Back To Programming / Scripting / Coding Forum

login code

  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1240
  • Loc: UK
  • Status: Offline

Post July 30th, 2004, 8:39 am

Ok, im just experimenting here...

here is the code:

PHP Code: [ Download ] [ Select ]
include "../req/functions.php";
 
 
 
if (isset($loginvars['submit'])) {
 
 
 
 
 
if ( $loginvars['user'] == "" ) { $uerror = $loginerrors['nouser']; }
 
if ( $loginvars['pass'] == "" ) { $uerror = $loginerrors['nopass']; }
 
if ( $loginvars['user'] == "" && $loginvars['pass'] == "" ) { $uerror = $loginerrors['noinput']; }
 
 
 
 
 
include "../req/connect.php";
 
$query = ("SELECT * FROM `gs_admin` WHERE `id` = 1");
 
while ($row = mysql_fetch_array($query)) {
 
$sqluser = $row['user'];
 
$sqlpass = $row['pass'];
 
 
 
    if(!$sqluser || !$sqlpass){ $uerror = $loginerrors['nodata']; }
 
    else{
 
        if($sqluser == $loginvars['user'] && $sqlpass == $loginvars['pass']){
 
         
 
         echo "Welcome";
 
         
 
        }
 
        else { $uerror = $loginerrors['incorrectinput']; }
 
 
 
}
 
}
  1. include "../req/functions.php";
  2.  
  3.  
  4.  
  5. if (isset($loginvars['submit'])) {
  6.  
  7.  
  8.  
  9.  
  10.  
  11. if ( $loginvars['user'] == "" ) { $uerror = $loginerrors['nouser']; }
  12.  
  13. if ( $loginvars['pass'] == "" ) { $uerror = $loginerrors['nopass']; }
  14.  
  15. if ( $loginvars['user'] == "" && $loginvars['pass'] == "" ) { $uerror = $loginerrors['noinput']; }
  16.  
  17.  
  18.  
  19.  
  20.  
  21. include "../req/connect.php";
  22.  
  23. $query = ("SELECT * FROM `gs_admin` WHERE `id` = 1");
  24.  
  25. while ($row = mysql_fetch_array($query)) {
  26.  
  27. $sqluser = $row['user'];
  28.  
  29. $sqlpass = $row['pass'];
  30.  
  31.  
  32.  
  33.     if(!$sqluser || !$sqlpass){ $uerror = $loginerrors['nodata']; }
  34.  
  35.     else{
  36.  
  37.         if($sqluser == $loginvars['user'] && $sqlpass == $loginvars['pass']){
  38.  
  39.          
  40.  
  41.          echo "Welcome";
  42.  
  43.          
  44.  
  45.         }
  46.  
  47.         else { $uerror = $loginerrors['incorrectinput']; }
  48.  
  49.  
  50.  
  51. }
  52.  
  53. }


this is on top of the form.... i do not have an else statement underneath because i want any errors to show in the form itself... meaning the form should always be there.

When i made this code, not even the form shows now..... Can anyone spot any errors?!
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post July 30th, 2004, 8:39 am

Post July 30th, 2004, 9:05 am

Here I changed your code somewhat.
I don't know where you got $loginvars from but I dropped all of those.
PHP Code: [ Download ] [ Select ]
include "../req/functions.php";
 
 
 
if ($_POST['submit']) {
 
   if ( $_POST['user'] == "" ) {
 
      $uerror = $loginerrors['nouser'];
 
   }
 
   if ( $_POST['pass'] == "" ) {
 
      $uerror = $loginerrors['nopass'];
 
   }
 
   if ( $POST['user'] == "" && $POST['pass'] == "" ) {
 
      $uerror = $loginerrors['noinput'];
 
   }
 
   include "../req/connect.php";
 
   $md5pass = md5($_POST['password']);
 
   $query = ("SELECT * FROM `gs_admin` WHERE `user` = '$_POST[user]' AND `pass` = '$md5pass' LIMIT 1");
 
   if(mysql_num_rows($query) > 0) {
 
      $user = mysql_fetch_object($query);
 
      echo "Welcome $user->user";
 
      // set the cookie and/or sessions depending on what you use.
 
