Login Script problems

[as22607]

hi all first time here.

I am making a login error checking script via php and mysql

I have my html that is a form that sends information to my php script

here is the script itself

Quote:

<html>
<title>Login Checking</title>
<?php
//this bit grabs the username and password from the form data
$username=$_POST['username'];//grabs username from the previous form in post
$password=$_POST['password'];//grabs password from the previous form in post
//this checks to see if either the password or username is blank or both are blank if they are it sends the user to the error page
if (empty($username) || empty($password)): //check form to see if the password or username have been left blank or both
{
header("Location: error.php");//if the form is blank in any way it rejects the user and sends them to a error page
}
//this checks to see if the username exists in the database if it doesnt it sends the user to the error page
$user="root";
$password="no";
$database="college";//connect to the database college using root and no password
mysql_connect("localhost",$user);
@mysql_select_db($database) or die( "Unable to select database");//if database can not be found it rejects the connection otherwise connects to the desired database

$query="select * from login where username = '$username'";//does a query on mysql to see if the username exists or if there is multi occurences of the username
mysql_query($query);
$result=mysql_query($query);//put the results on the query into a variable
$num=mysql_num_rows($result);//check the previous variable to see how many rows it returns

elseif($num != 1)://checks to see if the rows returns is either 0 or 2 or more
{
header("Location: error2.php");//if the rows is not 1 it send the user to another error page
}
//this checks the username and password match within the database if they dnt it sends the user to the error page, if it does match it sends them to the welcoem page.
$password2=$_POST['password'];//grabs password from the previous form in post as the first instance of it is lost so is required for the next check

$user="root";
$password="no";
$database="college";//connect to the database college using root and no password
mysql_connect("localhost",$user);
@mysql_select_db($database) or die( "Unable to select database");//if database can not be found it rejects the connection otherwise connects to the desired database

$query2="select * from login where username = '$username' and password = '$password2'";//does a query on mysql to see if the username exists and wether the password is the same for that username
mysql_query($query2);
$result2=mysql_query($query2);//put the results on the query into a variable
$num2=mysql_num_rows($result2);//check the previous variable to see how many rows it returns

elseif($num2 == 1)://checks to see if the rows returns is 1
{
header("Location: welcome.php");// if the rows returned is 1 it sends the user to the welcome page
}
else:
{
header("Location: error3.php");// if the rows returned is 0 it sends the user to another error page
}
endif;
?>
</html>

when i wrote the script i tested it bit, by bit so each bit of code i wrote and tested to make sure it worked fine, then i commented the script out whilst i made the next bit and i made all 3 bits above and they worked fine by them self.

then i went and made them all work together and that when i got problems

the testing for blank entries work fine it sends me to the error page, checking for if a username exists in the database or is multi entries works fine. but when i go onto testing a proper username and password it sends me to error2.php page which is meant to only happen if there no entries or multi entries to which there is no multi entries of this user name and the username certainly exists. when i also tested with a bad password it also sent me to the error2.php instead of error3.php page.

any help will be appericated as i can not work out what is wrong with the code or the logic of it.

if things seems weird with the English i apologise i am dyslexic.

[Donny Bahama]

First of all, you've got a problem here:

Code: Select all

}
else:
{
header("Location: error3.php")

But I think you've got other problems as well.

[Donny Bahama]

Currently your structure looks like this:

Code: Select all

if $username or $password is empty {
    redirect to error.php
}
connect to database
run $query="select * from login where username = '$username'
if rows returned != 1 {
    redirect to error2.php
}
connect to database
run $query2="select * from login where username = '$username' and password = '$password2'
if rows returns is 1 {
    redirect to welcome.php
} else {
    redirect to error3.php
}
endif;
?>

A better way to do it would be

Code: Select all

connect to database //no reason to do this twice
if $username or $password is empty {
    redirect to error.php
} else {
    run $query="select * from login where username = '$username'
    if rows returned != 1 {
        redirect to error2.php
    } else {
        run $query2="select * from login where username = '$username' and password = '$password2'"
        if rows returned = 1 {
            redirect to welcome.php
        } else {
            redirect to error3.php
        }
    }
}

Note that above is pseudocode - don't copy & paste and expect it to work!

