[RESOLVED] database help

fus10n

i have created a log in and register system and the register portion of it works but for some reason the log in will not it is giving me the unable to log in error. here is the log in script.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php

    // dBase file
    include "dbConfig.php";

    if ($_GET["op"] == "login")
  {
  if (!$_POST["username"] || !$_POST["password"])
        {
        die("You need to provide a username and password.");
        }

  // Create query
  $q = "SELECT * FROM `dbUsers` "
        ."WHERE `username`='".$_POST["username"]."' "
        ."AND `password`=PASSWORD('".$_POST["password"]."') "
        ."LIMIT 1";
  // Run query
  $r = mysql_query($q);

  if ( $obj = @mysql_fetch_object($r) )
        {
        // Login good, create session variables
        $_SESSION["valid_id"] = $obj->id;
        $_SESSION["valid_user"] = $_POST["username"];
        $_SESSION["valid_time"] = time();

    // Redirect to member page
    Header("Location: members.php");
    }
  else
        {
        // Login not successful
        die("Sorry, could not log you in. Wrong login information.");
        }
  }
        else
  {
//If all went right the Web form appears and users can log in
  echo "<form action=\"?op=login\" method=\"POST\">";
  echo "Username: <input name=\"username\" size=\"15\"><br />";
  echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
  echo "<input type=\"submit\" value=\"Login\">";
  echo "</form>";
  }
        ?>

</body>
</html>

bradgrafelman

Can you show us the code you use to create users in the DB?

Also, note that user-supplied data should never be inserted directly into a SQL query else your code will be vulnerable to SQL injection attacks and/ro just plain SQL errors. Instead, you must first sanitize it with a function such as [man]mysql_real_escape_string/man (for string data).

fus10n

ok, first let me say thanks for the tip and here is the all of the code

dbconfig:

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?
// Replace the variable values below
// with your specific database information.
$host = "localhost";
$user = "yourclas_****";
$pass = "*****";
$db   = "yourclas_dbUsers";

// This part sets up the connection to the 
// database (so you don't need to reopen the connection
// again on the same page).
$ms = mysql_pconnect($host, $user, $pass);
if ( !$ms )
        {
        echo "Error connecting to database.\n";
        }

// Then you need to make sure the database you want
// is selected.
mysql_select_db($db);
?>
</body>
</html>

here is the registration page:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php

    // dbConfig.php is a file that contains your
    // database connection information. This
    // tutorial assumes a connection is made from
    // this existing file.
    include ("dbConfig.php");


//Input vaildation and the dbase code
        if ( $_GET["op"] == "reg" )
  {
  $bInputFlag = false;
  foreach ( $_POST as $field )
        {
        if ($field == "")
    {
    $bInputFlag = false;
    }
        else
    {
    $bInputFlag = true;
    }
        }
  // If we had problems with the input, exit with error
  if ($bInputFlag == false)
        {
        die( "Problem with your registration info. "
    ."Please go back and try again.");
        }

  // Fields are clear, add user to database
  //  Setup query
  $q = "INSERT INTO `dbUsers` (`username`,`password`,`email`) "
        ."VALUES ('".$_POST["username"]."', "
        ."PASSWORD('".$_POST["password"]."'), "
        ."'".$_POST["email"]."')";
  //  Run query
  $r = mysql_query($q);

  // Make sure query inserted user successfully
  if ( !mysql_insert_id() )
        {
        die("Error: User not added to database.");
        }
  else
        {
        // Redirect to thank you page.
        Header("Location:MPHS.html");
        }
  } // end if


//The thank you page
        elseif ( $_GET["op"] == "thanks" )
  {
  echo "<h2>Thanks for registering!</h2>";
  }

//The web form for input ability
        else
  {
  echo "<form action=\"?op=reg\" method=\"POST\">\n";
  echo "Username: <input name=\"username\" MAXLENGTH=\"16\"><br />\n";
  echo "Password: <input type=\"password\" name=\"password\" MAXLENGTH=\"16\"><br />\n";
  echo "Email Address: <input name=\"email\" MAXLENGTH=\"25\"><br />\n";
  echo "<input type=\"submit\">\n";
  echo "</form>\n";
  }
        // EOF
        ?>
</body>
</html>

members:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php
session_start();

if (!$_SESSION["valid_user"])
        {
        // User not logged in, redirect to login page
        Header("Location: login.php");
        }

// Member only content
// ...
// ...
// ...

// Display Member information
echo "<p>User ID: " . $_SESSION["valid_id"];
echo "<p>Username: " . $_SESSION["valid_user"];
echo "<p>Logged in: " . date("m/d/Y", $_SESSION["valid_time"]);

// Display logout link
echo "<p><a href=\"logout.php\">Click here to logout!</a></p>";
?>
</body>
</html>

Log out:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php
session_start();
session_unset();

session_destroy();
// Logged out, return home.
Header("Location: index.php");
?>
</body>
</html>

and for your reference here is the log in page for the website: yourclassnotes.com/login.php
Username: test
Passowrd: test

and the register page: yourclassnotes.com/register.php

bradgrafelman

Can you show us how the password field is defined in the table (e.g. how it would appear in a SHOW CREATE TABLE output)?

Also, can you show us the row in the DB for the 'test' user?

fus10n

this is the table:

Name Type Addition
id int(10) Primary Key, AUTO_INCREMENT
username varchar(16) Unique
password char(16)

email varchar(25)

bradgrafelman

There's your problem - the PASSWORD() function returns a string of 41 characters, and you're only storing the first 16 of them. A 41-character string will never equal a 16-character string.

fus10n

ok, can you please tell me what to change i am new to php

fus10n

as in make it so the string in the code is 16 as oppose to 41

bradgrafelman

fus10n;10965417 wrote:
as in make it so the string in the code is 16 as oppose to 41

Well I suppose you could use one of MySQL's LEFT/RIGHT/SUBSTRING() functions, but why wouldn't you simply alter the table declaration so that the password column holds 41 characters??

fus10n

i tried that and at first it didn't work, just made a new table with it set as 41 and it worked! now im going to ask you one final question after the login or registration is complete i want it to go to a different page but i am getting this error

Warning: Cannot modify header information - headers already sent by (output started at /home2/yourclas/public_html/register.php:9) in /home2/yourclas/public_html/register.php on line 57

bradgrafelman

fus10n;10965420 wrote:
i tried that and at first it didn't work, just made a new table with it set as 41 and it worked!

Sounds like you tried simply altering the table definition and then attempting to login again; changing the table definition won't automagically fix the rows already inserted into the table whose values were already truncated.

fus10n;10965420 wrote:
now im going to ask you one final question after the login or registration is complete i want it to go to a different page but i am getting this error

Warning: Cannot modify header information - headers already sent by (output started at /home2/yourclas/public_html/register.php:9) in /home2/yourclas/public_html/register.php on line 57

The error message is pretty clear; you're trying to alter the HTTP headers on line #57 even though they've already been sent due to the output on line #9.

You can't modify the HTTP headers after you output anything; move any logic/statements that might need to alter the HTTP headers so that they are all before any output.

fus10n

thank you so much, you really helped me out