   } else {
 
      $uerror = $loginerrors['incorrectinput'];
 
   }
 
}
  1. include "../req/functions.php";
  2.  
  3.  
  4.  
  5. if ($_POST['submit']) {
  6.  
  7.    if ( $_POST['user'] == "" ) {
  8.  
  9.       $uerror = $loginerrors['nouser'];
  10.  
  11.    }
  12.  
  13.    if ( $_POST['pass'] == "" ) {
  14.  
  15.       $uerror = $loginerrors['nopass'];
  16.  
  17.    }
  18.  
  19.    if ( $POST['user'] == "" && $POST['pass'] == "" ) {
  20.  
  21.       $uerror = $loginerrors['noinput'];
  22.  
  23.    }
  24.  
  25.    include "../req/connect.php";
  26.  
  27.    $md5pass = md5($_POST['password']);
  28.  
  29.    $query = ("SELECT * FROM `gs_admin` WHERE `user` = '$_POST[user]' AND `pass` = '$md5pass' LIMIT 1");
  30.  
  31.    if(mysql_num_rows($query) > 0) {
  32.  
  33.       $user = mysql_fetch_object($query);
  34.  
  35.       echo "Welcome $user->user";
  36.  
  37.       // set the cookie and/or sessions depending on what you use.
  38.  
  39.    } else {
  40.  
  41.       $uerror = $loginerrors['incorrectinput'];
  42.  
  43.    }
  44.  
  45. }

I also cleaned it up a bit to make it look a bit more readable.
And if you don't have your passwords md5ed then you should do so.
Hope this helps.
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1240
  • Loc: UK
  • Status: Offline

Post July 30th, 2004, 9:20 am

i want to show an error if there is no username and password in the database, and also if its incorrect
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1240
  • Loc: UK
  • Status: Offline

Post July 30th, 2004, 9:21 am

this is why i had

PHP Code: [ Download ] [ Select ]
 
    if(!$sqluser || !$sqlpass){
 
$uerror = $loginerrors['nodata'];
 
}
 
 
 
 
  1.  
  2.     if(!$sqluser || !$sqlpass){
  3.  
  4. $uerror = $loginerrors['nodata'];
  5.  
  6. }
  7.  
  8.  
  9.  
  10.  
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.

Post July 30th, 2004, 9:25 am

Well then something like this?
PHP Code: [ Download ] [ Select ]
include "../req/functions.php";
 
 
 
if ($_POST['submit']) {
 
   $errCount = "0";
 
   if ( $_POST['user'] == "" ) {
 
      $uerror = "$uerror$loginerrors[nouser]<br>";
 
      $errCount = $errCount + 1;
 
   }
 
   if ( $_POST['pass'] == "" ) {
 
      $uerror = "$uerror$loginerrors[nopass]<br>";
 
      $errCount = $errCount + 1;
 
   }
 
   if ( $POST['user'] == "" && $POST['pass'] == "" ) {
 
      $uerror = "$uerror$loginerrors[noinput]<br>";
 
      $errCount = $errCount + 1;
 
   }
 
   if($errCount > 0) {
 
      echo $uerror;
 
   } else {
 
      include "../req/connect.php";
 
      $md5pass = md5($_POST['password']);
 
      $query = ("SELECT * FROM `gs_admin` WHERE `user` = '$_POST[user]' AND `pass` = '$md5pass' LIMIT 1");
 
      if(mysql_num_rows($query) > 0) {
 
         $user = mysql_fetch_object($query);
 
         echo "Welcome $user->user";
 
         // set the cookie and session if you use sessions.
 
      } else {
 
         $uerror = $loginerrors['incorrectinput'];
 
