Forum Moderators: coopster
<?php # Script 7.7 - login.php
if (isset($_POST['submit'])) {
// This file contains the database access information for the database. This file also establishes a connection to MySQL and selects the database.
// Set the database access information as constants.
define ('DB_USER', '********');
define ('DB_PASSWORD', '*******');
define ('DB_HOST', 'localhost:/tmp/mysql5.sock');
define ('DB_NAME', '*********');
// Make the connnection and then select the database.
$dbc = @mysql_connect (DB_HOST, DB_USER, DB_PASSWORD) OR die ('Could not connect to MySQL: ' . mysql_error() );
mysql_select_db (DB_NAME) OR die ('Could not select the database: ' . mysql_error() );
function escape_data ($data) {
global $dbc;
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string($data, $dbc);
}
$message = NULL;
if (empty($_POST['username'])) {
$username = FALSE;
$message .= '<p>You forgot to enter your username!</p>';
} else {
$username = escape_data($_POST['username']);
}
if (empty($_POST['password'])) {
$password = FALSE;
$message .= '<p>You forgot to enter your password!</p>';
} else {
$password = escape_data($_POST['password']);
}
if ($username && $password) { // If everything's OK.
$query = "SELECT mem_id, first_name FROM members WHERE username='$username' AND password = PASSWORD('$password')";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);
if ($row) {
// Start the session, register the values & redirect.
session_start();
$_SESSION['first_name'] = $row[1];
$_SESSION['mem_id'] = $row[0];
header ("Location: ["...] . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "loggedin.php");
exit();
} else {
$message = '<p>The username and password entered do not match those on file.</p>';
}
mysql_close();
} else {
$message .= '<p>Please try again.</p>';
}
}
$page_title = 'Login';
include ('header.inc');The username and password entered do not match those on file
if (isset($message)) {
echo '<font color="red">', $message, '</font>';
}
?>
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<fieldset><legend>Enter your information in the form below:</legend>
<p><b>User Name:</b> <input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username'];?>" /></p>
<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
<div align="center"><input type="submit" name="submit" value="Login" /></div>
</fieldset></form><!-- End of Form -->
<?php
include ('footer.inc');
?>
Any help would be much appreciated
Also seeing as this code is still in testing why are you using @ to suppress errors?
$dbc = @mysql_connect (DB_HOST, DB_USER, DB_PASSWORD) OR die ('Could not connect to MySQL: ' . mysql_error() );
No error reporting = you have no idea what the problem is.
For live environments I try at almost all cost to avoid @. Get the errors written to a system log, emailed to you, whatever, just dont hide them. As you will only hear about it from your customers when it is dead, so if your script report back to you when it starts to break then when you customers ring you complaining you have already fixed the problem...they think that you are psychic, you know you just have good error reporting ;)
I am sorry but these messages do not mean much to me. There must be a mistake before this line but I do not know where.
Regards
James Smith
$row = mysql_fetch_array ($result, MYSQL_NUM);
what is MYSQL_NUM? I dont see it defined anywhere, and even if it was, what should go here is the resource link ($dbc). This might be why you're getting the invalid resource error. you can get away with leaving that blank if you dont plan to make any additional db connections.
2) in regards to the $u/$p vs the $username/$password naming convention, i think this is what happened. you will only get the error "Please try again" if either one of those are not set. so possibly, that means that when you're retrieving the posted data, you may have not received $_POST['username'] but rather did $_POST['u'], which is not the name of the username field on the form. the same could be for the password field.
I will try from 1 to 3 and see what happens.
James Smith
The mysql_fetch_array needs to resource result (the id that you get from the mysql_query) as the first argument, then you can specify your MYSQL_NUM if you want the numeric indexes.
Have a look at the manual [uk.php.net]page, as there are a lot of examples on there.
The SESSION variables will be available across multiple page requests, so long as you put session_start() at the top of each page so that sessions are active. So you can close the mysql connection after getting your results if you want to.
[edited by: PHP_Chimp at 4:32 pm (utc) on Dec. 27, 2007]
