PHP/MySQL Login Query not working

Question

11 Years Ago

Hi, so I have been trying to create a Login and Register system, but the thing is every time I try to login using the system nothing really happens. You can check it out at http://edwinjoseph.co/logintest/ if you click login and use user for the username and password for the password, you will notice nothing happens.

The code for login.php is as follows:

<?php
    session_start();

    //This displays your login form
    function index(){

    echo "<form action='?act=login' method='post'>" 
        ."Username: <input type='text' name='username' size='30'><br>"
        ."Password: <input type='password' name='password' size='30'><br>"
        ."<input type='submit' value='Login'>"
        ."</form>";    

    }

    //This function will find and checks if your data is correct
    function login(){

        //Collect your info from login form
        $username = $_REQUEST['username'];
        $password = $_REQUEST['password'];


        //Connecting to database
        $connect = mysql_connect("example.com", "user", "password");
        if(!$connect){
            die(mysql_error());
        }

        //Selecting database
        $select_db = mysql_select_db("database", $connect);
        if(!$select_db){
            die(mysql_error());
        }

        //Find if entered data is correct

        $result = mysql_query("SELECT * FROM database WHERE username='$username' AND password='$password'") or die(mysql_error());;
        $row = mysql_fetch_array($result);
        $id = $row['id'];

        $select_user = mysql_query("SELECT * FROM database WHERE id='$id'") or die(mysql_error());;
        $row2 = mysql_fetch_array($select_user);
        $user = $row2['username'];

        if($username != $user){
            die("Username is wrong!");
        }


        $pass_check = mysql_query("SELECT * FROM database WHERE username='$username' AND id='$id'");
        $row3 = mysql_fetch_array($pass_check);
        $email = $row3['email'];
        $select_pass = mysql_query("SELECT * FROM database WHERE username='$username' AND id='$id' AND email='$email'");
        $row4 = mysql_fetch_array($select_pass);
        $real_password = $row4['password'];

        if($password != $real_password){
            die("Your password is wrong!");
        }



        //Now if everything is correct let's finish his/her/its login

        session_register("username", $username);
        session_register("password", $password);

        echo "Welcome, ".$username." please continue on our <a href=index.php>Index</a>";

    }

    switch($act){

        default;
        index();
        break;

        case "login";
        login();
        break;

    }
?>

Thank you, if you need any more information I will give it to you ASAP.

Edwin

mysql php

Edited 11 Years Ago by pritaeas because: Removed MySQL credentials from code.

4 Contributors
12 Replies
394 Views
1 Hour Discussion Span
Latest Post 11 Years Ago Latest Post by edwin.joseph.7543

pritaeas 2,194 ¯\_(ツ)_/¯

11 Years Ago

The problem is that $act on line 72 (switch) has not been given a value. I assume it's being passed through the $_GET or $_POST array.

broj1 356 Humble servant

11 Years Ago

Many issues here:

database is a mysql reserved word so it is a bad idea to use it for the table name (and is missguiding also), but if you insist, enclose it in backticks
sending two queries is not necessary if you retrieve all data with the first one
escape all the values from $_REQUEST before using them in queries otherwise you risk an SQL injection attack: $username = mysql_real_escape_string($_REQUEST['username']);
better use $_POST and $_GET arrays instead of $_REQUEST since you already use GET and POST in the same script
check for existence of values before using them: if(isset($_REQUEST['username'])) ...
mysql database extension is very old, witch to mysqli or even better to PDO

Edited 11 Years Ago by broj1

aVar++ 14 Posting Whiz

11 Years Ago

You need to ensure Direct Access is enabled when the database is setup. Review the following linked article going forward: http://support.godaddy.com/help/article/4978/connecting-remotely-to-shared-hosting-databases
It could be a problem with connection strings, refer here: http://support.godaddy.com/help/article/3323/locating-your-database-connection-strings

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

edwin.joseph.7543 0 Newbie Poster · Answer 1 · 2013-08-12T07:49:23+00:00

Im not really sure, I just followed the tutorial from http://forum.codecall.net/topic/36372-simple-register-login-logoff-system/

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster · Answer 2 · 2013-08-12T07:54:49+00:00

Ah. It's using a global setting (not recommended). I suggest you replace line 72 with:

switch ($_GET['act']) {

It's also being used in register.php (same issue).

edwin.joseph.7543 0 Newbie Poster · Answer 3 · 2013-08-12T07:58:10+00:00

okay so I changed it but know I get an error (which is good, sort of)

Access denied for user 'clanhuntersdb'@'%' to database 'database'

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster · Answer 4 · 2013-08-12T08:00:03+00:00

Your user does no have priviliges to use this database. Do you have access to the MySQL server? Did you add this user yourself? Or is database not really the name of the database you are using (more likely).

edwin.joseph.7543 0 Newbie Poster · Answer 5 · 2013-08-12T08:02:13+00:00

I have access to the database, yes. The database is actually called database and I did add the user myself.

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster · Answer 6 · 2013-08-12T08:04:16+00:00

It has to be something you missed while adding the user. Does the user have access to all databases, or just this one? Are you connecting on localhost? Did you flush priviliges?

edwin.joseph.7543 0 Newbie Poster · Answer 7 · 2013-08-12T08:07:36+00:00

So I am using GoDaddy's server just incase you need to know, the user I believe only has access to that one database because I created him on that DB. No Im not using localhost cause I dont know how to use it.. flush privilliges I dont know what that is or how it is done.

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster · Answer 8 · 2013-08-12T08:11:45+00:00

I have no experience with GoDaddy, so you'll have to wait for somebody else to chip in.

edwin.joseph.7543 0 Newbie Poster · Answer 9 · 2013-08-12T09:13:53+00:00

The question has been solved and for those of you who are like me, and with GoDaddy, it turns out I can't create this login system without buying a virtual dedicated server which costs $16 a months for 2 years. I hope that has answered any questions, if you do have questions and are with GoDaddy, it was better to talk to them personally, I spock with someone who runs their servers who helped me figure this out :)