Am facing challenges in the following code; please help:
<?php
session_start();
$con = mysql_connect("localhost","root","");
if (!$con){
die('Could not connect: ' . mysql_error());
}
$db_exist = mysql_select_db("seta", $con);
$myUName = $_POST["username"];
$myPwd = $_POST["pwd"];
$loFmUname = strtolower($myUName);
if($db_exist){
$sql = "SELECT * FROM Persons WHERE $loFmUname = 'strtolower($db_field['UserName'])' AND $myPwd = '$db_field['UserPwd']'";
$result = mysql_query($sql);
if($result){
$_session['loged'] = '$loFmUname';
header('location:index.html');
die();
}
else{
echo"Invalid username and/or password please";
echo "<a href='login.php'>try again</a>";
}
}
else{
echo "Sorry Database Not Found";
}
mysql_close($con);
?>
The error is coming on line 15.
Note that strtolower() is being used to ignore case-sensitive username.
Change the line
$sql = "SELECT * FROM Persons WHERE $loFmUname = 'strtolower($db_field['UserName'])' AND $myPwd = '$db_field['UserPwd']'";
By this one
$sql = "SELECT * FROM Persons WHERE $loFmUname = '".strtolower($db_field['UserName'])."' AND $myPwd = '".$db_field['UserPwd']."'";
This may help you.
Thanks
You need to use dot separators when doing manipulation to a variable inside a variable.
Also, should $_SESSION['loged'] = '$loFmUname'; be that, or $_SESSION['logged'] = '$loFmUname';?
<?php
session_start();
$con = mysql_connect("localhost","root","");
if (!$con){
die('Could not connect: ' . mysql_error());
}
$db_exist = mysql_select_db("seta", $con);
$myUName = $_POST["username"];
$myPwd = $_POST["pwd"];
$loFmUname = strtolower($myUName);
if($db_exist){
$result = mysql_query("SELECT * FROM Persons WHERE $loFmUname='" . strtolower($db_field['UserName']) . "' AND $myPwd='$db_field['UserPwd']' ");
if($result){
$_SESSION['loged'] = '$loFmUname';
header('Location: index.html');
die();
} else {
echo "Invalid username and/or password please";
echo "<a href='login.php'>try again</a>";
}
} else {
echo "Sorry Database Not Found";
}
mysql_close($con);
?>
Related
I'm a bit rusty on mysql, especially now that it's mysqli... Nothing happens in the script below, the variables $row[username] etc are empty. What am I doing wrong?
<?php
session_start();
include_once('./db_config.php');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = md5(mysqli_real_escape_string($conn, $_POST['password']));
$query = "SELECT * FROM players WHERE username = '".$username."' AND password = '".$password."'";
if($res = mysqli_query($conn, $query))
{
$row = mysqli_num_rows($res);
$_SESSION['Username'] = $row['username'];
$_SESSION['uID'] = $row['id'];
$_SESSION['Join_Date'] = $row['join_date'];
mysqli_free_result($res);
header('Location: ../index.php');
} else
{
echo mysqli_error($conn);
}
?>
You are not fetching the records instead you are doing myql_num_rows(this will give only no of record)
use this to fetch records
$row = mysqli_fetch_array($res,MYSQLI_ASSOC);
<?php
session_start();
include_once('./db_config.php');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = md5(mysqli_real_escape_string($conn, $_POST['password']));
$query = "SELECT * FROM players WHERE username = '".$username."' AND password = '".$password."'";
if($res = mysqli_query($conn, $query))
{
$row = mysqli_fetch_array($res,MYSQLI_NUM);
$_SESSION['Username'] = $row['username'];
$_SESSION['uID'] = $row['id'];
$_SESSION['Join_Date'] = $row['join_date'];
mysqli_free_result($res);
header('Location: ../index.php');
} else
{
echo mysqli_error($conn);
}
?>
I am trying to connect to a db but I keep getting an error that pops up every chance I get to change the db or connection string . I am currently using php mysqli and wamp will not show any error with the connection itself .
calc.php:
class Login {
var $con;
function __construct($con){
$this->con = $con;
}
function try_connecting(){
$connecting = true;
if($connecting){
if(!$this->con){
die ("Could not connect") . $this->con->connect_errno;
} else {
echo "connected";
}
} else {
return $connecting;
}
}
function try_login(){
if(try_connecting()){
$q = "SELECT username, password FROM persons WHERE username = " . $_POST["username"] . " AND password = " . $_POST['pwd'];
$rows = $this->con->num_rows;
if($rows == 1){
echo "true";
} else {
echo "not user";
}
}
}
}
Here is the test.php:
<?php
include("calc.php");
$u = $_POST['username'];
$p = $_POST['pwd'];
$con = mysqli_connect("localhost","root","","rdb");
$form = new Login($con);
$form->try_connecting();
$form->try_login();
?>
connection string error Unknown database
You forgot to run this query
$q = "SELECT username, password FROM persons WHERE username = " . $_POST["username"] . " AND password = " . $_POST['pwd'];
$rows = $this->con->num_rows;
Try to add
$this->con->query($q)
between the lines above
This code does not seem to be working. It only shows a blank page when I click the login button. What could be the issue.
