PHP - MySQL: Help (noobie)

wee017 · Apr 11, 2006, 11:41 PM

I just started learning PHP and MySQL, and I made a code so someone can login with a username and a password. For some reason it's not working, here's the script:

Code:

<?
$mysql_link = mysql_connect("localhost","ANALAUR_kenny","flaco");
@mysql_select_db("ANALAUR_contact", $mysql_link)
if (($username) && ($password)) {
   $query = "SELECT user, pass FROM login ";
   $query .= "WHERE user='$username' AND pass='$password'";
   $result = mysql_query($query, $mysql_link);
	 if(mysql_num_rows($result)) {
	   $query = "UPDATE from login SET logged=SYSDATE()";
	   $query .= "WHERE user='$username' AND pass='$password' ";
	  mysql_query($query,$mysql_link);
	 } else {
	   print("Sorry, this login is invalid.");
	   exit;
	 }
} else {
?>
<link rel="stylesheet" href="styleme.css">
<center>
  <h1>Main Deck Login </h1>
  <table class="leger3" border="2"><tr><td>
<form action="login.php" method="POST">
<table>
<tr><td>Username</td>

<td><input type="text" name="user" size="16"></td></tr>
<tr><td>Password</td><td><input type="password" name="pass" size="16">
</td></tr><tr><td colspan="2"><div align="right">
<input type="submit" value="Login">
</div></td></tr>
</table></form>
</td></tr></table>
</center>
<div align="center"><br>
  <span class="style6">Copyright Main Deck Imports, LLC.
</span></div>
<?
}
?>

My database's name is ANALAUR_contact and the table to login is called login. Thanks for the help, and if you have any other SIMPLE login forms you would like to share feel welcome, thanks.

wee017 · Apr 13, 2006, 07:49 PM

Well If anyone was interested, I finally got around to it:

Code:

<?php
//Open Database connection
include 'library/db.php';
include 'library/common.php';
dbConnect('ANALAUR_contact');
//Get Variables
$username = $_POST['user'];
$passwordue = $_POST['pass'];
//Encrypt Password
$password = md5($passwordue);
//Set SQL query string
$query = "SELECT `password` FROM `users` WHERE `username` = '$username' LIMIT 1";
//Send String
$result = mysql_query($query);
//Get Results
$row = mysql_fetch_array($result); 
//Get DataBase Password to cross-check
$dbpass = $row['password'];
//Check to see if Password entered is the same as password in database
if($password == $dbpass AND $password !== NULL){
	session_start();
	$_SESSION['user'] = $username;
	$_SESSION['pass'] = $password;
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Logged in Succesfully</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="library/styleme.css">
</head>
<body>
<p>You have logged in succesfully. <a href="contacts.php">Click here</a> to continue.</p>
</body>
</html>
<?php
} else {
	echo("The username and/or password you entered was incorrect."); //Inform User about Login State
}
?>

I'm Still having a problem with this one piece of code, so if anyone can help me:

Code:

<?php
$self = $_SERVER['PHP_SELF'];
if(isset($_GET['id'])) {
	$idNum = $_GET['id'];
	$query = 'SELECT * FROM `contacts` WHERE `ID` = $idNum';
	$result = mysql_query($query) or die('Error, query failed 2');
	/* $i = 0;
	while($row = mysql_fetch_array($result)) {
	echo $row[$i];
	++$i; 
	} */
} else {
	$query = 'SELECT * FROM `contacts`';
	$result = mysql_query($query) or die('Error, query failed 1');
	while($row = mysql_fetch_array($result)) {
		$id = $row['ID'];
		$contact = $row['Name'] . ' ' . $row['Last Name'] . '<br>';
		echo "<a href=\"$self?id=$id\">$contact</a>";
	}
}
?>

It's the first part that is not working. I get this "Error, query failed 2" I put a 2 and a 1 so I can recognize where the error was coming from.

wee017 · Apr 13, 2006, 07:51 PM

Oh I forgot to put the included documents:

Code:

include 'library/db.php';
include 'library/common.php';

Code:

<?php // db.php
$dbhost = 'mysql.hosting-advantage.com';
$dbuser = 'ANALAUR_kenny';
$dbpass = 'flaco';
function dbConnect($db="") {
   global $dbhost, $dbuser, $dbpass;
   
   $dbcnx = @mysql_connect($dbhost, $dbuser, $dbpass)
	   or die("The site database appears to be down.");

   if ($db!="" and !@mysql_select_db($db))
	   die("The site database is unavailable.");
   
   return $dbcnx;
}
?>

Code:

<?php // common.php
function error($msg) {
   ?>
   <html>
   <head>
   <script language="JavaScript">
   <!--
	   alert("<?=$msg?>");
	   history.back();
   //-->
   </script>
   </head>
   <body>
   </body>
   </html>
   <?
   exit;
}
?>

Maddogg6 · Apr 13, 2006, 09:50 PM

you shoudnt post your MYSQL UN/PW - it could comprimise the whole sever , I assume your on a virtual host...

MythicaL · Apr 14, 2006, 01:10 AM

Is '++$i' possible? I'm pretty sure it's '$i++'...

Also, dunno if this helps or not, but the method I connect to and call things from the db is:

Code:

$connect = mysql_connect(SQL_ADDR, SQL_USER, SQL_PASS);
mysql_select_db(SQL_DBASE, $connect);

$sql = mysql_query("SELECT * FROM news WHERE newsActive='1' ORDER BY newsDate DESC");

while($row = mysql_fetch_array($sql)) {
  ...
}

wee017 · Apr 14, 2006, 02:15 PM

Well, the password and username I posted there were incorrect, but the host is what I use.