Jump to content

PHP Login Issues

VicHost

By VicHost
in PHP Coding Help

 Share

Recommended Posts

VicHost Newbie

VicHost

Posted
Posted

Hi folks, me again. :P

 

I am trying to create the login for the admin section of my project, but facing issues again.

 

I can't seem to get the code to check to see if the username and password submitted through the login form is correct as per what is in the database.

 

Here is the form:

<form action="authenticate.php" method="post" name="frmLogin" id="frmLogin">
<table width="400" border="1" align="center" cellpadding="2" cellspacing="2">
<tr>
<td width="150">User Id</td>
<td><input name="txtUserId" type="text" id="txtUserId"></td>
</tr>
<tr>
<td width="150">Password</td>
<td><input name="txtPassword" type="password" id="txtPassword"></td>
</tr>
<tr>
<td width="150"> </td>
<td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
</tr>
</table>
</form>

 

The authenticate.php:

 

<?php
session_start(); // Start a new session
require('../config/config.php'); // Holds all of our database connection information

// Get the data passed from the form
$username = $_POST['user'];
$password = $_POST['password'];

// Do some basic sanitizing
$username = stripslashes($username);
$password = stripslashes($password);

$sql = "select * from users where username = '$username' and password = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );

$count = 0;

while ($line = mysql_fetch_assoc($result)) {
 $count++;
}
?>

 

The errors I get:

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'danoid'@'localhost' (using password: NO) in /home/danoid/public_html/admin/authenticate.php on line 14

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/danoid/public_html/admin/authenticate.php on line 14
Access denied for user 'danoid'@'localhost' (using password: NO)

 

Any one got any ideas?

Link to comment
Share on other sites
VicHost Newbie

VicHost

Posted
  • Author
Posted

Maybe I should point out that I am new to this and quite often the error messages tell me nothing, which is why I have posted here.

If you are not in the mood to help mate, just don't. No pressure. ;)

 

From what I can tell, I have select a database.

Link to comment
Share on other sites
VicHost Newbie

VicHost

Posted
  • Author
Posted

Hi mate,

 

The config file connects to the database. This file is called upon by the authenticate.php file to make sure that it is also being connected there.

 

In the authenticate.php file, I am selecting the database:

 

$sql = "select * from users where username = '$username' and password = '$password'";
$result = mysql_query($sql) or die ( mysql_error() );

Link to comment
Share on other sites
timmah1 Advanced Member

timmah1

Posted
Posted

Your configuration file needs to know what database to connect to to be able to connect to the table.

You have everything right BUT the database.

 

$mysql_link = mysql_connect("localhost", "USERNAME", "PASSWORD");   
    mysql_select_db("DATABASE") or die("Could not select database");

Link to comment
Share on other sites
VicHost Newbie

VicHost

Posted
  • Author
Posted

Ive been trying to follow some tuts on the net but getting nowhere pretty darn quick.

 

Here is my login.php:

 

<?
// Use session variable on this page. This function must put on the top of page.
session_start();

////// Logout Section. Delete all session variable.
session_destroy();

$message="";

////// Login Section.
$Login=$_POST['Login'];
if($Login){ // If clicked on Login button.
$username=$_POST['username'];
$md5_password=md5($_POST['password']); // Encrypt password with md5() function.

// Connect database
require "../config/config.php";

// Check matching of username and password.
$mysql_link = mysql_connect("localhost", "$db_username", "$db_password");   
    mysql_select_db("$db_database") or die("Could not select database");
if(mysql_num_rows($result)!='0'){ // If match.
session_register("username"); // Craete session username.
header("location:index.php"); // Re-direct to index.php
exit;
}else{ // If not match.
$message="--- Incorrect Username or Password ---";
}

} // End Login authorize check.
?>

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<? echo $message; ?>
<form id="form1" name="form1" method="post" action="<? echo $PHP_SELF; ?>">
<table>
<tr>
<td>User : </td>
<td><input name="username" type="text" id="username" /></td>
</tr>
<tr>
<td>Password : </td>
<td><input name="password" type="password" id="password" /></td>
</tr>
</table>
<input name="Login" type="submit" id="Login" value="Login" />
</form>
</body>
</html>

 

My config file:

<?php 
//MODIFY THIS.