[Donny Bahama]

In other words, you need to be more careful about enclosing your blocks of code within the correct if...elseif...else structure.

Code: Select all

if (420 > 1) {
    // code here will definitely be executed
} elseif (365 > 1) {
    /* although 365 IS > 1, this won't be executed 
    because the 420 > 1 branch evaluated true */
}
// code here will be excuted regardless of whether 420 or 365 >1
// so will this because it's actually outside the if structure
else {
    // this code won't ever be executed because 420 > 1.
}
// endif is very old code and not needed if you use curly braces to enclose if structure.

[Donny Bahama]

Personally, I'd say you're also much better off with this:

Code: Select all

if (condition1) {
    // do this
} elseif (condition2)  {
    // do that
} else {
    // do something else
}

as opposed to this

Code: Select all

if (condition1)
{
// do this
}
elseif (condition2)
{
// do that
}
else
{
// do something else
}

It's a lot easier to spot problems in the structure that way.

Here's how I would have written the initial code you posted:

Code: Select all

<html>
<title>Login Checking</title>
<?php
$user="root";
$password="no";
$database="college";//connect to the database college using root and no password mysql_connect("localhost",$user);
@mysql_select_db($database) or die( "Unable to select database");//if database can not be found it rejects the connection otherwise connects to the desired database
/* better still to put the 4 lines above in a separate file such as db.connect.php then use an include statement here like so:
include 'db.connec.php';
*/
// this bit grabs the username and password from the form data
$username=$_POST['username'];    //grabs username from the previous form in post
$password=$_POST['password'];    //grabs password from the previous form in post
// this checks to see if either the password or username is blank or both are blank if they are it sends the user to the error page
if (empty($username) || empty($password)) {
    //check form to see if the password or username have been left blank or both
    header("Location: error.php");    //if the form is blank in any way it rejects the user and sends them to a error page
} else {
    // this checks to see if the username exists in the database if it doesnt it sends the user to the error page
    $query="select * from login where username = '$username'";    //does a query on mysql to see if the username exists or if there is multi occurences of the username
    $result=mysql_query($query);//put the results on the query into a variable
    $num=mysql_num_rows($result);//check the previous variable to see how many rows it returns
    if($num != 1) {
        //checks to see if the rows returns is either 0 or 2 or more
        header("Location: error2.php"); //if the rows is not 1 it send the user to another error page
    } else {
        //this checks the username and password match within the database if they dnt it sends the user to the error page, if it does match it sends them to the welcoem page.
        $password2=$_POST['password'];        //grabs password from the previous form in post as the first instance of it is lost so is required for the next check
        $query2="select * from login where username = '$username' and password = '$password2'";     //does a query on mysql to see if the username exists and wether the password is the same for that username
        $result2=mysql_query($query2);        //put the results on the query into a variable
        $num2=mysql_num_rows($result2);        //check the previous variable to see how many rows it returns
        if($num2 == 1) {
            //checks to see if the rows returns is 1
            header("Location: welcome.php");    // if the rows returned is 1 it sends the user to the welcome page
        } else {
            header("Location: error3.php");        // if the rows returned is 0 it sends the user to another error page
        }
    }
}
?>
</html>

(By the way, that should work as is.)

[as22607]

Quote:

Originally Posted by Donny Bahama

Personally, I'd say you're also much better off with this:

Code: Select all

if (condition1) {
    // do this
} elseif (condition2)  {
    // do that
} else {
    // do something else
}

as opposed to this

Code: Select all

if (condition1)
{
// do this
}
elseif (condition2)
{
// do that
}
else
{
// do something else
}

It's a lot easier to spot problems in the structure that way.

