Help me with some string problem.

Niixie · January 21, 2011

Hello PHPFreaks, i have 2 problems. The first problem is, that what i want help to is on my other computer. And its not possible for me to get to it atm. So i'll do it as good as i remember.

My second problem is, i made a website and i want a login on one of the pages. I made a form etc. The username field is called 'usernamebox' and the password field is called 'passwordbox'.

So, in the php part I do like this.

<?php
$username_string = $_POST['usernamebox'];
$password_string = $_POST['passwordbox'];

rest of code ...
?>

Is there any problem doing that, because my SQL server shows me error every place i try to connect it with the strings?

Valakai · January 21, 2011

The code you submitted is perfectly fine, the rest of the code you didn't probably contains the error.

Niixie · January 21, 2011

My error lines is 73-74 and two others. And line 73 and 74 is

$username_string = $_POST['usernamebox'];
$password_string = $_POST['passwordbox'];

Thanks for the quick answer

-Anyone knows where i can find a good tutorial for php login script?

Valakai · January 21, 2011

Can you please post the entire error string? There is no reason why that code would cause an error.

Niixie · January 21, 2011

The first problem is, that what i want help to is on my other computer. And its not possible for me to get to it atm.

Got a link for a tutorial?

Valakai · January 21, 2011

From a quick search

http://www.phpeasystep.com/phptu/6.html

http://www.1337labs.com/2010/12/23/multiple-admin-login-over-mysql-database-table/

http://www.php-mysql-tutorial.com/wikis/php-tutorial/basic-user-authentication.aspx

Pikachu2000 · January 21, 2011

The tutorials in the first two links you posted are obsolete, and I wouldn't recommend that anyone actually use them to try to learn anything about php.

Valakai · January 21, 2011

Well there's some value (however slight) in them, but if you need/want something more advanced I'd suggest finding some open source software and taking it apart bit by bit.

Pikachu2000 · January 21, 2011

I didn't say they weren't advanced, I said they are obsolete. There's no value whatsoever in teaching that it's a good idea to arbitrarily apply stripslashes() to form data, or that deprecated functions like session_register() should be used.

Valakai · January 21, 2011

Well I'd suggest then to search for tutorials on session_*() functions, storing/retrieving information from a database and handling form inputs.

Pikachu2000 · January 21, 2011

You're completely missing the point.

Niixie · January 22, 2011

Well Pikachu2000, you know where i could learn how to do it correctly or "In the right way"?

-I scripted Sa-mp server, where i made alot of login systems. and somehow it doesnt work with php aswell? (Yes i did change all from pawno to php ...)

Pikachu2000 · January 22, 2011

Can you post the problematic code, and the exact error it's returning?

Niixie · January 23, 2011

Theres my code:

(* means error line)

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

<table border="0">
<tr><td>Username:</td><td>
	<input type="text" name="usernamebox" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
	<input type="password" name="passbox" maxlength="60">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Login"><input type="reset" class="knapper" name="slet" value="Reset" /></th></tr> </table>
</form></center>
       
<?php			
session_start();
$conn = mysql_connect("localhost", "root", "");
mysql_select_db("phpdb");

*$username_string = $_POST['usernamebox'];
*$userpassword_string = $_POST['passbox'];

$query = sprintf("SELECT NULL FROM memberlist WHERE Username = '%s' AND Password = '%s'", 
	mysql_real_escape_string($username_string),
	mysql_real_escape_string($userpassword_string)) or die(mysql_error());

$result = mysql_query($query);

if (!$result) {
    	        $message  = 'Invalid query: ' . mysql_error() . "\n";
    		$message .= 'Whole query: ' . $query;
    		die($message);
}

if (mysql_num_rows($result) > 0){
	$_SESSION['loggedin'] = 1;
  		*$_SESSION['username'] = $_POST['usernamebox'];
  		*$_SESSION['password'] = $_POST['passwordbox'];
} else {
    		echo "<h1>Invalid login!</h1>
   	 	<p>The login was unvalid, either the password didnt match the username. Else the user isn't registered. Try again</p>";
}
?>

Errors is attached

[attachment deleted by admin]

Pikachu2000 · January 23, 2011

You have the logic backwards. You should have the php code before the form is echoed, and check to see if the form has been submitted before allowing the code to run. The notices above are all caused by attempting to use the values in the $_POST array before the form has been submitted. I've commented the code; see if it makes sense to you.

<?php
session_start();
if( $_POST['submitted'] === 'yes' ) { // Check for added hidden field to see if form has been submitted, if not don't execute code.
$conn = mysql_connect("localhost", "root", "");
mysql_select_db("phpdb");
array_map('trim', $_POST); // run the $_POST array through trim() to get rid of extra whitespace
$username_string = !empty($_POST['usernamebox']) ? $_POST['usernamebox'] : ''; // If $_POST['usernambox'] has a value, assign it to $uername_string
$userpassword_string = !empty($_POST['passbox']) ? $_POST['passbox'] : ''; // If $_POST['passbox'] has a value, assign it to $userpassword_string
$query = sprintf("SELECT NULL FROM memberlist WHERE Username = '%s' AND Password = '%s'",
mysql_real_escape_string($username_string),
mysql_real_escape_string($userpassword_string)) or die(mysql_error());
$result = mysql_query($query);
if (!$result) {
	$message
	= 'Invalid query: ' . mysql_error() . "\n";
	$message .= 'Whole query: ' . $query;
	die($message);
}
if (mysql_num_rows($result) > 0) {
	$_SESSION['loggedin'] = 1;
	$_SESSION['username'] = $username_string; // use the variables that already have the trim()med values assigned, rather than $_POST values
	$_SESSION['password'] = $userpassword_string; // not a great idea to store a password in a $_SESSION variable
} else {
	echo "<h1>Invalid login!</h1>
<p>The login was unvalid, either the password didnt match the username. Else the user isn't registered. Try again</p>";
}
}
?>
<form action="" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="usernamebox" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="passbox" maxlength="60">
<input type="hidden" name="submitted" value="yes"><!-- ADDED HIDDEN FIELD TO BETTER TEST FOR FOR SUBMISSION -->
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Login"><input type="reset" class="knapper" name="slet" value="Reset" /></th></tr> </table>
</form></center>

Niixie · January 23, 2011

Why isn't there any detailed tutorial on how to make a login system in php?

-How to store variables so they can be used in all pages etc. I'd like that...

Sign In

Help me with some string problem.

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information