit" value="Login">
</form></td></tr>
</table>

I dont know if this could be the problem but on my footer.html I have the following:

if (isset($_SESSION['member_id'])) {
	echo "<b>Member</b>: {$_SESSION['name']}<br/>
<b>Last Login</b>: 
<b>Total Posts</b>:";
} else {
include('login.php'); 
}

toplay

I took a quick glance at your code. Remove the '@' sign in front of the mysql_query() since this suppresses errors. You're probably getting an SQL error and you're not seeing it because of that.

The reason you're probably getting the error is because you're using "password" as a column name, which is a reserved word in MySQL. Change the column name to something else to avoid future confusion or you must enclose the column name inside backtick marks. Example:
$query = "SELECT member_id, name FROM membership WHERE name='$u' AND password=PASSWORD('$p')";

Also, check for any possible errors after the query and before executing any more commands like your mysql_fetch_array().

hth.

MystedVeil

Thank you, that helped with that problem now I am having another one once the form is processed.

this is in footer.html (it current works showing either the members info or the login form based on whether they are logged in or not (at least it does on my index.php and tos.php page.

// Display links based upon the login status.
if (isset($_SESSION['member_id']) AND (substr($_SERVER['PHP_SELF'], -10) != 'logout.php')) {
include('login_status.php'); 
;

} else {
include('login.php'); 
}

Ok, now I have logged in using one of the two names I have registered and it shows the login_status.php properly on index.php and tos.php but on the memberlist.php page it pulls up the other name I have registered to the site.

session_start(); // Start a session. Added to every page.
$page_title = 'Memberlist';
include_once ('incl/header.html');
    echo "<p class=header align=center>Memberlist</p>";
echo"<table class=tableStory width=100%>";
echo"<tr>
<td align=justify width=25% valign=top><b>Member</b></td>
<td align=justify width=25% valign=top><b>Join Date</b></td>
<td align=justify width=25% valign=top><b># of Posts</b></td>
</tr>";

require_once ('incl/mysql_connect.php');
$row['country_id']= $_GET['country_id'];
if (empty($country_id))
{
    $query = " select  membership.* from membership where status='Y' order by joindate DESC ";
}
else
{
    $query = " select  membership.* from membership where status='Y' and country_id='$country_id' order by joindate DESC ";
}
    $result = mysql_query($query) or die (mysql_error());

// display a drop down menu for users to choose memberlist by country
$qGetCountry = "select country_id, countryloc from country order by countryloc";
$rsGetCountry = mysql_query($qGetCountry) or die(mysql_error());

echo "<form action=\"memberlist.php\" method=\"post\">
            <select name=\"country_id\">";
while ($countryrow = mysql_fetch_array($rsGetCountry))
{
    extract($countryrow);
    echo "<option value=\"$country_id\">$countryloc</option>";
}
echo "</select><input type=\"submit\" value=\"filter\"></form>";

if (mysql_num_rows($result) == 0)
{
    echo "<p>No members found in this list.</p>";
}
else
    while ($row = mysql_fetch_array($result))
    {
        extract($row);
        echo "<tr><td align=justify width=25% valign=top><b><a href='member_profile.php?id=".$row['member_id']."'>" . $row['name'] . "</a></b></td><td align=justify width=25% valign=top>" . $row['joindate'] . "</td><td align=justify width=25% valign=top></td></tr>";
    }
 echo"</table>";

include_once ('incl/footer.html');