why my code is not working properly

zakia · August 28, 2012, 5:14pm

[php]<?php
if(isset($_POST[‘login’]))
{
// Checking whether the Login form has been submitted

$err = array();
// Will hold our errors

if(!$_POST['username'] || !$_POST['password'])
	$err[] = 'All the fields must be filled in!';

if(!count($err))
{
	$_POST['username'] = mysql_real_escape_string($_POST['username']);
	$_POST['password'] = mysql_real_escape_string($_POST['password']);

	// Escaping all input data

	$row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tz_members WHERE usr='{$_POST['username']}' AND pass='".sha1($_POST['password'])."'"));

	if($row['usr'])
	{
		header("Location:memberpage.php");
	}
	else $err[]='Wrong username and/or password!';
}

if($err){
	$message=implode("<br/>",$err);
}

}
?>[/php]

This my php code problem is that its not redirecting me to memberpage.php even i m doing correct entries according to my Datbase records. its still showing me Wrong username and/or password!’;
plz help me where i m going wrong???

[code]

Login

<div class="box">
 <?php
					
	if(!empty($message))
		{
			echo '<div class="err">'.$message.'</div>';
						
		}
					
	?>	
         
  <label>Username:</label>
  <input name="username" type="text" class="textbox" id="user">
   	  
  <label>password:</label>
  <input name="password" type="password" class="textbox" id="password"><br/>
  
  <label><input name="rememberMe" type="checkbox" id="rememberMe" value="">Remeber Me   
  		<span>|<a href="#">  Forgot Password</a></span></label>
  
  <br/>
 
  <input name="login" type="submit" value="Login" class="btn" id="login"><span><a href="reg.php">Sign Up</a></span>
  </div>
  </form>

[/code]

dex2908 · August 29, 2012, 12:06am

Hi zakia,

You are having problem with your sql that’s why the code is not working. It could be because you selected an invalid column from your table? I can’t check that because i don’t know your table’s structure. However, from what i can see here, first of all you didn’t connect to your database. To do that, you put the following code: [php]
$con = mysql_connect(‘localhost’, ‘root’, ‘put your db password here’);
if (!$con)
{
die('Could not connect: ’ . mysql_error());
}

mysql_select_db(“put your database name here”, $con);
[/php]

before you query from your database.

Next, your sql statement is incorrect:
“SELECT id,usr FROM tz_members WHERE usr=’{$_POST[‘username’]}’ AND pass=’”.sha1($_POST[‘password’])."’"

Is there a reason why you usde curly braces {}? I haven’t used that inside a statement before. Try change that to the following:

“SELECT id,usr FROM tz_members WHERE usr=’”.$_POST[‘username’]."’ AND pass=’".sha1($_POST[‘password’])."’"

It should work… let me know how it goes. Goood luck!

Regards,
developer.dex2908

zakia · August 29, 2012, 6:36am

[php]<?php require_once("dbc.php");?>

<?php require_once("functions.php");?> <?php if(isset($_POST['login'])) { // Checking whether the Login form has been submitted $err = array(); // Will hold our errors if(!$_POST['username'] || !$_POST['password']) $err[] = 'All the fields must be filled in!'; if(!count($err)) { $_POST['username'] = mysql_real_escape_string($_POST['username']); $_POST['password'] = mysql_real_escape_string($_POST['password']); // Escaping all input data $row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tz_members WHERE usr='".$_POST['username']."' AND pass='".sha1($_POST['password'])."'")); if($row['usr']) { header("Location:memberpage.php"); } else $err[]='Wrong username and/or password!'; } if($err){ $message=implode("
",$err); } } ?>[/php]

[code]

Login

<div class="box">
 <?php
					
	if(!empty($message))
		{
			echo '<div class="err">'.$message.'</div>';
						
		}
					
	?>	
         
  <label>Username:</label>
  <input name="username" type="text" class="textbox" id="user">
   	  
  <label>password:</label>
  <input name="password" type="password" class="textbox" id="password"><br/>
  
  <label><input name="rememberMe" type="checkbox" id="rememberMe" value="">Remeber Me   
  		<span>|<a href="#">  Forgot Password</a></span></label>
  
  <br/>
 
  <input name="login" type="submit" value="Login" class="btn" id="login"><span><a href="reg.php">Sign Up</a></span>
  </div>
  </form>

[/code]

stil not working. same problem MY DB is working well coz i have used this in other pages also.dont where going wrong.

dex2908 · August 29, 2012, 6:52am

Hi zakia,

I’m sure its not a big problem but i can’t debug since i don’t have the complete file. I need to know the structure of the db and all the files for me to debug. You can send me a complete set files(php and sql). Make sure you sql file contains all the create table statements and insert statements that resembles your current table. I’ll get it fixed A.S.A.P. Cheer up dude!

