[RESOLVED] 'Simple' login script

aaronmm

Hello!

Hoping someone can help me, I'm slowly giving up, no doubt someone will point me in the direction of an answer straight away, but I have looked! Honest!

I'm very new at learning PHP, and am attempting to create a simple login script.

As you can see from my code below (assuming I've done it right!) I'm running a query on the database to ensure that the entered username/password returns '1' for one record in the database, then it should proceed to a successful logon page.

The query runs, but I am unsure how I get the count (of 1) onto the

if($sql==1){

line. I know it's not $sql, as this would just output the query, not the output of the query.

If anyone could shed some light on this I would be very happy!

<?php
ob_start();
$host="localhost"; // Host name 
$username="username"; // Mysql username 
$password="password"; // Mysql password 
$db_name="databasename"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("Admin Error: cannot connect"); 
mysql_select_db("$db_name")or die(" Admin Error: cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// Encrypt password
//$encrypted_mypassword=md5($mypassword);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

// The answer to this should be 1
//$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";
$sql=("SELECT count(*) FROM $tbl_name WHERE username='$myusername' and password='$mypassword';");

// If result matched $myusername and $mypassword, table row must be 1 row
if($sql==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "User Error: Wrong Username or Password<br>";
}

ob_end_flush();
?>

jgetner

well you set up the query inside the variable $sql and in that query you tell the query to count the selected results.

witch should be 1 i figure from your code. but another thing you do not have any query's running you make the query a string bit you do not call mysql_query() as well your connection needs a $variable that can hold the link or the connection.

emetib

I read
http://php.net/manual/en/function.mysql-field-table.php
and now am very confused.

I have 2 tables I'm working with which I'd like to include in a number of functions.

posts
('post.id', 'title', 'body')

users
('user_id', 'username', 'password')

I wish get the fields directly from the tables and specify that their fields are arrays.

your input is appreciated.

aaronmm

jgetner - Thanks for the quick reply!

I've set up the query in the variable $sql, which counts the rows, which is 1, so I don't need to touch this again?

But what you are saying is that I need to run another query, to make the first query into a string and then I call mysql_query().
and
I also need a $variable that holds the link/connection?

Could you elaborate a little, I'm a little lost, completely new to PHP!

jgetner

you haven't ran any query's from what i have seen, you only connected to mysql and that is it.


// your original code...... example cut off
mysql_connect($hostname , $username , $password)


//what it should be

$link = mysql_connect($hostname , $username , $password) etc...

aaronmm

I have added myslq_query()

I'm not sure if I have done this right, well, I assume I've done it wrong as it is still not working..

<?php
ob_start();
$host="localhost"; // Host name 
$username="username"; // Mysql username 
$password="password"; // Mysql password 
$db_name="dbname"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("Admin Error: cannot connect"); 
mysql_select_db("$db_name")or die(" Admin Error: cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// Encrypt password
//$encrypted_mypassword=md5($mypassword);

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

// The answer to this should be 1
//$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";
$sql=("SELECT count(*) FROM $tbl_name WHERE username='$myusername' and password='$mypassword';");

$result=mysql_query($sql);

// If result matched $myusername and $mypassword, table row must be 1 row
if($result==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "User Error: Wrong Username or Password<br>";
echo $myusername;
echo $mypassword;
}

ob_end_flush();
?>

jgetner

the connection link needs to be in mysql query aswell? you should take alook at the manual on mysql query's i think that will give you the best possible answers to your problems

aaronmm

Ah, I see! I have added the $link..

I now have:

$link = mysql_connect("$host", "$username", "$password")or die("Admin Error: cannot connect");

and

$sql="SELECT COUNT (*) FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

$result = mysql_query($sql,$link);

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

However,

$count=mysql_num_rows($result);

Gives out a bool, not an int, so it's still not working.. 🙁

Thanks for your help so far, I know these things are probably really simple, but when you're first starting out they seem so tough!

emetib

sry had just heard mom went to ER so my head was not in right place and could not delete my post once I clicked submit reply.
Didn't mean to hijack your thread.

NOW regarding Your 'Simple' login script ...

1st off have you created the files you will need?

A database with tables and filled it with some data?

Create database
Create file main_login.php.
Create file checklogin.php.
Create file login_success.php.
Create file logout.php

MyDBTest_sql.php

<?php
$con = mysql_connect("localhost","peter","abc123");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

if (mysql_query("CREATE DATABASE my_db_test",$con))
  {
  echo "Database created";
  }
else
  {
  echo "Error creating database: " . mysql_error();
  }

mysql_close($con);


// Create table
mysql_select_db("my_db_test", $con);
$sql = CREATE TABLE `members` (
  `id` int(11) NOT NULL auto_increment,
  `username` varchar(25) NOT NULL default '',
  `password` varchar(15) NOT NULL default '',
  PRIMARY KEY (`id`)
  ) TYPE=MyISAM AUTO_INCREMENT=2 ;

-- 
  -- Dumping data for table `members`
  -- 

INSERT INTO `members` VALUES (1, 'john', '1234');

// Execute query
mysql_query($sql,$con);

mysql_close($con);
?>

main_login.php
Build your login in HTML form in this file.

I have not used Output Buffering With PHP so am not sure what you are attempting here.

I found a nice article on devshed that may assist you.
http://www.devshed.com/c/a/PHP/Output-Buffering-With-PHP/

and this tutorial
http://www.tutorialspalace.com/2010/07/php-login-script-tutorial/

aaronmm

emetib - Thanks for the reply!

The tutorial you have gave is the one I'm working from, apart from it doesn't work!

My database is fine and I have all of the other files..

It's this bit that is going wrong:

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
  $result=mysql_query($sql);
// Mysql_num_row is counting table row
  $count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

It never returns 1!

I'm now getting this error:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/aaronmon/public_html/project/checklogin.php on line 33

Thanks again for your replies!

aaronmm

Been playing around, if I change the $sql to this:

$sql="SELECT COUNT(*) FROM members WHERE username='john' and password='1234'";

instead of

//$sql="SELECT COUNT (*) FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

It works, but obvioulsy this allways returns a value of '1' so you can log in with any details.

What is wrong with my second php statement?

emetib

you have to start testing it.
Warning: mysql_num_rows() expects parameter 1 to be resource,

Usually means unable to execute the query.

So test


$count=mysql_num_rows($result); 
echo 'POSTS: '.$count;

$result = mysql_query($sql)
 or die('Invalid query: ' . mysql_error());

]

aaronmm

By running the script you have gave me, it give me:

POSTS: 1

But it gives 1 if I enter the right or wrong username/pass...

$sql="SELECT COUNT(*) FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

$result = mysql_query($sql,$link);

$count=mysql_num_rows($result); 
echo 'POSTS: '.$count; 

$result = mysql_query($sql) 
or die('Invalid query: ' . mysql_error());

dabdura

Hello there
you don't need SELECT count(*) with mysql_num_rows

this should work:


$sql=mysql_query("SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword';");
$count = mysql_num_rows($sql);

// If result matched $myusername and $mypassword, table row must be 1 row 
if($count==1){

aaronmm

I'm sure I already tried this, but it actually works!

Thank you very much! I've been tearing my hair out over this!