Login help in my code below

VeryNewToPhp

😕

<?php
	// Initialize the session.
	session_start();

/*authenticating information entered on the login page*/
if ($_POST['submit']=='submit')
{
	//including mysql function file
	$con = mysql_connect("localhost","dbusername","dbpassword");
if (!$con)
  {
  die('Could not connect. Please try again later');
  }

mysql_select_db("dbname", $con);



	//writing select query to authenticate the user
	$select_user_query = "select *from Users where EmailAddress ='$_POST[email]' and Password = '$_POST[password]'";

	//executing the select query
	$result = mysql_query($select_user_query, $con) or die("select_user_query failed : " . mysql_error());
	$row = mysql_fetch_array($result);

	//if row count is one, user exists
	if ($row==1)
	{
		//authentication done





		//redirecting control to the calendar page
		header("Location: Final/page.htm");

		//closing DBConnection
		mysql_close($con);

		//exiting from this page
		exit;
	}
	else
	{
		//setting error message
		header("Location: login.html");
	}
}
?>

I'm just getting the else part of the if condition getting done no matter what i give in login.html (form)... Can anyone help pls?/?? if u say anything pls tel me where i have to insert ur code as i'm very new to php..😕

VeryNewToPhp

The older comments are there( pls ignore them) as icopy pasted and modified to my knowlodge instead of including more n more files

sandthipe

in this line:

$row = mysql_fetch_array($result);

you are getting the results from your query. However, in this line:

if ($row==1)

you are looking for a number. mysql_fetch_array does not return numbers; rather, it returns an array. this test will always fail. read about the type of data (an array) that is returned by mysql_fetch_array here: http://www.php.net/manual/en/function.mysql-fetch-array.php

samuelcook

You could do one of two ways:

The way you are trying using:

$row = mysql_fetch_array($result); 
if(count($row)>0){

}

If you go this route then you are retrieving all of the information from that row, when all that you need is to know if the user is in the db or not.

an easier way would be to eliminate:: $row = mysql_fetch_array($result);
and just test the number of rows:

$result = mysql_query($select_user_query, $con) or die("select_user_query failed : " . mysql_error()); 
if( mysql_num_rows($result) > 0 ){
    //success
}else{
    //fail
}

Additionally you should use a LIMIT in your sql statement:

SELECT * FROM Users WHERE EmailAddress ='$_POST[email]' and Password = '$_POST[password]' LIMIT 1

Don't forget to escape your $_POST variables. Especially in your users table.

Hope this helps.

VeryNewToPhp

samuelcook;10986799 wrote:
You could do one of two ways:

The way you are trying using:
$row = mysql_fetch_array($result); 
if(count($row)>0){

}
If you go this route then you are retrieving all of the information from that row, when all that you need is to know if the user is in the db or not.

an easier way would be to eliminate:: $row = mysql_fetch_array($result);
and just test the number of rows:
$result = mysql_query($select_user_query, $con) or die("select_user_query failed : " . mysql_error()); 
if( mysql_num_rows($result) > 0 ){
    //success
}else{
    //fail
}
Additionally you should use a LIMIT in your sql statement:
SELECT * FROM Users WHERE EmailAddress ='$_POST[email]' and Password = '$_POST[password]' LIMIT 1
Don't forget to escape your $_POST variables. Especially in your users table.

Hope this helps.

Thanks a lot But the following code i'm using now.. it works well:

<?PHP 


$dbHost = "localhost"; 
$dbUser = "dbusername"; 
$dbPass = "dbpassword"; 
$dbDatabase = "dbname"; 



$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); 

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 

$result=mysql_query("select * from Users where EmailAddress='$_POST[email]' AND Password='$_POST[password]'", $db); 



$rowCheck = mysql_num_rows($result); 
if($rowCheck==1){ 
while($row = mysql_fetch_array($result)){ 



  session_start(); 
  session_register('email'); 

  header( "Location: Final/page.htm" ); 

  } 

  } 
  else { 



  header( "Location: login.html" );
  } 

  ?>

but i wanna knw whether i can see whether the users are logged in, if so how can i do it from db side or from server side????