Log in

View Full Version : Simple Login not working


JRF2k
03-26-2008, 07:51 PM
Hello,

Not sure where I am going wrong with this. When I run it, I get a blank page or if I have Friendly Error messages turned on I get a 500 Internal Server error.

Any help is tremendously welcomed!


<?php


$conn=odbc_connect('Warranty','','');
if (!$conn)
{exit("Connection Failed: " . $conn);}



$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM Admins WHERE Username='$myusername' and Password='$mypassword'";

$results= odbc_execute($sql);

$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "AdminPage.php"
session_register("myusername");
session_register("mypassword");
header("location:AdminPage.php");
}
else {
echo "Wrong Username or Password";
}
?>
NXArmada
03-26-2008, 08:13 PM
You are using a MySQL Command to do a count on an ODBC connection. you need to use the ODBC version of mysql_num_rows()

Detail can be found here: http://us.php.net/manual/en/function.odbc-num-rows.php



<?php


$conn=odbc_connect('Warranty','','');
if (!$conn)
{exit("Connection Failed: " . $conn);}



$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM Admins WHERE username='$myusername' and password='$mypassword'";

$results= odbc_execute($sql);

$count= odbc_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "AdminPage.php"
session_register("myusername");
session_register("mypassword");
header("location:AdminPage.php");
}
else {
echo "Wrong Username or Password";
}
?>
JRF2k
03-26-2008, 08:40 PM
Thank you, Ryan!

That got it working somewhat.

Now when I type in the user/pass and hit submit it just tells me my username and password are wrong. I checked the DB where I am storing this and I am using the correct entries. I checked the script again and now with your help everything appears to be correct.

Not sure if this would be helpful but here is my Form HTML:


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Enter Page Title Here</TITLE>
<META http-equiv=Content-Type content="text/html; charset=UTF-8">
<META content="MSHTML 6.00.6000.16608" name=GENERATOR>
<STYLE type=text/css>BODY {
FONT-FAMILY: verdana, arial, sans-serif
}
</STYLE>
</HEAD>
<BODY>
<P><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>&nbsp;</P>
<P><BR>&nbsp;</P>
<TABLE cellSpacing=1 cellPadding=0 width=300 align=center bgColor=#cccccc
border=0>
<TBODY>
<TR>
<FORM name=form1 action=checkuser.php method=post>
<TD>
<TABLE cellSpacing=1 cellPadding=3 width="100%" bgColor=#ffffff
border=0><TBODY>
<TR>
<TD colSpan=3><STRONG>Admin Login </STRONG></TD></TR>
<TR>
<TD width=78>Username</TD>
<TD width=6>:</TD>
<TD width=294><INPUT id=myusername name=myusername></TD></TR>
<TR>
<TD>Password</TD>
<TD>:</TD>
<TD><INPUT id=mypassword name=mypassword></TD></TR>
<TR>
<TD>&nbsp;</TD>
<TD>&nbsp;</TD>
<TD><INPUT type=submit value=Login name=Submit></TD></TR></TBODY></TABLE></TD></FORM></TR></TBODY></TABLE></BODY></HTML>


Thank you for your time and expertise.
city_coder
03-26-2008, 10:38 PM
Try echoing $count out to your screen at the same time as your error message, you may find that it isn't 1 :P

Also you may find that you will want to LIMIT the sql statement so that it only brings back one result, otherwise it may bring back 5 and it will just take the first one of the result set.
JRF2k
03-27-2008, 02:08 PM
OK, I tried to echo $count and I just get the page again with Invalid Username or Password. I put the statement right below $count= odbc_num_rows($result); statement. I've also tried putting the echo state at the very end, but that doesn't show me anything either.


<?php


$conn=odbc_connect('Warranty','','');
if (!$conn)
{exit("Connection Failed: " . $conn);}



$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM Admins WHERE Username='$myusername' and Password='$mypassword'";

$results= odbc_execute($sql);

$count= odbc_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
echo $count;
if($count==1){
// Register $myusername, $mypassword and redirect to file "AdminPage.php"
session_register("myusername");
session_register("mypassword");
header("location: AdminPage.php");
}
else {
echo "Wrong Username or Password";
}
?>
thetestingsite
03-27-2008, 02:21 PM
It should be



$count= odbc_num_rows($results);


Hope this helps.
JRF2k
03-27-2008, 05:20 PM
Thank you. I didn't see the missing 's'.