      }
 
   }
 
}
  1. include "../req/functions.php";
  2.  
  3.  
  4.  
  5. if ($_POST['submit']) {
  6.  
  7.    $errCount = "0";
  8.  
  9.    if ( $_POST['user'] == "" ) {
  10.  
  11.       $uerror = "$uerror$loginerrors[nouser]<br>";
  12.  
  13.       $errCount = $errCount + 1;
  14.  
  15.    }
  16.  
  17.    if ( $_POST['pass'] == "" ) {
  18.  
  19.       $uerror = "$uerror$loginerrors[nopass]<br>";
  20.  
  21.       $errCount = $errCount + 1;
  22.  
  23.    }
  24.  
  25.    if ( $POST['user'] == "" && $POST['pass'] == "" ) {
  26.  
  27.       $uerror = "$uerror$loginerrors[noinput]<br>";
  28.  
  29.       $errCount = $errCount + 1;
  30.  
  31.    }
  32.  
  33.    if($errCount > 0) {
  34.  
  35.       echo $uerror;
  36.  
  37.    } else {
  38.  
  39.       include "../req/connect.php";
  40.  
  41.       $md5pass = md5($_POST['password']);
  42.  
  43.       $query = ("SELECT * FROM `gs_admin` WHERE `user` = '$_POST[user]' AND `pass` = '$md5pass' LIMIT 1");
  44.  
  45.       if(mysql_num_rows($query) > 0) {
  46.  
  47.          $user = mysql_fetch_object($query);
  48.  
  49.          echo "Welcome $user->user";
  50.  
  51.          // set the cookie and session if you use sessions.
  52.  
  53.       } else {
  54.  
  55.          $uerror = $loginerrors['incorrectinput'];
  56.  
  57.       }
  58.  
  59.    }
  60.  
  61. }
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1240
  • Loc: UK
  • Status: Offline

Post July 30th, 2004, 10:01 am

blank page all the time, something to do with:

PHP Code: [ Download ] [ Select ]
 
     include "../req/connect.php";
 
     $query = ("SELECT * FROM `gs_admin` WHERE `id` = 1");
 
     $row = mysql_fetch_array($query);
 
     $sqluser = $row['user'];
 
     $sqlpass = $row['pass'];
 
     if(!$sqluser || !$sqlpass){ $uerror = $loginerrors['nodata']; }{
 
  } else {
 
       if($sqluser == $loginvars['user'] && $sqlpass == $loginvars['pass']){
 
         echo "Welcome";
 
    } else {
 
               $uerror = $loginerrors['incorrectinput'];  
 
          }
 
     }
 
 
  1.  
  2.      include "../req/connect.php";
  3.  
  4.      $query = ("SELECT * FROM `gs_admin` WHERE `id` = 1");
  5.  
  6.      $row = mysql_fetch_array($query);
  7.  
  8.      $sqluser = $row['user'];
  9.  
  10.      $sqlpass = $row['pass'];
  11.  
  12.      if(!$sqluser || !$sqlpass){ $uerror = $loginerrors['nodata']; }{
  13.  
  14.   } else {
  15.  
  16.        if($sqluser == $loginvars['user'] && $sqlpass == $loginvars['pass']){
  17.  
  18.          echo "Welcome";
  19.  
  20.     } else {
  21.  
  22.                $uerror = $loginerrors['incorrectinput'];  
  23.  
  24.           }
  25.  
  26.      }
  27.  
  28.  


something in there
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Cafu
  • Student
  • Student
  • No Avatar
  • Joined: Jul 15, 2004
  • Posts: 97
  • Status: Offline

Post July 30th, 2004, 10:53 am

put echo statements after every line like:

Code: [ Download ] [ Select ]
$query = ("SELECT * FROM `gs_admin` WHERE `id` = 1");
echo ($query."<br>"););
$row = mysql_fetch_array($query);
echo("did query<br>");
$sqluser = $row['user'];
echo("user= ".$sqluser."<br>");
$sqlpass = $row['pass'];
echo("pass= ".$sqlpass ."<br>");
  1. $query = ("SELECT * FROM `gs_admin` WHERE `id` = 1");
  2. echo ($query."<br>"););
  3. $row = mysql_fetch_array($query);
  4. echo("did query<br>");
  5. $sqluser = $row['user'];
  6. echo("user= ".$sqluser."<br>");
  7. $sqlpass = $row['pass'];
  8. echo("pass= ".$sqlpass ."<br>");


etc, etc.

right now you need to know which line causes the error. This is a primitive way of finding out, but it works.
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1240
  • Loc: UK
  • Status: Offline

Post July 30th, 2004, 10:56 am

I have been trying to do that using:

PHP Code: [ Download ] [ Select ]
 
<?PHP
 
     include "../req/connect.php";
 
   
 
     $query = ("SELECT * FROM `gs_admin` WHERE id = 1");
 
     $result = MYSQL_QUERY($query);
 
     $row = mysql_fetch_row($result);
 
 
 
     $sqluser = $row['user'];
 
     $sqlpass = $row['pass'];
 
     
 
     echo $sqluser;
 
     echo "<BR>";
 
     echo $sqlpass;  
 
