help needed with login

ok i have this login script it is suppose to take you to an edit page which it does but no results show in the edit page
if some one could check it
cheers
Doug

login script

<?php
function authenticate($username, $password){ 
    

    $request = "SELECT * FROM members WHERE password=('$password') AND username='$username'"; 

    // Pass the request to the mysql connection, 

    $results = query_db($request); 

    // if mysql returns any number of rows great than 0 there is a match 
    return $results; 
} 

function query_db($query){ 
    $conn = mysql_connect("localhost", "car_do", "sm"); 
    if (!$conn) { 
        die('Could not connecteeer: ' . mysql_error()); 
    } 
    mysql_select_db("car"); 
    $results = mysql_query($query, $conn); 
    mysql_close($conn); 

    return $results; 
} 



   $form = ' 
   <p align="center" class="bodytext">
    Members Login<br> 
       <form action="logon.php" method="post"> 
	   
       Username:<input type="name" name="username"> 
	   
       Password:<input type="password" name="password"> 
	   
       <input type="submit" name="submit" value="submit this"> 
       </form> 
       '; 

if(isset($_POST['submit'])){ 

	$login1 = $_POST['username'] ;
	$password1 = $_POST['password'] ;	
    $hm = authenticate($login1 , $password1); 
    $hm2 = mysql_num_rows($hm); 
    if($hm2 > 0){ 
	setcookie("Caravan", $login1);
      echo "You have successfully Logged in! You will be redirected in three seconds!><br /><br />
				
				<div class='info'>If you don't wish to wait, <a href='edit.php'>click here</a>";
				
				echo'<meta http-equiv="REFRESH" content="1;url=edit.php">';
    }else{ 
      echo "username / password not valid<br>"; 
      echo $form; 
    } 

}else{ 
    echo $form; 
} 


 ?>
 

PHP:

and this is the edit form

<?php include("menu_u.php");

if($_POST['action'] == "edit") {

//This gets all the other information from the form
$region=$_POST['region']; 
$name=$_POST['name'];
$username=$_POST['username'];
$password=$_POST['password'];
$email=$_POST['email'];
$contact=$_POST['contact'];
$parkname=$_POST['parkname'];
$county=$_POST['county'];
$parklocation=$_POST['parklocation'];
$make=$_POST['make'];
$caravandetails=$_POST['caravandetails'];
$smoke=$_POST['smoke'];
$pets=$_POST['pets'];
$kids=$_POST['kids'];
$sex=$_POST['sex'];

// Connects to your Database 
$dbh=mysql_connect("localhost", "car", "smu") or die(mysql_error()); 
mysql_select_db("car") or die(mysql_error()); 
 
//Writes the information to the database 
mysql_query("UPDATE members SET region=\"$region\", name=\"$name\", username=\"$username\", password=\"$password\", email=\"$email\", contact=\"$contact\" , parkname=\"$parkname\" , county=\"$county\", parklocation=\"$parklocation\",   make=\"$make\", caravandetails=\"$caravandetails\", smoke=\"$smoke\", pets=\"$pets\", kids=\"$kids\", sex=\"$sex\" WHERE username =\"$username\" ");
 

echo "Success! Your information has been Updated. PleaseWait till you are redirected to the homepage.";
					echo'<meta http-equiv="REFRESH" content="2;url=logout.php">';
					
 }
else {

  $hm = authenticate($_COOKIE[Caravan]); 
  $hm2 = mysql_num_rows($hm); 

if ($hm2 > 0) 
{ 

$dbh=mysql_connect("localhost", "car", "smu") or die("Couldn't connect.");
mysql_select_db("car") or die("Couldn't select database.");

$sql = "SELECT * FROM members WHERE username ='$_COOKIE[Caravan]'";

$result = mysql_query($sql) or die("Couldn't execute profile query.");
$num=mysql_num_rows($result);

while ($row = mysql_fetch_array($result)) {
$region=$row['region']; 
$name=$row['name'];
$username=$row['username'];
$password=$row['password'];
$email=$row['email'];
$contact=$row['contact'];
$parkname=$row['parkname'];
$county=$row['county'];
$parklocation=$row['parklocation'];
$make=$row['make'];
$caravandetails=$row['caravandetails'];
$smoke=$row['smoke'];
$pets=$row['pets'];
$kids=$row['kids'];
$sex=$row['sex'];
}

?>

<form name="form" onsubmit="return ValidateRequiredFields();" action="<?echo $PHP_SELF ?>" method="POST">
<div id="info" style="width:360px;">