However, I still get the same result. Even if I echo $count I get a white page with Wrong Username or Password on it.

I had really hoped all it was was the missing 's' :(
JRF2k
03-27-2008, 05:30 PM
I verified that the values of the form are being stored correctly.

I commented out everything except what is below:


<?php


$conn=odbc_connect('Warranty','','');
if (!$conn)
{exit("Connection Failed: " . $conn);}



$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
echo $myusername;
echo $mypassword;

?>

The values from the form are being carried over.

I then did:


<?php


$conn=odbc_connect('Warranty','','');
if (!$conn)
{exit("Connection Failed: " . $conn);}



$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
echo $myusername;
echo $mypassword;

$sql="SELECT * FROM Admins WHERE Username='$myusername' and Password='$mypassword'";

$results= odbc_execute($sql);

$count= odbc_num_rows($results);
echo $count;
?>

But I get nothing but what I typed in the form. I've tried to echo $count and $results but it's the same thing over and over.

$sql appears to be right. It's when I try to echo $results or $count that I get nothing. I've tried chaning $count == from 1 to 2 since I have 2 entries in there and still nothing.
JRF2k
03-27-2008, 05:49 PM
ALMOST!!! ARGH!!!

So close!


<?php


$conn=odbc_connect('Warranty','','');
if (!$conn)
{exit("Connection Failed: " . $conn);}



$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM Admins WHERE Username='$myusername' and Password='$mypassword'";

$results=odbc_execute($sql);

$count= odbc_num_rows($results);

$num= count($count);

echo $num;

//If result matched $myusername and $mypassword, table row must be 1 row

if($num==1){
// Register $myusername, $mypassword and redirect to file "AdminPage.php"
session_register("myusername");
session_register("mypassword");
header("location:http://server/AdminPage.php");
}
else {
echo "Wrong Username or Password";
}

?>



So I added:

$num= count($count);

echo $num;

to the code and that seemed to fix it, however, now it doesn't matter what user/pass I put in it, it will let you into the Admin page.

Seems to me though I would need some logic to tell it to compare $myusername and $mypassword to what was entered.
city_coder
03-28-2008, 10:24 AM
If in your database you have only 1 entry that matches the details that you entered(which should be the case) then mysql will bring back an array of results and an array starts from 0.

try doing this, you will see that you are getting $count back or $num whichever you use.



echo 'number of results returned is '.$count.'.';

If there is just a space inbetween the msg and the fullstop then you know that the results are equal to NULL or 0.

Try putting the echo $num; in the section of the if when the results have been compared.

You may also want to strip any spaces in front of or after the username and password being sent through. It wont help for now but its something you should think about for when you get it up and running.

Anyway, hopefully those things will help, either that or iv just wasted your time then sorry, lol. hope not :D
Rockonmetal
04-01-2008, 01:48 AM
If it also might help...
I think that

$sql="SELECT * FROM Admins WHERE Username='$myusername' and Password='$mypassword'";
should be:

$sql="SELECT * FROM Admins WHERE Username='$myusername' AND Password='$mypassword'";
If it makes any difference
codeexploiter
04-02-2008, 04:11 AM
If it also might help...
I think that

$sql="SELECT * FROM Admins WHERE Username='$myusername' and Password='$mypassword'";
should be:

$sql="SELECT * FROM Admins WHERE Username='$myusername' AND Password='$mypassword'";
If it makes any difference

It won't make much difference.
Rockonmetal
04-02-2008, 06:39 PM
Just a quick question? Is the Adminpage.php in a different folder than where the login script is? If so you need to put the full url to it...
//Btw i just learned this yesterday... If you want a url from the folder above... you do this: "../file.php"
Hope this helps