Login Process Problems

[Mat_dennison]

Hi

 

Im doing a login for a website I've built and Im having troubles,

 

The connection to the actual database works fine, no errors,  but when trying to verify data in the database to log on and get to a secure area i just get the incorrect username or password that i created for when details are incorrect.

 

heres the code where the problem lies

 

Any help would be appreciated

 

<?php
session_start();
require("db_connect.php");

$username = $_POST['uname'];  
$password = $_POST['pword'];

$sql = "SELECT * 
		FROM login_details 
		WHERE username='$username' 
		AND password='$password'";
$results = mysql_query($sql, $connect);
$numofrows = mysql_num_rows($results);
if ($numofrows == 1) {
	$_SESSION['username'] = $row['username'];
	$_SESSION['loggedin'] = true;
	header ("Location: secure_page.php");
	die();
} else { 
	$_SESSION['error']= "Icorrect Username Or Password"; 
	header("Location: login.php");
	die();
	}

?>

 

[Pikachu2000]

What have you done to debug it? Have you echoed the query string to make sure it holds the values you'd expect it to hold?

[Mat_dennison]

I am still learning PHP atm, so im not sure how you would go about holding the values

[Pikachu2000]

First, change the line that executes the query to:

 

$results = mysql_query($sql, $connect) or die( "<br>Query string: $sql<br>Failed with error: " . mysql_error() );

[Mat_dennison]

ok ive done that

[Pikachu2000]

And what happened? Any error messages returned? Whit screen? Or . . .?

[Mat_dennison]

it just come up with the incorrect username password message

[Pikachu2000]

OK. Let's echo the query regardless of whether there's an error or not then. Add  the indicated line, and post it's output.

 

$sql = "SELECT * 
FROM login_details 
WHERE username='$username' 
AND password='$password'";
echo "<br>Query string: $sql<br>"; // <---- Add that line
$results = mysql_query($sql, $connect);

[Mat_dennison]

still the same problem there, incorrect user....

[Pikachu2000]

And what was the output of the line that you added, starting with "Query string: . . . " ?

[Mat_dennison]

sorry my bad, didnt know wat you meant first hand,

 

screen was white and this is all that come up

 

Query string: SELECT * FROM login_details WHERE username='Mat' AND password='pie'

[Pikachu2000]

Now paste that in to phpMyAdmin (assuming you use it) and see what, if any results are returned from it.

[Mat_dennison]

there are no results shown up

 

also i tried the other username on the database, and it worked, but using mine, got everything exactly the same as the database and it comes with the "incorrect...." message

[BlueSkyIS]

obviously, there is no record in the table login_details WHERE username='Mat' AND password='pie'

 

Perhaps there is a difference in capitalization or spelling, or there is additional space(s) on the values in the table.

[Mat_dennison]

i've found out wat was stopping it from working

in the code there was this

 

 if ($numofrows == 1) { 

 

this has been 1 the whole time when i changed it to 0

 if ($numofrows == 0) { 

both worked and when changed to 2 only mine worked,

 

[Mat_dennison]

is this a problem to be left at 0?

[Pikachu2000]

Then that indicates a problem with the integrity of the data. A username/password SELECT query should only ever match exactly zero or exactly one record. If it matches zero, the record doesn't exist, which isn't a problem. If it matches one record, the password and username pair exist, and were entered correctly. If more than one match is found, the results should be considered ambiguous, and the login process should be halted immediately. After all, if more than one user has the same username/password combination, that is a serious design flaw.

[Mat_dennison]

Excelent,

thanks very much for all your help  much appreciated