Regards,
developer.dex2908

zakia · August 29, 2012, 7:16am

How can i upload a file in php forum

zakia · August 29, 2012, 8:15am

INSERT INTO login.tz_members (
id ,
usr ,
pass ,
email ,
regIP ,
dt
)

This is my table structure of database its sql query which is howing all my db and table with all colmuns structure. may be helpfull to u

dex2908 · August 29, 2012, 8:35am

Hi zakia,

i just noticed you still haven’t make the connection to the database. Copy and paste the following code:

$con = mysql_connect(‘localhost’, ‘root’, ‘put your db password here’);
if (!$con) {
die('Could not connect: ’ . mysql_error());
}
mysql_select_db(“put your database name here”, $con);

just before your sql query.

Regards,
developer.dex2908

zakia · August 29, 2012, 8:41am

[php]<?php require_once("dbc.php");?>[/php]

this is my DB connection file
the conetnts of this file are

[php]<?php
require “constants.php”;
require_once"functions.php";

$connection=mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if(!$connection){
die(“Database Connection Failed”.mysql_error());
}

$select=mysql_select_db(DB_NAME,$connection);
if(!$select){
die(“Database Selection Failed”.mysql_error());
}

?>[/php]

zakia · August 29, 2012, 8:43am

[php]<?php
[php]
define(“DB_SERVER”,“localhost”);
define(“DB_USER”,“logins”);
define(“DB_PASS”,“123”);
define(“DB_NAME”,“login”);

?>[/php]
[/php]

This is contents of my Constants.php file

dex2908 · August 29, 2012, 8:47am

In that case, you can email all the files to me directly to my email: [email protected] . I’ll help you look at it.

Regards,
developer.dex2908

zakia · August 29, 2012, 8:53am

Thnks I have sent

dex2908 · August 29, 2012, 9:17am

Hi Zakia,

There are two problems with your code. Firstly, the password in your db is in plain text. Therefore, your sql query do not need sha1.

Your query:
“SELECT id,usr FROM tz_members WHERE usr=’”.$_POST[‘username’]."’ AND pass=’".[b]sha1/b."’"

should be changed to:
“SELECT id,usr FROM tz_members WHERE usr=’”.$_POST[‘username’]."’ AND pass=’".$_POST[‘password’]."’"

Its either you do the above, or you make sure the password in the db is already decrypted with sha1. If your password is already decrypted with sha1, your original is fine.

After your query is executed, a resource is returned to the $row variable. Not the actual row itself. Imagine it like a group of row rather than just one row. So in order to retrieve one row from the group of resource, you do this:

$result = mysql_fetch_assoc($row);

mysql_fetch_assoc function will return one row and save it to $result. Therefore, your if is changed from:

if($row[‘usr’]) to if($result[‘usr’])

Good luck!

PS: The zip you sent me is missing the function.php file. Just FYI

Regards,
developer.dex2908

dex2908 · August 29, 2012, 10:12am

Hi zakia,

Try this:

[php]<?php require_once("dbc.php");?>

<?php //require_once("functions.php");?> <?php if(isset($_POST['login'])) { // Checking whether the Login form has been submitted $err = array(); // Will hold our errors if(!$_POST['username'] || !$_POST['password']) $err[] = 'All the fields must be filled in!'; if(!count($err)) { $_POST['username'] = mysql_real_escape_string($_POST['username']); $_POST['password'] = mysql_real_escape_string($_POST['password']); // Escaping all input data $row = mysql_query("SELECT id,usr FROM tz_members WHERE usr='".$_POST['username']."' AND pass='".$_POST['password'])."'"); $result = mysql_fetch_assoc($row); if($result['usr']) { header("Location:memberpage.php"); } else $err[]='Wrong username and/or password!'; } if($err){ $message=implode("
",$err); } } ?> Login

Login

<div class="box">
 <?php
					
	if(!empty($message))
		{
			echo '<div class="err">'.$message.'</div>';
						
		}
					
	?>	
         
  <label>Username:</label>
  <input name="username" type="text" class="textbox" id="user">
   	  
  <label>password:</label>
  <input name="password" type="password" class="textbox" id="password"><br/>
  
  <label><input name="rememberMe" type="checkbox" id="rememberMe" value="">Remeber Me   
  		<span>|<a href="#">  Forgot Password</a></span></label>
  
  <br/>
 
  <input name="login" type="submit" value="Login" class="btn" id="login"><span><a href="reg.php">Sign Up</a></span>
  </div>
  </form>

[/php]

It should work because its working from my side.

Regards,
developer.dex2908

zakia · August 29, 2012, 8:42pm

still not Working and same error occuring

ttbakiatwoam · August 29, 2012, 8:47pm

post what you currently have and I will take a look.

zakia · August 29, 2012, 8:53pm

[php]<?php require_once("dbc.php");?>

<?php require_once("functions.php");?> <?php if(isset($_POST['login'])) { // Checking whether the Login form has been submitted $err = array(); // Will hold our errors if(!$_POST['username'] || !$_POST['password']) $err[] = 'All the fields must be filled in!'; if(!count($err)) { $_POST['username'] = mysql_real_escape_string($_POST['username']); $_POST['password'] = mysql_real_escape_string($_POST['password']); // Escaping all input data $row = mysql_query("SELECT id,usr FROM tz_members WHERE usr='".$_POST['username']."' AND pass='".sha1($_POST['password'])."'"); $result=mysql_fetch_assoc($row); if($result['usr']){ header("Location:memberpage.php"); } else $err[]="Wrong Password"; } if($err){ $message=implode("
",$err); } } ?>[/php]

its just php code part

here i used sha1 coz my form hash the password at the time of register a user.
u have complete code u just first signup and then try to login my be u got it where is the problem

zakia · August 29, 2012, 9:05pm

[php]<?php require_once("dbc.php");?>

<?php require_once("functions.php");?> <?php if(isset($_POST['login'])) { // Checking whether the Login form has been submitted $err = array(); // Will hold our errors if(!$_POST['username'] || !$_POST['password']) $err[] = 'All the fields must be filled in!'; if(!count($err)) { $_POST['username'] = mysql_real_escape_string($_POST['username']); $_POST['password'] = mysql_real_escape_string($_POST['password']); // Escaping all input data $row = mysql_query("SELECT id,usr FROM tz_members WHERE usr='".$_POST['username']."' AND pass='".sha1($_POST['password'])."'"); $result=mysql_fetch_assoc($row); if($result['usr']){ header("Location:memberpage.php"); } else $err[]="Wrong Password"; } if($err){ $message=implode("
",$err); } } ?>[/php]

i use sha1 coz i hash the password at user registration
u have complete code first sighn up and then try to login may be u can get whts i have

ttbakiatwoam · August 29, 2012, 9:12pm

[php]
if($result[‘usr’]){
[/php]

$result[‘usr’] variable does not return a true false value. It returns an associative array of strings that corresponds to the fetched row, or FALSE if there are no more rows. So your if then statement never returns true. I have

an if statement requires a true false value.

Also this you have not stored the users authentication anywhere so someone could just type in the memberpage.php url and get there with out authentication. Since your not storing it I know your not checking for it. I will put a basic tutorial for user auth in the tutorials section if I cannot find one there. It should help you out with this.

ttbakiatwoam · August 29, 2012, 9:14pm

Here is a user login tutorial. This is not how I would do it but it will work

http://www.phphelp.com/forum/index.php?topic=8432.0

ttbakiatwoam · August 29, 2012, 9:19pm

Here is a basic login script that I use, I have since revised this code for a more advanced usage but this should get you started.

[php]<?php
session_start();
ob_start();

require_once("template.php");
template_setFormat("secondary");
template_pre();

if ($_COOKIE[“auth”] == “1”) {

echo "cookie!";

} else {

if (!$_POST) {
//haven’t seen the selection form, so show iterator_count
$display_block .= "
<form method=“post” action="".$_SERVER[“PHP_SELF”]."">

Username:

<input type=“text” name=“username”/>

Password:

<input type=“password” name=“password”/>

";

} else {

//connect to server and select database
$mysqli = mysqli_connect("****HOST******", "******USERNAME*****", '*****PASSWORD******', "*****DATABASE******");

//create and issue the query
$sql = "SELECT f_name, l_name FROM auth_users WHERE username = '".$_POST["username"]."' AND password = PASSWORD('".$_POST["password"]."')";
$result = mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli));

//get the number of rows in the result set; should be 1 if a match
if (mysqli_num_rows($result) == 1) {

	//if authorized, get the values of f_name l_name
	while ($info = mysqli_fetch_array($result)) {
		$f_name = stripslashes($info['f_name']);
		$l_name = stripslashes($info['l_name']);
	}

	//set authorization cookie
	setcookie("auth", "1", 0, "/", "***********", 0);

	//create display string
	$display_block = "
	<p>".$f_name." ".$l_name."'s Menu:</p>
	<ul>
	<li><a href=\"selentry.php\">View entry</a></li>
	<li><a href=\"updatepage.php\">Update entry</a></li>
	<li><a href=\"addpage.php\">Add entry</a></li>
	</ul>";
} else {
	//redirect back to login form if not authorized
	$display_block .= "Fail num rows = 1";
}

}
}
echo “$display_block”;
template_post();

?>[/php]