Back To Programming / Scripting / Coding Forum

[solved] - Thanks Everyone - login php script problem

  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 6:34 am

PHP Code: [ Select ]
 
<?PHP
 
//connect to database
 
include('connect.php');
 
//fetch certain information
 
$user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
 
//If they match add a cookie and go to admin page
 
if ($username == "$user" && $password == "MD5('$pass')") {
 
//set a cookie here
 
Setcookie("admin", $userid, Time()+3600);
 
//put on this message
 
} echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
 
else
 
//or otherwise use this message
 
echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
 
?>
  1.  
  2. <?PHP
  3.  
  4. //connect to database
  5.  
  6. include('connect.php');
  7.  
  8. //fetch certain information
  9.  
  10. $user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
  11.  
  12. //If they match add a cookie and go to admin page
  13.  
  14. if ($username == "$user" && $password == "MD5('$pass')") {
  15.  
  16. //set a cookie here
  17.  
  18. Setcookie("admin", $userid, Time()+3600);
  19.  
  20. //put on this message
  21.  
  22. } echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  23.  
  24. else
  25.  
  26. //or otherwise use this message
  27.  
  28. echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
  29.  
  30. ?>


I again playing around with this code, and i got a good feeling it will work this time.

Now i keep getting a parse error on line 12 which is:

PHP Code: [ Select ]
else
:S

Whats wrong with it?
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post June 29th, 2004, 6:34 am

  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 6:39 am

can someone also explain the cause of the brackets? Whats the purpose?

Any tips that will be useful when adding brackets?
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • jshaulis
  • Student
  • Student
  • No Avatar
  • Joined: May 05, 2004
  • Posts: 70
  • Status: Offline

Post June 29th, 2004, 6:51 am

I am no expert on this but i do not think you can have the echo statement then the else statement. The brackets act as the starting and ending of your if statement. for example

if (whatever)
{
statments
}
else
{
other statements
}

I do not think that you can write something after you first if statement, THEN say else.
  • jshaulis
  • Student
  • Student
  • No Avatar
  • Joined: May 05, 2004
  • Posts: 70
  • Status: Offline

Post June 29th, 2004, 6:52 am

Try this instead

Code: [ Select ]
<?PHP
//connect to database
include('connect.php');
//fetch certain information
$user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
//If they match add a cookie and go to admin page
if ($username == "$user" && $password == "MD5('$pass')")
{
//set a cookie here
Setcookie("admin", $userid, Time()+3600);
//put on this message
echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";

else
{
//or otherwise use this message
echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
}
?>
  1. <?PHP
  2. //connect to database
  3. include('connect.php');
  4. //fetch certain information
  5. $user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
  6. //If they match add a cookie and go to admin page
  7. if ($username == "$user" && $password == "MD5('$pass')")
  8. {
  9. //set a cookie here
  10. Setcookie("admin", $userid, Time()+3600);
  11. //put on this message
  12. echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  14. else
  15. {
  16. //or otherwise use this message
  17. echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
  18. }
  19. ?>
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Joined: Apr 28, 2004
  • Posts: 1099
  • Status: Offline

Post June 29th, 2004, 6:53 am

You have to add the bracket, it designates code blocks.
Code: [ Select ]
if(this){ do the thing in this set of brackets }
else {do the stuff in this set of brackets }
  1. if(this){ do the thing in this set of brackets }
  2. else {do the stuff in this set of brackets }

In VB, it works like
Code: [ Select ]
if(this) then
do this stuff
else
do this stuff
end if
  1. if(this) then
  2. do this stuff
  3. else
  4. do this stuff
  5. end if


The idea is the same, just no brackets.

.c
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Joined: Apr 28, 2004
  • Posts: 1099
  • Status: Offline

Post June 29th, 2004, 6:56 am

By the way, here is the correct syntax for the snippet you provided above, less the comments:

PHP Code: [ Select ]
 
<?
 
  include('connect.php');
 
  $user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
 
 
 
  if ($username == "$user" && $password == "MD5('$pass')") {
 
    Setcookie("admin", $userid, Time()+3600);
 
    echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
 
  }
 
  else{ echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>"; }
 
?>
 
 
  1.  
  2. <?
  3.  
  4.   include('connect.php');
  5.  
  6.   $user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
  7.  
  8.  
  9.  
  10.   if ($username == "$user" && $password == "MD5('$pass')") {
  11.  
  12.     Setcookie("admin", $userid, Time()+3600);
  13.  
  14.     echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  15.  
  16.   }
  17.  
  18.   else{ echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>"; }
  19.  
  20. ?>
  21.  
  22.  


.c
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 6:56 am

ohhhhhhhhh
NOW I UNDERSTAND!!!!
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 6:57 am

:'( the code doesnt work!!
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Joined: Apr 28, 2004
  • Posts: 1099
  • Status: Offline

Post June 29th, 2004, 7:13 am

No? what error are you getting?

does the connect.php include have the right connection settings to an existing database that also has entries that match the $user and md5('$pass') values?