$db_hostname = "localhost";       //mostly this is localhost if mysql server is running on the same machine as script.
$db_username = "danoid_site";        //database username here
$db_password = "changed_for_security";   //database password here 
$db_database = "danoid_site"; //the name of the database where you want the script installed in. 

//this are the logins for the admin part. Change them for security. 
$login = "admin";  //your login for the admin section.
$pass = "changed_for_security";   //your login for the admin section.

//set the page color here.
$backcolor = "5482C8";

//NO MODIFIYNG BELOW THIS

function database_connect(){
    global $host, $database, $user, $password;

    $link = @mysql_connect("$host","$user","$password"); 
$sql_error = mysql_error();

    if (!$link) { 
        echo "Connection with the database couldn't be made.<br>";
	echo "$sql_error"; 
        exit;
    }
  
   if (!@mysql_select_db("$database")) {; 
        echo "The database couldn't be selected.";
        exit;
    }
   return $link;
}
?>

Link to comment
Share on other sites
revraz Member

revraz

Posted
Posted

Either you chopped it up or it's a horrible tutorial:

 

$mysql_link = mysql_connect("localhost", "$db_username", "$db_password");

mysql_select_db("$db_database") or die("Could not select database");

if(mysql_num_rows($result)!='0'){ // If match.

 

You are not even doing a query before you check to see if rows are returned.

 

 

Link to comment
Share on other sites
VicHost Newbie

VicHost

Posted
  • Author
Posted

Ok, got it working. :)

It logs me in etc so that's awesome.

 

Now, two other issues have arisen:

 

1. It will not let me in if I change the password in phpmyadmin to md5 encryption

 

login.php:

<?
//always start the session before anything else!!!!!!
session_start();

if(isset($_POST['username']) && $_POST['password']){

$username = $_POST['username']; //name of the text field for usernames
$password = $_POST['password']; //likewise here just for the password


//connect to the db
include "../config/config.php";
mysql_connect("$db_hostname", "$db_username", "$db_password") or die(mysql_error());
mysql_select_db("$db_database") or die(mysql_error());
//run the query to search for the username and password the match
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($query) or die("Unable to verify user because : " . mysql_error());
//this is where the actual verification happens
    if(mysql_num_rows($result) == 1){
    //the username and password match
    //so set true to yes
    $true=yes;
    //and then move them to the index page or the page to which they need to go
    header('Location: index.php?confirm=$true');
    }else{
    $err = 'Incorrect username / password.' ;
    }
    //then just above your login form or where ever you want the error to be displayed you just put in
    echo "$err";
    }


echo "<html>";
echo "<head>";
echo "</head>";
echo "<body>";
echo "<form action=\"\" method=\"POST\">";
echo "<p>username:"; 
echo "<input name=\"username\" size=\"13\" />";
echo "</p>";
echo "<p>password:";
echo "<input type=\"password\" name=\"password\" size=\"13\" />";
echo "</p>";
echo "<input type=\"submit\" name=\"login\" value=\"Login\" />";
echo "</form>";
echo "</body>";
echo "</html>";
?>

 

2. If I have the following in the beginning of my index.php I am redirected back to the login page, rather than logged in to the admin cp.

if(!isset($_SESSION) || $_SESSION !== true){
header('Location: login.php');
}


echo "You are currently logged in";

 

Without it, I can login fine.

 

Any ideas?

Link to comment
Share on other sites
VicHost Newbie

VicHost

Posted
  • Author
Posted

Thanks mate.

 

I have never done this before mate.

I tried to add it:

 

$query = "SELECT * FROM users WHERE username = '$username' AND password = 'MD5('$password')'";

But getting this error now:

Unable to verify user because : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'password removed')'' at line 1

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.