?>
 
 
  1.  
  2. <?PHP
  3.  
  4.      include "../req/connect.php";
  5.  
  6.    
  7.  
  8.      $query = ("SELECT * FROM `gs_admin` WHERE id = 1");
  9.  
  10.      $result = MYSQL_QUERY($query);
  11.  
  12.      $row = mysql_fetch_row($result);
  13.  
  14.  
  15.  
  16.      $sqluser = $row['user'];
  17.  
  18.      $sqlpass = $row['pass'];
  19.  
  20.      
  21.  
  22.      echo $sqluser;
  23.  
  24.      echo "<BR>";
  25.  
  26.      echo $sqlpass;  
  27.  
  28. ?>
  29.  
  30.  


Nothing what so ever.
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1240
  • Loc: UK
  • Status: Offline

Post July 30th, 2004, 10:58 am

I just checked phpmyadmin, all the details are there, even the ID
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Cafu
  • Student
  • Student
  • No Avatar
  • Joined: Jul 15, 2004
  • Posts: 97
  • Status: Offline

Post July 30th, 2004, 11:02 am

two things:

1) when doing echo commands like that, do them like this:
Code: [ Download ] [ Select ]
echo "user: ".$sqluser;

Without putting some other text in there, you can't be sure what is happening. Maybe those values are blank, maybe we are never even reaching that line of code. Putting some other text in there narrows it down.

2) If i had to guess, I'd say this line is causing the error for some reason:
Quote:
$result = MYSQL_QUERY($query);


you might want to try something like:

Code: [ Download ] [ Select ]
    if (! $result) {
            echo "<h2>Can't execute query</h2>";
            echo "<pre>" . htmlspecialchars($query) . "</pre>";
            echo "<p><b>MySQL Error</b>: ", mysql_error();
    }
  1.     if (! $result) {
  2.             echo "<h2>Can't execute query</h2>";
  3.             echo "<pre>" . htmlspecialchars($query) . "</pre>";
  4.             echo "<p><b>MySQL Error</b>: ", mysql_error();
  5.     }
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1240
  • Loc: UK
  • Status: Offline

Post July 30th, 2004, 11:07 am

it shows:

Quote:
user:
pass:


Preview: http://dhost.info/gmforum/rethink/admin/testlog.php

Mind the pop up, its a free service after all.
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Cafu
  • Student
  • Student
  • No Avatar
  • Joined: Jul 15, 2004
  • Posts: 97
  • Status: Offline

Post July 30th, 2004, 11:12 am

ok, so now you know its not crapping out before those echo statements, but you are not getting valid values in your variables.

I'd try these two things to narrow it down.

add:
Code: [ Download ] [ Select ]
echo "rows found: ". mysql_num_rows($result) . "<br>"

after
Code: [ Download ] [ Select ]
$result = MYSQL_QUERY($query);


also, if you are getting a row, try changing the lines where you set your variables to:
Code: [ Download ] [ Select ]
   $sqluser = $row[0];
   $sqlpass = $row[1];
  1.    $sqluser = $row[0];
  2.    $sqlpass = $row[1];
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1240
  • Loc: UK
  • Status: Offline

Post July 30th, 2004, 11:16 am

code:

PHP Code: [ Download ] [ Select ]
 
<?PHP
 
     include "../req/connect.php";
 
   
 
     $query = ("SELECT * FROM `gs_admin` WHERE id = 1");
 
     
 
       echo "rows found: ". mysql_num_rows($result) . "<br>";
 
       
 
     
 
       $result = MYSQL_QUERY($query);
 
       
 
          if (! $result) {
 
                        echo "<h2>Can't execute query</h2>";
 
                        echo "<pre>" . htmlspecialchars($query) . "</pre>";
 
                        echo "<p><b>MySQL Error</b>: ", mysql_error();
 
       }
 
       
 
     $row = mysql_fetch_row($result);
 
 
 
     $sqluser = $row['user'];
 
     $sqlpass = $row['pass'];
 
     
 
     echo "user: ".$sqluser; ;
 
     echo "<BR>";
 
     echo "pass: ".$sqlpass; ;   
 
