Results 1 to 13 of 13
  1. #1
    Join Date
    Sep 2004
    Posts
    8

    Unanswered: PHP and MySQL login problem

    Ok, my apologies. I was under the impression that if the QUERY returned nothing, it would return an empty variable ($result in my case).

    Code:
    <?php
    require_once("includes/settings.php");
    
    $username = $_REQUEST['username'];
    $password = $_REQUEST['password'];
    $md5password = md5($password);
    
    if ($username=="")
    {
    	require("login_failed.php");
    	return 1;
    }
    
    $sql_query = "SELECT username,password,access_level FROM users WHERE username = '$username'";
    require("includes/dbaccess.php");
    
    $row = mysql_fetch_array($result);
    /***********************************/
    /****Added this section here*************/
    /***********************************/
    if ($row == "")
    {
    	require("login_failed.php");
    	return 1;
    }
    /***********************************/
    /***********************************/
    /***********************************/
    while ($row = mysql_fetch_array($result))
    {
    	$dbusername = $row["username"];
    	$dbpassword = $row["password"];
    	$dbaccesslevel = $row["access_level"];
    	if ($dbusername == $username)
    	{
    		if ($md5password == $dbpassword)
    		{
    			setcookie("c_username",$dbusername);
    			setcookie("c_access_level",$dbaccesslevel);
    			require("login_success.php");
    		}
    		else
    		{
    			require("login_failed.php");
    		}	
    	}
    	else
    	{
    		require("login_failed.php");
    	}
    }
    
    ?>
    This works, but it doesn't work. Now users cannot log in. Now a good login gets the blank screen.
    Last edited by mpgram; 09-15-04 at 18:37.

  2. #2
    Join Date
    Jan 2004
    Location
    India
    Posts
    168
    I didn't understand you things completely as you code is more hidden in the pages like includes/dbaccess.php. So i guess like this....
    I think if you user require() it won't execute the code inside the page you have specified in that function. Try include() may be that is you mistake.
    If this is not the solution please let me know with some more details.
    Regards
    Rajesh

  3. #3
    Join Date
    Sep 2004
    Posts
    8
    No, the required dbaccess.php is just the database connection script

    Code:
    $link = mysql_connect("IPADDRESS", "USER", "PASSWORD") or die("Could not connect: " . mysql_error());
    mysql_select_db("authors") or die("Could not select database");
    $result = mysql_query($sql_query) or die("Query failed: " . mysql_error());
    Thats all thats there. Include returns the same results. The problem that occurs is that I pull a blank page if a user puts in a username that is not in the database. Other than that, everything works fine!

  4. #4
    Join Date
    Jan 2004
    Location
    India
    Posts
    168
    Where are you checking for that condition in the given code. Your mysql_fetch_array() will not fetch any value if there is no value with this username. You the code inside the while loop won't work. Do a cheking before the while loop.

    Regards
    Rajesh

  5. #5
    Join Date
    Sep 2004
    Posts
    8
    Okay, I am confused...according to the code I listed, I do check to see if the username is blank before the while loop. What do you mean?

  6. #6
    Join Date
    Jan 2004
    Location
    India
    Posts
    168
    See this. Now here once you run the query where did u check if the query returns a value or not?

    Quote Originally Posted by mpgram
    $sql_query = "SELECT * FROM users WHERE username = '$username'";
    require("includes/dbaccess.php");

    while ($row = mysql_fetch_array($result))
    {
    $dbusername = $row["username"];
    $dbpassword = $row["password"];
    $dbaccesslevel = $row["access_level"];

    if ($dbusername == $username)
    {
    if ($md5password == $dbpassword)
    {
    setcookie("c_username",$dbusername);
    setcookie("c_access_level",$dbaccesslevel);
    setcookie("c_username",$dbusername);
    setcookie("c_access_level",$dbaccesslevel);
    setcookie("c_username",$dbusername);
    setcookie("c_access_level",$dbaccesslevel);
    require("login_success.php");
    }
    else
    {
    require("login_failed.php");
    }
    }
    else
    {
    require("login_failed.php");
    }
    }
    If the username is not in the database then the result of this query will be empty. So do a checking for this. What you are doing is, is inside the while loop. Which will not work if there is no value for the query result.

    Hope this is little more clearer.

    Regards
    Rajesh

  7. #7
    Join Date
    Sep 2004
    Posts
    8
    Ohhhhhhhhhh....okay, I get it. Will do so and let you know. Thanks.

