Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > PHP/MySQL > PHP How-To
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
PHP How-To Post your "How do I do this with PHP?" questions here.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the PHP How-To section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old March 4th, 2004, 10:46 AM
Authorized User
 
Join Date: Jan 2004
Location: Manchester, , United Kingdom.
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Ashleek007
Default user login verification

hi,
I have got an HTML page where users type in their username and password. This is then submitted to a logincheck PHP page where the values entered are stored in varibles called $username and $password. This section works fine.

The problem is when im trying to check these variables against the database fields(username, password) i have created.

heres the code I have used on the login check page. I think its to do with the SQL code i have used and the PHP variables I have tried to enter(IN RED BELOW)?!?!

<?PHp
      $dbc = mysql_connect('localhost', 'root', '') or die ('Could not connect to MySQL :' .mysql_error());
      mysql_select_db('CupidCorner') or die('Could not connect to database :' .mysql_error());

     $username = $_POST['Username'];
      $password = $_POST['password'];
      echo $username; ?>
      <br>
      <?php
      echo ' ',$password;

      $query = "Select * From Login Where Username = ($username) And password = ($password)";
      $result = mysql_query($query);
      while($row = mysql_fetch_array($result, mysql_assoc))
          {
           echo "$row[username]$row[password]";
        }
        mysql_close();
      ?>

This is the error message I have got:-
Warning: Supplied argument is not a valid MySQL result resource in c:\apache\htdocs\logincheck.php on line 22

line 22 is the variables i was talking about.

cheers ASH


__________________
My new web design domain
www.askmultimedia.co.uk
Reply With Quote
  #2 (permalink)  
Old March 4th, 2004, 03:04 PM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 5 Times in 5 Posts
Default

Try the following...

if (!$result = mysql_query("Select * From Login Where Username = '$username' And password = '$password'"))
{
    echo mysql_error();
}

You didn't quote your strings in the SQL, and you didn't report errors at the query.

: )
Rich

:::::::::::::::::::::::::::::::::
Smiling Souls
http://www.smilingsouls.net
:::::::::::::::::::::::::::::::::
Reply With Quote
  #3 (permalink)  
Old March 4th, 2004, 03:23 PM
Authorized User
 
Join Date: Jan 2004
Location: Manchester, , United Kingdom.
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Ashleek007
Default

where would i place this??



Reply With Quote
  #4 (permalink)  
Old March 4th, 2004, 03:25 PM
Authorized User
 
Join Date: Jan 2004
Location: Manchester, , United Kingdom.
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Ashleek007
Default

thanks ASH

Reply With Quote
  #5 (permalink)  
Old March 4th, 2004, 03:54 PM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 5 Times in 5 Posts
Default

No worries? You have it working now?

Also.. I noticed another error...

while($row = mysql_fetch_array($result, mysql_assoc))
{
   echo "$row[username]$row[password]";
}

Constants are case-sensitive. Predefined constants are always in all uppercase so to get associative indices use MYSQL_ASSOC with mysql_fetch_array() or use the mysql_fetch_assoc() function.

You should be seeing an error text from that if you have error_reporting set to E_ALL.

: )
Rich

:::::::::::::::::::::::::::::::::
Smiling Souls
http://www.smilingsouls.net
:::::::::::::::::::::::::::::::::
Reply With Quote
  #6 (permalink)  
Old March 4th, 2004, 04:00 PM
Authorized User
 
Join Date: Jan 2004
Location: Manchester, , United Kingdom.
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Ashleek007
Default

Sorry mate,

Thanks for the help, i played around with it for a while and its working now, what ive got is a login page that checks the username and password stored in a database.

Thats the verification done!!

Now i need to create a session for each user to store values in, (shopItems,test scores etc.....) These need to be stored both for the duration of the session and also permanently(in the case of testscores). Should i store the test scores in a variable then put them in a database table? how do i go about creating this session variable?

thank you very much!
ASH

Reply With Quote
  #7 (permalink)  
Old March 4th, 2004, 04:14 PM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 5 Times in 5 Posts
Default

It seems everyone is asking about sessions lately. Have a look in the Beginning PHP & PHP DB forums where Nik and I have been fielding session questions...

Here are a few of the threads...
http://p2p.wrox.com/topic.asp?TOPIC_ID=10392
http://p2p.wrox.com/topic.asp?TOPIC_ID=10480
http://p2p.wrox.com/topic.asp?TOPIC_ID=10436

If you still have questions after having a look at those, I'd be happy to help.

Sure I think you will have to store your test scores in a DB, sessions are configured to last for about 24 minutes by default after that time is up there is a 1% chance on each request that garbage collection will run and delete outdated session data. All of that can be customized, of course, have a look at the PHP page on sessions http://www.php.net/session.

