Forum Moderators: coopster
Did a search on Google regarding a login form where 2 different passwords can take you to 2 different URLs in the site but the script I found had some bug in it.
So I don't if it's possible or if it's just a script bug.
This is code, let me know if you see where the bug is
Thanks
Richard
= = = = = = = = = = = = = = = = = = = = = = = =
<?php
ob_start();
$host="localhost"; // Host name
$username="username"; // Mysql username
$password="password"; // Mysql password
$db_name="db_name"; // Database name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $email and $password
$email= $_POST['email'];
$password= md5($_POST['password']);
$email= $_POST['page'];
$check="SELECT * FROM Login WHERE 'email'='$email' and 'password'='$password' and 'page'='$page'";
$result=mysql_query($check);
// Mysql_num_row is counting table row
$count = mysql_num_rows($result); // This is line 20 where it keeps complaining.
// If result matched $email and $password, table row must be 1 row
if($row==1){
// Register $email, $password and redirect to file "$page"
session_register("email");
session_register("password");
session_register("page");
header("location:$page");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
= = = = = = = = = = = = = = = = = = = = = = = =
When you say the script has a bug in it, what is happening exactly? Do you see a specific error?
dc
[amazon.com...]
Basically it just gives me a blank page when I load it. If anyone would be kind enough to cut & paste it on their server they would see where the problem might come from.
Someone told me that "session register" was an old code and not used anymore. I'm not php programmer so I don't know where is the bug nor how to fix it. Any help from you on this?
Richard
Sorry but you lost me as i'm no php programmer. I know how to play with HTML code and can modify basic js/php code but cannot debug anything like this above.
Let me know if you have an answer for me or another script that can de the same thing.
Thanks
Richard
change... $email= $_POST['page'];
to... $page= $_POST['page'];
change... if($row==1)
to... if($count==1)
Also that script has a security flaw in it and is open to SQL injection hacks, so:
change... $check="SELECT * FROM Login WHERE 'email'='$email' and 'password'='$password' and 'page'='$page'";
to... $check="SELECT * FROM Login WHERE 'email'='".mysql_real_escape_string($email)."' and 'password'='".mysql_real_escape_string($password)."' and 'page'='".mysql_real_escape_string($page)."'";
I assume you've setup your mysql database and set the right parameters at the top of the script? If not, that would cause problems as well. Good luck.
I still get however the same msg "Wrong Username or Password". I know that i'm feeding the right email and password that's in my Login table.
I also know the username, password and db name for connecting to the db are ok too.
I'm passing the email and password to my login script through this basic form here...
= = = = = = = = = = = = = = = = = = = = = = = =
<form action="login.php" method="POST" name="login">
<p>
<table>
<tr><td>Email:</td><td><input name="email" type="text"></td></tr>
<tr><td>Password:</td><td><input name="password" type="text"></td></tr>
<tr><td><input type="submit" name="Submit" value="Log In!"></td></tr>
</table>
= = = = = = = = = = = = = = = = = = = = = = = =
I made your changes and this is what it looks like. See any other bugs?
= = = = = = = = = = = = = = = = = = = = = = = =
<?php
ob_start();
$host="localhost"; // Host name
$username="username"; // Mysql username
$password="password"; // Mysql password
$db_name="db_name"; // Database name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $email and $password
$email= $_POST['email'];
$password= md5($_POST['password']);
$page= $_POST['page'];
$check="SELECT * FROM Login WHERE 'email'='".mysql_real_escape_string($email)."' and 'password'='".mysql_real_escape_string($password)."' and 'page'='".mysql_real_escape_string($page)."'";
$result=mysql_query($check);
// Mysql_num_row is counting table row
$count = mysql_num_rows($result); // This is line 20 where it keeps complaining.
// If result matched $email and $password, table row must be 1 row
if($count==1){
// Register $email, $password and redirect to file "$page"
session_register("email");
session_register("password");
session_register("page");
header("location:$page");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
= = = = = = = = = = = = = = = = = = = = = = = =
[edited by: Mtlinfo at 8:12 pm (utc) on April 25, 2007]
If that doesn't work, make sure the password in the database is stored as an MD5 hash and not in clear text. That's all I can think of.
I brought it back to this and encrypted the password, still no success
$check="SELECT * FROM Login WHERE 'email'='$email' and 'password'='$password' and 'page'='$page'";
so basically there was just these 2 lines to change...
$page= $_POST['page'];
if($count==1){
here's the full code again just in case someone sees something else...
<?php
ob_start();
$host="localhost"; // Host name
$username="username"; // Mysql username
$password="password"; // Mysql password
$db_name="db_name"; // Database name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $email and $password
$email= $_POST['email'];
$password= md5($_POST['password']);
$page= $_POST['page'];
$check="SELECT * FROM Login WHERE 'email'='$email' and 'password'='$password' and 'page'='$page'";
$result=mysql_query($check);
// Mysql_num_row is counting table row
$count = mysql_num_rows($result); // This is line 20 where it keeps complaining.
// If result matched $email and $password, table row must be 1 row
if($count==1){
// Register $email, $password and redirect to file "$page"
session_register("email");
session_register("password");
session_register("page");
header("location:$page");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
If I read your post right, you want to redirect to a certain page depending on the password given. Is that correct or is the page selected in the login form?
You are right, I don't let people decide which page they will be redirected to, they only fill their username (email) and their password.
The script should compare the 2 and redirects people to the name of the page that's in the db.
It's a script with "3 tds" in my table. 1 column is the email, the 2nd is the password and the 3rd one is the page to be redirected to in case of a match.
It doesn't seem complicated but I don't know how to write php code so i'm stuck.
I'm sure someone here can take 2 minutes and write something equivalent.
Richard
