Something wrong with my login code?

Question

pbracing33b 0 Newbie Poster

12 Years Ago

So I have a book that help me out tremendously with my logins, but when I try to execute nothing seems to work, so I'm wondering if my query is wrong now, my database is bookmarks, the table name is user with fields of user_id, user_name and password, so with the code posted below did I query this correctly and is the code that I got from my other books working fine,(or missing parts?) I'm just now sure exactly what it is: I have been working on this for days now, and this seems like the closest I've been since in awhile. Thanks for any help given!

<?php

    session_start();


    //$username = $_REQUEST["username"];
    //$password = $_REQUEST["password"];
    $link = mysql_connect('localhost', '', '');
    //$query = "SELECT user_id, user_name FROM user WHERE user_name = '$username' AND user.password = '$password'";
    //$bookmarks = " page_title, url,description, shared FROM bmark Where user_name ='$username'";
    //$bmarkresults = mysql_query($bookmarks);
    //$query = "SELECT".$username.$password. "user_name,password FROM user WHERE user_name = '$username' AND password = '$password'";



    print "*** QUERY IS: $query<br><br>";
    if (!$link) 
    {
    die('Could not connect: ' . mysql_error());
    }
    echo 'Connected successfully';
    if ( !mysql_select_db("bookmarks",$link)) 
        die(mysql_error() . "could not open</body></html>");
        //die("<p>Could not open the bookmarks database: ". mysql_error());
    echo 'Connected bookmarks Successfully';
    function is_valid_user_login($username, $password) 
    {

    $password = sha1($username . $password);
    $query = 'SELECT user_id FROM user
              WHERE user_name = :username AND password = :password';
    $statement = $link->prepare($query);
    $statement->bindValue(':username', $username);
    $statement->bindValue(':password', $password);
    $statement->execute();
    $valid = ($statement->rowCount() == 1);
    $statement->closeCursor();
    return $valid;
    }
    if (isset($_POST['action'])) 
    {
    $action = $_POST['action'];
    } 
    else if (isset($_GET['action'])) 
    {
    $action = $_GET['action'];
    }     
    else 
    {
    $action = '';
    }

    if (!isset($_SESSION['is_valid_admin']))
    {
    $action = 'login';
    }

// Perform the specified action
    switch($action) 
    {
    case 'login':
        $username = $_POST['username'];
        $password = $_POST['password'];
        if (is_valid_user_login($username, $password)) 
        {
            $_SESSION['is_valid_admin'] = true;
            include('bookmark.php');
        } 
        else 
        {
            $login_message = 'You must login to view this page.';
            include('blair-phil-MiMarks-FinalProjectlogin.html');
        }
        break;
    case 'show_admin_menu':
        include('view/bookmark.php');
        break;
   /* case 'show_product_manager':
        include('view/product_manager.php');
        break;
    case 'show_order_manager':
        include('view/order_manager.php');
        break;*/
    case 'logout':
        $_SESSION = array();   // Clear all session data from memory
        session_destroy();     // Clean up the session ID
        $login_message = 'You have been logged out.';
        include('view/blair-phil-MiMarks-FinalProjectlogin.html');
        break;
    }
    /*if (!empty($_POST['login-submit'])) 
  {
    if (!$link) 
    {
    die('Could not connect: ' . mysql_error());
    }
    echo 'Connected successfully';
    if ( !mysql_select_db("bookmarks",$link)) 
        die(mysql_error() . "could not open</body></html>");
        //die("<p>Could not open the bookmarks database: ". mysql_error());
    echo 'Connected bookmarks Successfully';
    $result=mysql_query($query) or die (mysql_error());
    if(mysql_num_rows($result) > 0) echo 'si';

    if (isset($_POST['Submitted'])) 
    {

    $username = $_POST['username'];
    $password = $_POST["password"];
    $uid = mysql_fetch_row($result);

    if ($username == $uid[0]) {
    print ("Welcome back, friend!");
    }
    else 
    {
    print ("You're not a member of this site");
    if ($password==$uid[0])
    {
    print("Welcome back!");
    }
    else
    {
    print("Password error! Or you entered the incorrect password and please try again");
    }
    }
    }
 }
    {
       return false;
    }


}
<?php
        $link = mysql_connect('localhost', '', '');
        $query = "INSERT into bmark(page_title,url,description)values('$_POST[title]','$_POST[url]','$_POST[description]')";
            if (!empty($_POST['AddBmark-submit'])) 
        {

            if (!$link) 
            {
            die('Could not connect: ' . mysql_error());
            }
            echo 'Connected successfully';
            if ( !mysql_select_db("bookmarks",$link)) 
            die(mysql_error() . "could not open</body></html>");
            //die("<p>Could not open the bookmarks database: ". mysql_error());
            echo 'Connected bookmarks Successfully';
            if (!mysql_query($query,$link))
            {
            die('Error: ' . mysql_error());
            }
        }
            echo "1 record added";

            mysql_close($con);
    ?>


    */




?>

php

3 Contributors
4 Replies
222 Views
7 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by veedeoo

veedeoo 474 Junior Poster

12 Years Ago

Hi,

Did the book ever mention about the PDO connector? It looks like or very similar to this.....

