I am currently having a problem in which the login page to my website goes directly to the homepage without checking the users credentials stored in my data base. The code I use to register the users works just fine but for some reason I cant get this working properly.
<?php
session_start();
$dbhost = 'localhost:3036';
$dbuser = 'mredd';
$dbpass = 'csc255pass';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
//mysql_select_db( 'USERS_DB' );
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db("USERS_DB",$conn);
if (!$db_selected)
{
die ("Can\'t use test_db : " . mysql_error());
}
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$user = $_POST['username'];
$pass = $_POST['password'];
$sql="SELECT * FROM log_tbl Where username='$user' AND password='$pass'";
$retval = mysql_query( $sql, $conn );
$row = mysql_num_rows($retval);
if ($row == 1)
$_SESSION['user'] = $user;
header("Location: homepage.php");
}
?>
Doh! You fell into the trap of not using brackets with your If statement. The final chunk should read
$sql="SELECT * FROM log_tbl Where username='$user' AND password='$pass'";
$retval = mysql_query( $sql, $conn );
$row = mysql_num_rows($retval);
if ($row == 1) { //need this bracket
$_SESSION['user'] = $user;
header("Location: homepage.php");
} //and this one
} // this closes the 'POST' clause
?>
The code you wrote will only set the session if the row is returned, and will ALWAYS redirect to homepage.php. An If statement without brackets only controls the next command.
Related
I am making a profile page in which I want the user's email to be displayed. I thought this would be quite a simple code that could be achieved using the select function from the database. However, this only works for one string and I cannot seem to figure out why.
This is my original code
session_start();
$_SESSION["user"] = $username;
$_SESSION["pass"] = $password;
$_SESSION["email"] = $email;
$connection = mysqli_connect ("localhost", "root", "", "picshare");
if ($connection ->connect_error) {
die("Connection failed: " . $connection->connect_error);
}else{
$query = mysqli_query($connection, "SELECT email FROM login WHERE username='".$_SESSION["user"]."'");
$field = mysqli_fetch_assoc($query);
if (!$query)
{
die('Error: ' . mysqli_error($con));
}if(mysqli_num_rows($query) > 0){
$field = mysqli_fetch_assoc($query);
}else{
echo "error";
$conn->close();
}}
When I try and echo $field, nothing was echoed
<p class ="right uc"><?php echo($field['email']);?></p>
I retried the code, but instead of using a session, I made a variable
$host = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "picshare";
$user = 'Eniola Olaogun';
$conn = new mysqli ($host, $dbusername, $dbpassword, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}else{
$query = mysqli_query($conn, "SELECT email FROM login WHERE username='".$user."'");
$field = mysqli_fetch_assoc($query);
if (!$query)
{
die('Error: ' . mysqli_error($con));
}if(mysqli_num_rows($query) > 0){
$field = mysqli_fetch_assoc($query);
echo($field['email']);
}else{
echo "error";
$conn->close();
This code displayed the email, and so I proceeded to change the $user variable to another name and the original problem occurred where nothing was echoed.
I went back to the original code and I logged in as Eniola Olaogun and the email was echoed, but as soon as I changed the person I logged in as, no email was echoed.
I am not sure why I am experiencing this problem and some help would be greatly appreciated
$host = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "picshare";
$user = 'Eniola Olaogun';
$conn = new mysqli ($host, $dbusername, $dbpassword, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
else {
$sql = "SELECT email FROM login WHERE username= {$user}";
$result = $conn->query($sql);
if($result->num_rows > 0) {
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
echo($row['email']);
}
else {
echo "error";
$conn->close();
error connecting to mysql database through crazy domains
It sounds like it is a permission issue based on the user you're logging in as.
Test it with a 'root' user password that has global access and then troubleshoot and isolate it from there. I'm betting you will find it then.
Pretty much impossible for me to test this remotely since I don't have your DB schema and user accounts to validate with.
This is my login code, cant figure out whats wrong ( the last if, always goes to the last else ). i tried everything but still no luck.