<?php
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$con = mysql_connect("localhost","root","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("register", $con);
$query =("SELECT * FROM users WHERE username = '". $username ."' AND password = '". $password ."' LIMIT 1");
$count = mysql_num_rows($query);
if ($count == 0) {
echo 'Error: username or password wrong ';
} else {
echo "Registration Successful, redirecting";
header("refresh:3; url=login.html");
mysql_close($con)
?>
Use an IDE not only an Editor!
Using my IDE it showed me an error right away and it was quite easy to fix afterwards:
<?php
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$con = mysql_connect("localhost","root","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("register", $con);
$query =("SELECT * FROM users WHERE username = '". $username ."' AND password = '". $password ."' LIMIT 1");
$count = mysql_num_rows($query);
if ($count == 0) {
echo 'Error: username or password wrong ';
} else {
echo "Registration Successful, redirecting";
}
header("refresh:3; url=login.html");
mysql_close($con);
?>
You forgot the closing curly brackets of the else part AND the semi colon in your second last line!
Upon Logging in, I have the userID stored in the SESSION. However when I call updateMarkerlocations.php it says userID is undefined. Not sure what I'm missing.
login.php
session_start();
if (!isset($_POST['submit'])){
} else {
require_once("db_const.php");
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# check connection
if ($mysqli->connect_errno) {
echo "<p>MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}</p>";
exit();
}
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * from userinfo WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
$result = $mysqli->query($sql);
if (!$result->num_rows == 1) {
echo "<p>Invalid username/password combination</p>";
} else {
$row = $result->fetch_assoc();
setcookie("username", time() +60*60*24*30*365);
$_SESSION['userID'] = $row['userID'];
echo "<p>Logged in successfully!, Please close the window</p>";
}
}
?>
updateMarkerLocations.php
<?php
include 'db_const.php';
function insertMarkerLocations()
{
$markerCount = 0;
if (isset($_POST['markerCount']))
$markerCount = $_POST['markerCount'];
if(isset($_SESSION["userID"]))
{
$userID = $_SESSION["userID"];
}
$con = mysql_connect(DB_HOST, DB_USER, DB_PASS);
mysql_select_db(DB_NAME);
$userID = $_POST['userID'];
for($i=0 ; $i < $markerCount; $i++){
$index = $i;
++$index;
$curMarkerID = $_POST["markerID$index"];
$curLang = $_POST["lang$index"];
$curLat = $_POST["lat$index"];
// Now write the current marker details in to the db.
$query = "INSERT INTO userinfo (userID, markerID, lang, lat ) VALUES ('$userID', '$curMarkerID', '$curLang', '$curLat')";
mysql_query($query)
or die(mysql_error());
}
$msg = "SUCCESS";
return $msg;
}
$msg = insertMarkerLocations();
echo json_encode($msg);
?>
Add this at the top of each file:
if(!isset($_SESSION)) session_start();
Also, when you do:
$userID = $_POST['userID'];
you should ensure that $_POST['userID'] exists:
if(isset($_POST['userID'])) $userID = $_POST['userID'];
Whats wrong with my db_field. in line 15:
$sql = "SELECT * FROM Persons WHERE $loFmUname = '".strtolower($db_field['UserName'])."' AND $myPwd = '".$db_field['UserPwd']."'";
Code I have is
<?php
session_start();
$con = mysql_connect("localhost","root","");
if (!$con){
die('Could not connect: ' . mysql_error());
}
$db_exist = mysql_select_db("seta", $con);
$myUName = $_POST["username"];
$myPwd = $_POST["pwd"];
$loFmUname = strtolower($myUName);
if($db_exist){
$sql = "SELECT * FROM Persons WHERE $loFmUname = '".strtolower($db_field['UserName'])."' AND $myPwd = '".$db_field['UserPwd']."'";
$result = mysql_query($sql);
if($result){
$_SESSION['loged'] = '$loFmUname';
header('Location: index.html');
die();
} else {
echo "Invalid username and/or password please";
echo "<a href='login.php'>try again</a>";
}
} else {
echo "Sorry Database Not Found";
}
mysql_close($con);
?>
Simple: the variable db_field is not initialized anywhere with any value. You're not creating it before using it.
try this
$sql = "SELECT * FROM Persons WHERE ". $loFmUname." = '".strtolower($db_field['UserName'])."' AND ".$myPwd." = '".$db_field['UserPwd']."'";