?>
 
 
  1.  
  2. <?PHP
  3.  
  4.      include "../req/connect.php";
  5.  
  6.    
  7.  
  8.      $query = ("SELECT * FROM `gs_admin` WHERE id = 1");
  9.  
  10.      
  11.  
  12.        echo "rows found: ". mysql_num_rows($result) . "<br>";
  13.  
  14.        
  15.  
  16.      
  17.  
  18.        $result = MYSQL_QUERY($query);
  19.  
  20.        
  21.  
  22.           if (! $result) {
  23.  
  24.                         echo "<h2>Can't execute query</h2>";
  25.  
  26.                         echo "<pre>" . htmlspecialchars($query) . "</pre>";
  27.  
  28.                         echo "<p><b>MySQL Error</b>: ", mysql_error();
  29.  
  30.        }
  31.  
  32.        
  33.  
  34.      $row = mysql_fetch_row($result);
  35.  
  36.  
  37.  
  38.      $sqluser = $row['user'];
  39.  
  40.      $sqlpass = $row['pass'];
  41.  
  42.      
  43.  
  44.      echo "user: ".$sqluser; ;
  45.  
  46.      echo "<BR>";
  47.  
  48.      echo "pass: ".$sqlpass; ;   
  49.  
  50. ?>
  51.  
  52.  


preview: http://dhost.info/gmforum/rethink/admin/testlog.php

its 'crapping' nothing out at all, not even rows.
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Cafu
  • Student
  • Student
  • No Avatar
  • Joined: Jul 15, 2004
  • Posts: 97
  • Status: Offline

Post July 30th, 2004, 11:19 am

you need to put the mysql_num_rows after the $result = MYSQL_QUERY($query); line
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1240
  • Loc: UK
  • Status: Offline

Post July 30th, 2004, 11:24 am

ok

preview: http://dhost.info/gmforum/rethink/admin/testlog.php

code:
PHP Code: [ Download ] [ Select ]
 
<?PHP
 
     include "../req/connect.php";
 
   
 
     $query = ("SELECT * FROM `gs_admin` WHERE id = 1");
 
 
 
       $result = MYSQL_QUERY($query);
 
       
 
       echo "rows found: ". mysql_num_rows($result) . "<br>";
 
       
 
       if (! $result) {
 
     echo "<h2>Can't execute query</h2>";
 
     echo "<pre>" . htmlspecialchars($query) . "</pre>";
 
     echo "<p><b>MySQL Error</b>: ", mysql_error();
 
     }
 
       
 
     $row = mysql_fetch_row($result);
 
 
 
     $sqluser = $row[0];
 
     $sqlpass = $row[1];
 
     
 
     echo "user: ".$sqluser;
 
     echo "<BR>";
 
     echo "pass: ".$sqlpass;  
 
?>
 
 
  1.  
  2. <?PHP
  3.  
  4.      include "../req/connect.php";
  5.  
  6.    
  7.  
  8.      $query = ("SELECT * FROM `gs_admin` WHERE id = 1");
  9.  
  10.  
  11.  
  12.        $result = MYSQL_QUERY($query);
  13.  
  14.        
  15.  
  16.        echo "rows found: ". mysql_num_rows($result) . "<br>";
  17.  
  18.        
  19.  
  20.        if (! $result) {
  21.  
  22.      echo "<h2>Can't execute query</h2>";
  23.  
  24.      echo "<pre>" . htmlspecialchars($query) . "</pre>";
  25.  
  26.      echo "<p><b>MySQL Error</b>: ", mysql_error();
  27.  
  28.      }
  29.  
  30.        
  31.  
  32.      $row = mysql_fetch_row($result);
  33.  
  34.  
  35.  
  36.      $sqluser = $row[0];
  37.  
  38.      $sqlpass = $row[1];
  39.  
  40.      
  41.  
  42.      echo "user: ".$sqluser;
  43.  
  44.      echo "<BR>";
  45.  
  46.      echo "pass: ".$sqlpass;  
  47.  
  48. ?>
  49.  
  50.  


0 = $row['id']
1 = $row['ip']

This is why it doesnt show user and pass because they are on a different row...

however, if i do:

$row['user']
$row['pass']

It doesnt show, which means the problem is there somewhere
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post July 30th, 2004, 11:24 am

1, 2

Post Information

  • Total Posts in this topic: 21 posts
  • Users browsing this forum: No registered users and 357 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© Unmelted Enterprises 1998-2009. Driven by phpBB © 2001-2009 phpBB Group.