  8. #8
    Join Date
    Sep 2004
    Posts
    8
    Nope, same result...the dbaccess.php pulls $result as the result to the SQL query. I decided to echo $result back to me, to see what it was being fed...
    The result was not what I expected, in theory, according to what you said, and what I know, we should have a NULL string, or "" of some sort or fashion. I get "Resource id #2". Now I am just confused.

    if ($result == "")
    {
    require("login_failed.php");
    return 1;
    }

  9. #9
    Join Date
    Jan 2004
    Location
    India
    Posts
    168
    If you check for the condition
    if($result==''")
    This will return a value. If you check for it as true or false... it will be true if the query is executed successfully.
    So try fetching the value to a variable and then check if the vairable is empty or not... like :
    $row=mysql_fetch_array($result)
    if($row=='')
    {
    echo "No user with this userid";
    }

    Hope this will serve your porpose.

    Regards
    Rajesh

  10. #10
    Join Date
    Sep 2004
    Posts
    8
    Ok, my apologies. I was under the impression that if the QUERY returned nothing, it would return an empty variable ($result in my case).

    Code:
    <?php
    require_once("includes/settings.php");
    
    $username = $_REQUEST['username'];
    $password = $_REQUEST['password'];
    $md5password = md5($password);
    
    if ($username=="")
    {
    	require("login_failed.php");
    	return 1;
    }
    
    $sql_query = "SELECT username,password,access_level FROM users WHERE username = '$username'";
    require("includes/dbaccess.php");
    
    $row = mysql_fetch_array($result);
    /***********************************/
    /****Added this section here*************/
    /***********************************/
    if ($row == "")
    {
    	require("login_failed.php");
    	return 1;
    }
    /***********************************/
    /***********************************/
    /***********************************/
    while ($row = mysql_fetch_array($result))
    {
    	$dbusername = $row["username"];
    	$dbpassword = $row["password"];
    	$dbaccesslevel = $row["access_level"];
    	if ($dbusername == $username)
    	{
    		if ($md5password == $dbpassword)
    		{
    			setcookie("c_username",$dbusername);
    			setcookie("c_access_level",$dbaccesslevel);
    			require("login_success.php");
    		}
    		else
    		{
    			require("login_failed.php");
    		}	
    	}
    	else
    	{
    		require("login_failed.php");
    	}
    }
    
    ?>
    This works, but it doesn't work. Now users cannot log in. Now a good login gets the blank screen.
    Last edited by mpgram; 09-15-04 at 18:35.

  11. #11
    Join Date
    Sep 2004
    Posts
    8
    This works, but it doesn't work. Now users cannot log in. Now a good login gets the blank screen.

  12. #12
    Join Date
    Jan 2004
    Location
    India
    Posts
    168
    Try fetching the result to another variable instead of $row, for checking false login.
    Now do a check for the all the if conditions. Put an echo and mark each the loop so you can get where all your programs goes through.. where is the error can be determined.
    One more thing we have to notice is that there would be only one username .. means it would be dstinct. If this is like so then you don't have to use the while loop at all. So where you check for the false login you can do like this
    $row = mysql_fetch_array($result);
    if($row!="")
    {
    $dbusername = $row["username"];
    $dbpassword = $row["password"];
    $dbaccesslevel = $row["access_level"];
    if ($dbusername == $username) /// this is also not required, b'coz the rsult wil be of only for the usernae you have asked for.
    {
    if ($md5password == $dbpassword)
    {
    setcookie("c_username",$dbusername);
    setcookie("c_access_level",$dbaccesslevel);
    require("login_success.php");
    }
    else
    {
    require("login_failed.php");
    }
    }
    }
    else
    {
    require("login_failed.php");
    return 1;
    }

    There are lots of method to do a login check this would be one of them. You can even do this on a sql query itself in stread of doing this in both php and mysql. The script would be little slow than this code

    $password = $_REQUEST['password'];
    $password=md5($password);
    $sql_query = "SELECT username,password,access_level FROM users WHERE username = '$username' and password='$password'";

    This will return a row if the username and the username with the supplied password exists in the database.

    It's up to you to use the method

    Hope this helps you

    Regards
    Rajesh

  13. #13
    Join Date
    Sep 2004
    Posts
    8
    Okay, small minor change to that script that you wrote, but it does work. I think I see what you mean though. Thank you very much.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •