Login script problems.


#1

Could someone tell me what is wrong with this code? I’m not very good with PHP and I know that for some reason the the submit button is not passing the information on to the $submit varible. I get the error on the page:
Notice: Undefined variable: submit in D:Program FilesAbyss Web Serverhtdocsphpinvitelogin.php on line 16.
Line 16 is this line in the code

if ($submit) { 

Also what would be the correct syntax to put at the end of this code to get the page to display an error if the user inputs an incorrect password or username?

else ( echo "The user name and/or password is incorrect" )

Is that correct?

here’s the actual script

[code]

AccountID:
Password:
 
<?php if ($submit) { $db=mysql_connect("localhost","*******") or die ("cant connect"); mysql_select_db("ragnarok",$db) or die ("cant change"); $result=mysql_query("select * from login where name='$userid'",$db) or die ("cant do it"); while ($row=mysql_fetch_array($result)) { if ($row["user_pass"]==$user_pass) { redir("count.php"); } } } ?>
[/code]

I am greatfull for any help that can point me in the right direction.


#2

Try this –

[php]<?
if(isset($submit))
{
//code here
}
?>[/php]


#3

Also, always use the $_POST superglobal array when passing POST data.

if (isset($_POST['submit'])

and when accessing your form information use:

$user_pass = $_POST['user_pass']; $userid = $_POST['userid'];
:)

#4

what ai usually do for a login script is query the database like so

// This checks to see if the user id is there matched with the correct 
// password (check into mysql BINARY for case sensitivity)
$sql = "SELECT * FROM table WHERE userid = $user AND pass = $pass";";
$result = mysql_query($sql);
// if the database returns at least 1 record
if (mysql_num_rows($result) > 0)
{
    // then the user and the password are good
    // maybe set a session variable to being logged in
    // and direct them to the index page
}
else
{
    // do not grant access and tell them that there is an error in the 
    // user name and/or password (I don't like to be too specific)
    // maybe unset the session variable used for logging in
    // you can redirect them back to or redisplay the log in screen
}