 <?php

  $host = 'localhost';
  $user = 'db username';
  $pass = 'db password';

 try {
$thisDb = new PDO("mysql:host=$host;dbname=mysql", $user, $pass);

echo 'We are connected';
}
 catch(PDOException $e)
{
echo $e->getMessage();
}
?>

The reason I am asking, because in the middle of your codes, you are using a PDO statement. In fact, you can use my sample code above, that should allow you to connect.

PDO is easy, but you need to have a reliable PDO connector class..Search for PDO connection class, or Database Singleton class.

Edited 12 Years Ago by veedeoo because: more info added

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

pbracing33b 0 Newbie Poster · Answer 1 · 2012-05-08T04:45:43+00:00

yes it is mysqli, I overlooked it earlier! But I am still having issues with my login, I can get it to read my username but it won't use the password side: here is my code now:

<!DOCTYPE html PUBLIC">
<!--Phil Blair-->
<!--blair-phil-MiMarks-FinalProjectlogin.php->
<!--Homework #4-->
<!--May 1, 2012-->

<!-- Final Project MiMarks -->

<html>
   <head>
      <meta charset = "utf-8"/>
      <title>MiMarks login page</title>
      <style type="text/css">
        .center
        {
            margin:auto;
            width:60%;
            background-color:yellow;
        }
        .website
        {
            margin:auto;
            width:55%;
            background-color:yellow;
        }
        .body
        {
            background-color:#F0F8FF;
        }
        h1 
        {
            color:#FF0000;
        }
        h3 
        {
            color:#FF0000;
        }
      </style>

    </head>
<body class="body">
<form name="login" action ="blair-phil-MiMarks-FinalProjectlogin1.php" method="post">
<input type='hidden' name='action' value='login'/>
<p><h1 class="center">Welcome to MiMarks your home for central bookmarks!</h1></p>
    <tr><h3 class="website">Please enter your username:<input type = "textbox" name="username"/>
    <tr><h3 class="website">Please enter your Password<input type = "password" name="password/>
    <tr align = "center"><input type = "submit" name = "login-submit" value = "submit"/><input type = "reset" value = "reset"/></tr>
    </form>

    <form name="bookmarks" action="blair-phil-MiMarks-FinalProjectPass.php" method="post">
    <tr align = "left"><h3 class="website">Not a user? Create an account! We will assign you a random password for security reasons!</h3></tr>
    <div align ="left"><h3 class="website">Desired username:<input type = "textbox" name="desiredUserName" />
    <div align = "center"><h3 class="website"><input type = "submit" name="createAcct-submit" value="Create an account" /><!--<a href="blair-phil-MiMarks-FinalProjectPass.php">-->
    </form>



      </body>
</html>

here is my php that goes with this:

<?php

    print "*** QUERY IS: $query<br><br>";
    $link = mysql_connect('localhost', '', '');
    if (!$link) 
    {
    die('Could not connect: ' . mysql_error());
    }
    echo 'Connected successfully';
    if ( !mysql_select_db("bookmarks",$link))
        {
        die(mysql_error() . "could not open</body></html>");
        }
        echo 'Connected bookmarks Successfully';
    if (!empty($_POST['login-submit'])) 
        {
        $username=$_POST['username'];
        $password=$_POST['password']; 
        $username = stripslashes($username);
        $password = stripslashes($password);
        $username = mysql_real_escape_string($username);
        $password = mysql_real_escape_string($password);
        $sql="SELECT * FROM user WHERE user_name='$username' and password='$password'";
        $result=mysql_query($sql);
        $count=mysql_num_rows($result);
        if($count==0)
        {
        echo "Wrong Username or Password";

        }
        else {
        session_register("username");
        session_register("password");
        header("location:bookmark.php");

        }
        session_start();
        if(!session_is_registered(username)){
        header("location:bookmark.php");
        }
    }
?>

So I am not sure as to why it is only allowing the user and not even recognizing the password, I could put in anything and it accepts it or nothing at all.

vibhaJ 126 Master Poster · Answer 2 · 2012-05-08T05:10:25+00:00

You forgot " after name password.
<tr><h3 class="website">Please enter your Password<input type = "password" name="password"/>

If you want to use session in any of php page make sure you add session_start(); at top of page.
Whe username is correct you can set it in session i.e. $_SESSION['username'] = $username;

On other pages where login is required on top of that pages check

if(!isset($_SESSION['username']))
{
        header('location:login.php');
        exit;
}

veedeoo 474 Junior Poster Featured Poster · Answer 3 · 2012-05-08T05:14:51+00:00

What type of hashing the password had? It could be md5 or something? Look at you mysql database and look for the password value..

Change your input form code above to this

 <input type = "text" name="username"/>

If you use md5 to hash the password, we should hashed it to md5, before sending it to the query

   $password = mysql_real_escape_string($password);
   ## you only include codes below if you are sure that the password is md5 hashed.
   $password = md5($password);

   ## do your database query below like this.. you replace your codes above with this.
    $sql="SELECT * FROM user WHERE user_name='".$username."' and password='".$password."'";