: )
Rich

:::::::::::::::::::::::::::::::::
Smiling Souls
http://www.smilingsouls.net
:::::::::::::::::::::::::::::::::
Reply With Quote
  #8 (permalink)  
Old March 4th, 2004, 08:05 PM
Authorized User
 
Join Date: Jan 2004
Location: Manchester, , United Kingdom.
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Ashleek007
Default

OK OK,

this is the code ive got so far, ive hit another stumbing block though. It checks the username and password against the database and if the user isnt registered brings up an 'username/password incorrect' message!

the session bit is where im stuck. I think i have created a session called 'logged_in' which is given the value 'true' when the user has given a valid username and password. the header bit doesnt seem to work though?? throws up this warning: -

Warning: Cannot add header information - headers already sent by (output started at c:\apache\htdocs\logincheck.php:12) in c:\apache\htdocs\logincheck.php


<?php
session_start();

$dbc = mysql_connect('localhost', 'Ashleek007', '') or die ('Could not connect to MySQL :' .mysql_error());
      mysql_select_db('login') or die('Could not connect to database :' .mysql_error());

      $username = $_POST['username'];
      $password = $_POST['password'];

?>
      <br>
<?php
      $query = "Select * From userlogin Where USERNAME = '$username' And PASSWORD = '$password'";
      $result = mysql_query($query);


       if($row = mysql_fetch_array($result, MYSQL_ASSOC))
       {
           # echo "$row[USERNAME]$row[PASSWORD]";
           $_SESSION['logged_in'] = 'TRUE';
           header('Location: index.php?sid=' .session_id());
       }

       else
       echo "Incorrect Username/password";

       mysql_close();
 ?>

This will eventually redirect the 'approved' logged in user with a session ID to the users section?!. If I wanted to make some pages 'users only' would i use a statement such as :-

 if ($_SESSION['logged_in'] = 'TRUE';)
        {
           //users only pages code here?!?!?!
        }
        else
        {
            echo 'not logged in';
            header('Location: login.php');
        }

would i have to use this on every 'users only' page or is there an easier way to do this?!

Sorry for wasting your time about the session questions, but your help is very much appreciated. If i can become a tenth of where u two guys are i'll be VERY happy!.

also just a quikie so i dont have to ask later! if I want users to be able to log out do i use the code:-
session_unset() or unset() ??

thanks
ASH
p.s. think my eyes are square, and its far too late!!

Reply With Quote
  #9 (permalink)  
Old March 4th, 2004, 09:00 PM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 5 Times in 5 Posts
Default

Hi Ashlee,

You're getting closer..

session_start() and header() both modify outgoing HTTP headers.  The former outputs a COOKIE and the latter, well whatever you're telling it to, in this case the Location header.  The HTTP headers have to go out before any content from the body itself.  So my guess is you have some output happening before the call to header().

<?php
session_start();

$dbc = mysql_connect('localhost', 'Ashleek007', '') or die ('Could not connect to MySQL :' .mysql_error());
      mysql_select_db('login') or die('Could not connect to database :' .mysql_error());
      
      $username = $_POST['username'];
      $password =  $_POST['password'];
 
// This creates output before your call to header.
<s>
?>
      <br>
<?php
</s>

      $query = "Select * From userlogin Where USERNAME = '$username' And PASSWORD = '$password'";
      $result = mysql_query($query);
      

       if($row = mysql_fetch_array($result, MYSQL_ASSOC))
       {
           <s># echo "$row[USERNAME]$row[PASSWORD]";</s>  
           $_SESSION['logged_in'] = <s>'</s>TRUE<s>'</s>;


           header('Location: index.php?sid='.session_id());  
       }

       else
       {
            $_SESSION['logged_in'] = FALSE;
            echo "Incorrect Username/password";
       }
               
       mysql_close();
?>

<?php
session_start();

// When you check for TRUE you don't have to quote "TRUE" its a
// reserved word with special meaning.
// Also you don't need the semi-colon in the conditional expression.

if ($_SESSION['logged_in'] == <s>'</s>TRUE<s>';</s>)
{
   //users only pages code here?!?!?!
}
else
{
   // header call first (cannot have output before it).
   header('Location: login.php');
   // Since you're redirecting this won't do anything.
   <s>echo 'not logged in';</s>
   exit;
}
?>

Right you would have to use it on every page that requires protection.  I just talked a bit on this too.. are you using Apache?  From your post it looks like it.. then can you use .htaccess?  I believe you have to enable .htaccess configuration changes in httpd.conf, once you do that you can auto prepend and append authentication to files you want protected, whereas you won't have to write the check in every file.

This thread talks about configuring using .htaccess
http://p2p.wrox.com/topic.asp?TOPIC_ID=10392

You would use the regular unset() function to destroy a $_SESSION variable.  If you want to get rid of a whole session use the session_destroy() function.

: )
Rich

:::::::::::::::::::::::::::::::::
Smiling Souls
http://www.smilingsouls.net
:::::::::::::::::::::::::::::::::
Reply With Quote
  #10 (permalink)  
Old March 5th, 2004, 08:49 AM
Authorized User
 
Join Date: Jan 2004
Location: Manchester, , United Kingdom.
Posts: 78
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Ashleek007
Default

thanks for the help so far, im learning a huge amount from this!

BUT, it wont let me log in. Ive got a feeling its to do with the session. Do i need to declare this session in a 'global' file like i would in ASP?

ive got a login.php page where the input boxes are(no php code),
this passes the info to the logincheck.php(the top section of the code youve written)then redirects to the index.php
the index.php then asks if the session is true run the secure code or redirect back to login.php.

I know that i have entered the correct user/password as it doesnt bring an error message, so must set the session[logged_in] to true. but when it passes to the index to check if the value is true, it doesnt recognise it and uses the else statement to redirect back to the login.php

have u any idea why?
cheers
ASH

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
login script: user can't hit "return" for login dmerrill Java Basics 13 July 14th, 2006 07:25 PM
login verification katie456 Access ASP 3 October 16th, 2005 01:47 PM
Newbie Help. Login to unique login page per user Kainan Classic ASP Professional 10 May 3rd, 2005 07:47 AM
login failed for user nt authority\anonymous login rj1406 Classic ASP Databases 1 October 24th, 2004 09:15 AM



All times are GMT -4. The time now is 06:38 PM.


Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.