<?php
error_reporting(E_ALL & ~E_NOTICE);
session_start();
if($_POST['submit']){
include_once("connection.php");
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$sql = "SELECT id, username, password FROM user WHERE username = '$username' AND password = '$password'";
$query = mysqli_query($connection, $sql);
if($query){
$row = mysqli_fetch_row($query);
$userId = $row[0];
$dbUsername = $row[1];
$dbPassword = $row[3];
}
if ($username = $dbUsername && $password == $dbPassword) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $userId;
header('Location: users.php');
}else {
header('Location: error.php');
}
}
?>
and thas my connection code
<?php
$connection = mysql_connect('localhost', 'root', '');
if (!$connection){
die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db('login');
if (!$select_db){
die("Database Selection Failed" . mysql_error());
}
?>
You are going to kick yourself... you have only a single = in your if.
if ($username = $dbUsername && $password == $dbPassword) {
Should be
if ($username == $dbUsername && $password == $dbPassword) {
The single = turns it into an assignment instead of a comparison.
Beyond that you are actually doing the comparison twice; once in SQL to get back the username and password, the second time in PHP. If your query returns the user id, you already know that the username/password did the trick.
You are also mixing mysql_connect and mysqli_query (and mysql_fetch_row). As the others have suggested, you need to move to the mysqli class or to PDO. But to get you going, you need to at very least change mysqli_query to mysql_query and mysqli_fetch_row to mysql_fetch_row.
Use mysql_query($connection, $sql) instead of mysqli_query($connection, $sql);
as you are using mysql_connect
I am trying to use a php form to update a sql database.
After spending hours i am finally able to update the database but the trouble is even if the row is not found matching the string, it still returns the message "updated data successfully". I checked the database and there is no other enteries that have been entered but I really want to make the user aware when they mistype the id.
Thanks
if (isset($_POST['update'])) {
$dbhost = 'localhost';
$dbuser = 'user';
$dbpass = 'password';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if (! $conn ) {
die('Could not connect: ' . mysql_error());
}
$UniqueID = mysql_real_escape_string($_POST['UniqueID']);
$Referral = mysql_real_escape_string($_POST['Referral']);
mysql_select_db('database');
$sql = "UPDATE tablename set Referral = '$Referral' WHERE ID = '$UniqueID'";
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysql_error());
} else {
echo "Updated data successfully\n";
}
mysql_close($conn);
}
Thanks
That's because an update which doesn't change any rows is NOT a failure. It's simply a query which changed/found/affected no rows.
You need to check mysql_affected_rows() instead.
e.g.
$result = mysql_query(...);
if ($result === false) {
die(mysql_error()); // something blew up completely
} else if (mysql_affected_rows() == 0) {
... nothing was changed
}
A failure in sql is due to syntax errors, communications errors, or "meta" errors like violating constraints. An empty result set is a perfectly valid result set that just happens to be empty.
You can check if any error has occured after $retval = mysql_query( $sql, $conn ); by doing
if (mysql_error()) print 'Update Failed, Incorrect id';
The below is a simple script in order to remove information from a table which works fine, however this does not redirect to where I need it to go. Any ideas? I have also tried using die(); etc afterwards.
<?php
$dbservername = "xxxxx";
$dbusername = "xxxxx";
$dbpassword = "xxxxx";
$conn = mysql_connect($dbservername, $dbusername, $dbpassword);
$db = mysql_select_db("sxxxxx", $conn);
if (!$conn) { die('Could not connect: ' . mysql_error()); }
?>
<?php
session_start();
include"connect_db.php"; (this include, includes the above connection to db)
$content_id=$_GET['content_id'];
$username=$_SESSION['username'];
$sql = "DELETE FROM `user_blogs` WHERE `id`='".$content_id."' AND `username`='".$username."'";
$res = mysql_query($sql) or die(mysql_error());
header("location: user_page.php");
?>
try this might be the conditional problem...
$res = mysql_query($sql) or die(mysql_error());
if($res){
header("location: user_page.php");
}else{}
I am working with a MLM company where com has to register the member, if it detects any mistake in data, it has to update the data of member again.
I have the right code which works well when all fields has to update but problem is it does not work for individual input boxes. Please give me solution of this problem.
<?php
if(isset($_POST['update'])) {
$dbhost = 'localhost';
$dbuser = 'vvvv';
$dbpass = 'xxxx';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
$usrid = $_POST['uid'];
$pwrd = $_POST['pwd'];
$nm = $_POST['noe'];
$fnm = $_POST['fn'];
$addrs = $_POST['adrs'];
$cntn = $_POST['cnt_no'];
$cty = $_POST['ct'];
$sql = "UPDATE office_user ".
"SET
password = '$pwrd',
name='$nm',
father_name='$fnm',
address='$addrs',
contact_no='$cntn',
city='$cty' ".
"WHERE user_id = '$usrid'" ;
mysql_select_db('my_db');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
?>