Here's how I would have written the initial code you posted:

Code: Select all

<html>
<title>Login Checking</title>
<?php
$user="root";
$password="no";
$database="college";//connect to the database college using root and no password mysql_connect("localhost",$user);
@mysql_select_db($database) or die( "Unable to select database");//if database can not be found it rejects the connection otherwise connects to the desired database
/* better still to put the 4 lines above in a separate file such as db.connect.php then use an include statement here like so:
include 'db.connec.php';
*/
// this bit grabs the username and password from the form data
$username=$_POST['username'];    //grabs username from the previous form in post
$password=$_POST['password'];    //grabs password from the previous form in post
// this checks to see if either the password or username is blank or both are blank if they are it sends the user to the error page
if (empty($username) || empty($password)) {
    //check form to see if the password or username have been left blank or both
    header("Location: error.php");    //if the form is blank in any way it rejects the user and sends them to a error page
} else {
    // this checks to see if the username exists in the database if it doesnt it sends the user to the error page
    $query="select * from login where username = '$username'";    //does a query on mysql to see if the username exists or if there is multi occurences of the username
    $result=mysql_query($query);//put the results on the query into a variable
    $num=mysql_num_rows($result);//check the previous variable to see how many rows it returns
    if($num != 1) {
        //checks to see if the rows returns is either 0 or 2 or more
        header("Location: error2.php"); //if the rows is not 1 it send the user to another error page
    } else {
        //this checks the username and password match within the database if they dnt it sends the user to the error page, if it does match it sends them to the welcoem page.
        $password2=$_POST['password'];        //grabs password from the previous form in post as the first instance of it is lost so is required for the next check
        $query2="select * from login where username = '$username' and password = '$password2'";     //does a query on mysql to see if the username exists and wether the password is the same for that username
        $result2=mysql_query($query2);        //put the results on the query into a variable
        $num2=mysql_num_rows($result2);        //check the previous variable to see how many rows it returns
        if($num2 == 1) {
            //checks to see if the rows returns is 1
            header("Location: welcome.php");    // if the rows returned is 1 it sends the user to the welcome page
        } else {
            header("Location: error3.php");        // if the rows returned is 0 it sends the user to another error page
        }
    }
}
?>
</html>

(By the way, that should work as is.)

unfortnally this is not working and it is doign the same as before with my first post

thank you for the advice on making the code better by connecting to the database once though i thought you had to conenct ever time you make a query

[Donny Bahama]

OK, so now you're down to standard debugging stuff. Here's how I do that...

1. Comment out any line that redirects. Just before that line, insert an echo line that says, "Redirecting to [someotherpage.php]"
2. Right after any open curly brace, insert a new line with an echo that says "if you're reading this, that must mean....."
3. As necessary, insert lines to echo the values of the vars you're working with.

hth

[as22607]

Ok i commeneted out the header so it would allow me to see whats going on.

i have found two things

first

Parse error: parse error, unexpected T_IF, expecting ',' or ';' in c:\program files\easyphp1-7\www\assesment\login.php on line 51

then i commented out that if statement

then i got this which i found very weird

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in c:\program files\easyphp1-7\www\assesment\login.php on line 30

please ingore the t_if fixed that fault myself

it is the mysql_num_rows that is causing the problem by not getting the number of rows it finds so meaning even when there a valid login it sees none but i do not get why num_rows is not working

[as22607]

Quote:

Originally Posted by Donny Bahama

OK, so now you're down to standard debugging stuff. Here's how I do that...

1. Comment out any line that redirects. Just before that line, insert an echo line that says, "Redirecting to [someotherpage.php]"
2. Right after any open curly brace, insert a new line with an echo that says "if you're reading this, that must mean....."
3. As necessary, insert lines to echo the values of the vars you're working with.

hth

thank you for your help

i have now finally debugged it and it works fine