SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Member
    Join Date
    Aug 2003
    Location
    Iowa
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Help with a login script

    ok, im not understanding why this isnt working.

    It works for the admin i put into the sql when i create it, but not for the rest.

    I have a fully working admin panel for it, creating new clients, editing old ones and deleting them.

    here is the php code
    PHP Code:
    <?
    include("inc/config.php");
    $connection mysql_connect($hostname$user$pass) or die ("Unable to connect!");
    $query "SELECT * FROM clients WHERE clientid = '$clientid' AND password = PASSWORD('$password')";
    $result mysql_db_query($database$query$connection);

    if (
    mysql_num_rows($result) > 0)
        {
        
    session_start();

        
    session_register("client_id");
        
    session_register("client_name");

        list(
    $clientid$name) = mysql_fetch_row($result);
        
    $client_id $clientid;
        
    $client_name $name;

        
    header("Location: hollywood.php");
        
    mysql_free_result ($result);

        
    mysql_close($connection);
        }
    else

        {
        
    mysql_free_result ($result);    
        
    mysql_close($connection);

        
    header("Location: relogin.php");
        exit;
        }
    ?>
    it works for clientid=1 but not for anything else, i have double and triple checked with it with my phpmyadmin...
    everything is correct from what I see, but it is sending everything to relogin.php except when clientid is equal to 1

    thanks for any help

  2. #2
    My precious!!! astericks's Avatar
    Join Date
    Mar 2002
    Location
    Vancouver, BC
    Posts
    1,971
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    instead of if (mysql_num_rows($result) > 0) , make it if (mysql_num_rows($result) == 1) . This is only for 'security', but it's not gonna fix the problem you're having.'

    btw, I'm guessing clientid is the username being input at the login window right? if not, that might be the problem. coz normally for logins, you gotta check the username and password against the ones in the DB.

    To check your script, I suggest you echo your sql query and make sure you are querying for the right thing. You can work from there.

  3. #3
    SitePoint Wizard
    Join Date
    Oct 2001
    Posts
    2,686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi.
    I've added some errorcheking to your script using the mysql_error() function:
    PHP Code:
    $connection mysql_connect($hostname$user$pass) or die ('Unable to connect! ' mysql_error()); 
    $query "SELECT * FROM clients WHERE clientid = '$clientid' AND password = PASSWORD('$password')"
    echo 
    "<p>$query</p>";
    mysql_select_db($database) or die(mysql_error());
    $result mysql_query($query$connection) or die(mysql_error()); 
    I've removed the use of mysql_db_query becaue it has been deprecated since PHP 4.0.6. Instead you should use mysql_select_db and mysql_query.

    I hope this will give you a clue

    -Helge

    Edit:

    Just a tip: I see that you use the session_register() function. You should instead use the $_SESSION array (or $HTTP_SESSION_VARS, depending on your PHP verision)

  4. #4
    SitePoint Member
    Join Date
    Aug 2003
    Location
    Iowa
    Posts
    22
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by astericks
    instead of if (mysql_num_rows($result) > 0) , make it if (mysql_num_rows($result) == 1) . This is only for 'security', but it's not gonna fix the problem you're having.'

    btw, I'm guessing clientid is the username being input at the login window right? if not, that might be the problem. coz normally for logins, you gotta check the username and password against the ones in the DB.

    To check your script, I suggest you echo your sql query and make sure you are querying for the right thing. You can work from there.
    I had it ==1 at first but since it wasnt working i thought that could be a problem and copied a similiar script with the > 0.. but it didn't help

    yes, clientid is the "username".

    Something I should have done, but went to bed in a hurry, ill do that when i get home


    Quote Originally Posted by Helge
    Hi.
    I've added some errorcheking to your script using the mysql_error() function:
    PHP Code:
    $connection mysql_connect($hostname$user$pass) or die ('Unable to connect! ' mysql_error()); 
    $query "SELECT * FROM clients WHERE clientid = '$clientid' AND password = PASSWORD('$password')"
    echo 
    "<p>$query</p>";
    mysql_select_db($database) or die(mysql_error());
    $result mysql_query($query$connection) or die(mysql_error()); 
    I've removed the use of mysql_db_query becaue it has been deprecated since PHP 4.0.6. Instead you should use mysql_select_db and mysql_query.

    I hope this will give you a clue

    -Helge

    Edit:

    Just a tip: I see that you use the session_register() function. You should instead use the $_SESSION array (or $HTTP_SESSION_VARS, depending on your PHP verision)
    Thank you so much, will definately try that as soon as i get home

    Thank you to both of you, hopefully this will clear things up, what i just dont understand is that it works for the "admin" wich is the same as a normal user, i just have on the rest of the pages, if clientid != 1 then kick em out. and i have changed where they kick them to, so i know this is a problem with the login script above. But ill try your ideas and try to get it working.

    Thanks Guys


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •