Topic: MySQL Query Problems

[angelfish723]

I am creating a website where there will be about 125 users. They will each be given their username and password (actually, all passwords will be the exact same, only the username will vary). So there is no registration step, they just go to the website they are given, where they will see a login form with fields for username and password, enter in what they were given, and they should be able to enter the password protected area. I'm connecting to the database just fine, but I think my problem lies in the query. Below is my PHP code (with placeholders for the database information), as well as a screen shot of the table in my database (which only has 2 users in it right now, for testing purposes). If anyone is able to help me, that would be greatly appreciated!

<?php

//Start session

session_start();

//Include database connection details

require_once('config.php');

//Array to store validation errors

$errmsg_arr = array();

//Validation error flag

$errflag = false;

//Connect to mysql server

$link = mysql_connect('host','username', 'password');

if(!$link) {

die('Failed to connect to server: ' . mysql_error());

}

//Select database

$db = mysql_select_db('database');

if(!$db) {

die("Unable to select database");

}

//Function to sanitize values received from the form. Prevents SQL injection

function clean($str) {

$str = @trim($str);

if(get_magic_quotes_gpc()) {

$str = stripslashes($str);

}

return mysql_real_escape_string($str);

}

//Input Validations

if($login == '') {

$errmsg_arr[] = 'Login ID missing';

$errflag = true;

}

if($password == '') {

$errmsg_arr[] = 'Password missing';

$errflag = true;

}

//If there are input validations, redirect back to the login form

if($errflag) {

$_SESSION['ERRMSG_ARR'] = $errmsg_arr;

session_write_close();

header("location: login-form.php");

exit();

}

//Create query

$sql = "SELECT * FROM users WHERE user = 'username' AND pass = 'password'"; 

$result = mysql_query($sql);

//Check whether the query was successful or not

if($result) {

if(mysql_num_rows($result) == 1) {

//Login Successful

$_SESSION['user'] = $username;

$_SESSION['pass'] = $password;

//$_SESSION['full_names'] = $full_names;

header("location: member-index.php");

exit();

}else {

//Login failed

header("location: login-failed.php");

exit();

}

}else {

die("Query failed");

}
?>

THANKS!

[attachment deleted by admin]

[kickstart]

Hi

Don't you want to check that the userid and password are the contents of the variables $username and $password rather than just the strings 'username' and 'password'?

All the best

Keith

[angelfish723]

Oh yes, I'm sorry... I did have that in there, I just copied the wrong file. So my query section looks like this:

//Create query

$sql = "SELECT * FROM users WHERE user = '$username' AND pass = '$password'"; 

$result=mysql_query($sql);

//Check whether the query was successful or not

if($result) {

if(mysql_num_rows($result) == 1) {

//Login Successful

$_SESSION['user'] = $username;

$_SESSION['pass'] = $password;

$_SESSION['full_names'] = $full_names;

header("location: member-index.php");

exit();

}else {

//Login failed

header("location: login-failed.php");

exit();

}

}else {

die("Query failed");

}


And it just takes me to the Login Failed page...

[kickstart]

Hi

Can't spot anything in that fragment of code. I would suggest that possibly $username or $password are not set (in your first code fragment it looks like you have used $username or $login), as nothing in there explicitly setting values to them (you could have register globals turned on but this isn't recommended).

All the best

Keith

[mikosiko]

will help if you tell us what exactly the problem is... what is not working?... any error message?

[angelfish723]

What happens is I don't get redirected to the page that is password protected. I only get the Login Failed page.

Also, I tried to log in without entering a username or password, to see if I would get any errors (i.e. Login I.D. missing, or Password missing) but that doesn't come up either. It just basically refreshes the login page... which is what it's supposed to do, but it's supposed to come up with an error message for the user. So I'm wondering if there's a problem within that section of code, which is below:

//Input Validations

if($username == '') {

$errmsg_arr[] = 'Login ID missing';

$errflag = true;

}

if($password == '') {

$errmsg_arr[] = 'Password missing';

$errflag = true;
}

//If there are input validations, redirect back to the login form

if($errflag) {

$_SESSION['ERRMSG_ARR'] = $errmsg_arr;

session_write_close();

header("location: login-form.php");

exit();

}

[mikosiko]

just a simple debug to start...

in your first code.... under this lines

$sql = "SELECT * FROM users WHERE user = '$username' AND pass = '$password'"; 

$result=mysql_query($sql);

add this
        echo "Rows : " . mysql_num_rows($result);

and tell us what do you get

[kickstart]

Hi

As above, but also add echo "$sql <br />";

All the best

Keith

[angelfish723]

Those didn't change anything, but I think I screwed something up because all I'm getting is the login in page over and over. I'm going to fix what I've done, then try both of your debugging tests and I'll let you know what happens.

Thanks!

[kickstart]

Hi

Just to be sure, after the 2 echo statements put an exit; to force the end of the script.

All the best

Keith