.c
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 7:34 am

its not the error, its the code itself...

when i type in the correct values in the form it doesnt go to "Welcome to ADMIN" screen. Instead it says they are invalid
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 7:39 am

PHP Code: [ Select ]
 
<?PHP
 
//connect to database
 
include('connect.php');
 
//fetch certain information
 
$user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
 
//If they match add a cookie and go to admin page
 
if ($username == "$user" && $password == "MD5('$pass')")
 
{
 
//set a cookie here
 
Setcookie("admin", $userid, Time()+3600);
 
//put on this message
 
echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
 
}  
 
else
 
{
 
//or otherwise use this message
 
echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
 
}
 
?>
 
 
  1.  
  2. <?PHP
  3.  
  4. //connect to database
  5.  
  6. include('connect.php');
  7.  
  8. //fetch certain information
  9.  
  10. $user_data = mysql_fetch_array(mysql_query("SELECT username, password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
  11.  
  12. //If they match add a cookie and go to admin page
  13.  
  14. if ($username == "$user" && $password == "MD5('$pass')")
  15.  
  16. {
  17.  
  18. //set a cookie here
  19.  
  20. Setcookie("admin", $userid, Time()+3600);
  21.  
  22. //put on this message
  23.  
  24. echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  25.  
  26. }  
  27.  
  28. else
  29.  
  30. {
  31.  
  32. //or otherwise use this message
  33.  
  34. echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
  35.  
  36. }
  37.  
  38. ?>
  39.  
  40.  


what seems to be wrong? I mean its getting the values, sseeing if they both add up.... now what?
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 7:47 am

i want the comments there for future reference
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 7:53 am

now im getting

PHP Code: [ Select ]
 
<?PHP
 
 
 
include('connect.php');
 
 
 
$user_data = mysql_fetch_array(mysql_query("SELECT username password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
 
 
 
if ($user_data = false);
 
{
 
echo "couldnt get informtion";
 
}
 
 
 
if ($username == "$user" && $password == "MD5('$pass')")
 
{
 
 
 
Setcookie("admin", $userid, Time()+3600);
 
 
 
echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
 
}  else  {
 
 
 
echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
 
}
 
?>
 
 
  1.  
  2. <?PHP
  3.  
  4.  
  5.  
  6. include('connect.php');
  7.  
  8.  
  9.  
  10. $user_data = mysql_fetch_array(mysql_query("SELECT username password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
  11.  
  12.  
  13.  
  14. if ($user_data = false);
  15.  
  16. {
  17.  
  18. echo "couldnt get informtion";
  19.  
  20. }
  21.  
  22.  
  23.  
  24. if ($username == "$user" && $password == "MD5('$pass')")
  25.  
  26. {
  27.  
  28.  
  29.  
  30. Setcookie("admin", $userid, Time()+3600);
  31.  
  32.  
  33.  
  34. echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  35.  
  36. }  else  {
  37.  
  38.  
  39.  
  40. echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
  41.  
  42. }
  43.  
  44. ?>
  45.  
  46.  


i changed the script again,

and it shows on the screen

Quote:
couldnt get informtionYou do not have permission to access this area, sorry click here to go back


the form i work on is
Code: [ Select ]
<? include('http://www.69kilobytes.co.uk/header.php'); ?>
<form name="admin_login" method="post" action="admin_login.php">
<input type="text" name="username" id="$user">
<input type="password" name="password" id="MD5('$pass')">
 <input type="submit" value="submit" name="submit">
</form>
<? include('http://www.69kilobytes.co.uk/footer.php'); ?>
  1. <? include('http://www.69kilobytes.co.uk/header.php'); ?>
  2. <form name="admin_login" method="post" action="admin_login.php">
  3. <input type="text" name="username" id="$user">
  4. <input type="password" name="password" id="MD5('$pass')">
  5.  <input type="submit" value="submit" name="submit">
  6. </form>
  7. <? include('http://www.69kilobytes.co.uk/footer.php'); ?>
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Joined: Apr 28, 2004
  • Posts: 1099
  • Status: Offline

Post June 29th, 2004, 8:38 am

Ah.

Ok, the HTML form is wrong, you've got PHP code in there and that just won't do.



Code: [ Select ]
<? include('http://www.69kilobytes.co.uk/header.php'); ?>
<form name="admin_login" method="post" action="admin_login.php">

<input type="text" name="username" id="username">
<input type="password" name="password" id="password">
<input type="submit" value="submit" name="submit">
</form>

<? include('http://www.69kilobytes.co.uk/footer.php'); ?>
  1. <? include('http://www.69kilobytes.co.uk/header.php'); ?>
  2. <form name="admin_login" method="post" action="admin_login.php">
  4. <input type="text" name="username" id="username">
  5. <input type="password" name="password" id="password">
  6. <input type="submit" value="submit" name="submit">
  7. </form>
  9. <? include('http://www.69kilobytes.co.uk/footer.php'); ?>


This is just the element ID, so it's probably not a big deal, but it's nevertheless wrong.

Next, are you sure the password is being stored in the database under md5? That is, when you look at what the database has stored for the password, is it encrypted or not? If it IS, then that's not the problem, if it's not, then there you go.

Do you have cookies enabled on your browser (and are you SURE you do? go check that it's not restricted somehow...)? From the look of the script, that shouldn't matter at login, but you never know.

Finally, are you sure that the $username and $password are being populated correctly from the form post? Just after the include statement, add this to see what the output really is. if the thing inside the parenthesis doesn't match what's in the database, you script will not work, and you'll see the access denied result.

PHP Code: [ Select ]
 
print "<p>Username: " . $user . " :: Password: " .  $pass .  "(" . MD5('$pass') . ")</p>";
 
 
  1.  
  2. print "<p>Username: " . $user . " :: Password: " .  $pass .  "(" . MD5('$pass') . ")</p>";
  3.  
  4.  
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 8:44 am

Thanks for your reply.

1) How can not the form be right? It is being posted towards the php file right?

2) here is what you need to know:
http://www.69kilobytes.co.uk/cp/admin_login.php
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post June 29th, 2004, 8:44 am

1, 2, 3, 4

Post Information

  • Total Posts in this topic: 51 posts
  • Users browsing this forum: No registered users and 127 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 2011 Unmelted, LLC. Ozzu® is a registered trademark of Unmelted, LLC.