    <div align="left">
           <strong>Edit Your Listing</strong><br>
      <br />
   <strong>Type:</strong>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
   <select name="region" value=<? echo $region ?>>
        <option value="HIRE">4 Hire</option>
        <option value="EXCHANGE">Exchange</option>
        <option value="EXCHANGE/HIRE">Exchange and Hire</option>
        </select> <br>
      <br />
      <input name="name" type="text" value="<? echo $name ?>"> 
      <strong>Name:</strong>    <br>
      <br />
      <input type="text" name="username" value=<? echo $username ?>> 
      <strong>Username:</strong>    <br>
      <br />
      <input name="password" type="password" value=<? echo $password ?>> 
      <strong>Password:</strong>    <br> 
      <br />
      <input type="text" name = "email" value=<? echo $email ?>> 
      <strong>Email: </strong><br>
      <br />
      <input type="text" name = "contact" value="<? echo $contact ?>">
      <strong>Tel Number:</strong> <br>
      <br />
      <input type="text" name="parkname"  value="<? echo $parkname ?>"> 
      <strong>Park Name:</strong>    <br>
      <br />
      <strong>Select County: </strong> 
      <select name="county" value=<? echo $county ?>>
  <Option VALUE="South West">South West</option>
  <Option VALUE="South East">South East</option>
  <Option VALUE="Wales">Wales</option>
  <option value="Scotland">Scotland</option>
  <option value="London">London</option>
  <option value="East England">East of England</option>
  <option value="West Midlands">West Midlands</option>
  <option value="East Midlands">East Midlands</option>
  <option value="Yorkshire">Yorkshire & Humberside</option>
  <option value="Northwest">North West</option>
  <option value="Northeast">North East</option>
  <option value="Other">Other</option>
        </select> <br>
        <br/>
      <input type="text" name="parklocation" value="<? echo $parklocation ?>"> 
      <strong>Park Location:</strong> <br>
      <br />
      <input type="text" name="make" value="<? echo $make ?>">
      <strong>Make and Model</strong><br>
      <br/>
      <strong>Caravan Details:</strong><br>      
      <textarea name="caravandetails" cols="40" rows="5"> <? echo $caravandetails; ?> </textarea><br> 
      <br/>
      <input type="text" name="smoke" value="<? echo $smoke ?>">
      <strong>Smoking Allowed</strong><br>
      <br/>
      <input type="text" name="pets" value="<? echo $pets ?>">
      <strong>Pets Allowed</strong><br>
      <br/>
      <input type="text" name="kids" value="<? echo $kids ?>">
      <strong>Children Allowed</strong><br>
      <br/>
      <input type="text" name="sex" value="<? echo $sex ?>">
      <strong>Same Group Sex Allowed</strong><br>
      <br/>
  	 <input type="hidden" name="action" value="edit"></div>
      <input type="submit" value="Edit Details"/> 
    
</form>
<? }

else
{
echo "You must login to do that. <a href=login.php>Click here</a>";
}



 } ?>

PHP:

it used to work but not now
cheers
Doug

 

Are you sure the php script is called logon.php not login.php?

 

In your edit file.

find this line.
$result = mysql_query($sql) or die("Couldn't execute profile query.");

replace with this line.
$result = mysql_query($sql,$dbh) or die("Couldn't execute profile query.");

 

no sorry that did not work
starting to get me down now
think i should go to bed 3.30 in morning here
is there a better or easier way of doing what i am trying to do
cheers
Doug

 

Hi there! Here's some suggestions to improve your code:

Firstly: Vulnerabilities! :O

One (very) simple method of using some sort of protection:

$_POST = (function_exists('get_magic_quotes_gpc') and get_magic_quotes_gpc()) ? array_map('stripslashes', $_POST) : $_POST;
$_POST = array_map('mysql_real_escape_string', $_POST);

PHP:

Secondly: use single quotes (especially around array keys) - I'm assuming you do not want constant functionality.

Slow:

$hm = authenticate($_COOKIE[Caravan]);

PHP:

Faster (and doesn't throw an error):

$hm = authenticate($_COOKIE['Caravan']);

PHP:

Thirdly: Forget all this:

$region=$row['region']; 
$name=$row['name'];
$username=$row['username'];
$password=$row['password'];
$email=$row['email'];
$contact=$row['contact'];
$parkname=$row['parkname'];
$county=$row['county'];
$parklocation=$row['parklocation'];
$make=$row['make'];
$caravandetails=$row['caravandetails'];
$smoke=$row['smoke'];
$pets=$row['pets'];
$kids=$row['kids'];
$sex=$row['sex'];

PHP:

Instead just use this.

extract($row);

PHP:

Then $name will equal $row['name'] etc etc.

Enjoy:

Dan

 

Thanks for that buddy
think i should start again as nothing is going to plan
can you suggest where to look for ready made script which will help me
cheers
Doug

 

Hi.

function query_db($query){ 
    $conn = mysql_connect("localhost", "car_do", "sm"); 
    if (!$conn) { 
        die('Could not connecteeer: ' . mysql_error()); 
    } 
    mysql_select_db("car"); 
    $results = mysql_query($query, $conn); 
    mysql_close($conn); 

    return $results; 
} 

PHP:

This is a very bad practice to connect/disconnect the database for each request.

You should split this function into three:

connect_db();
disconnect_db();
query_db();

Or you can use MySqlI too:

$myDb = new mysqli(host, user, pass, base);

$myResultset = $myDb->query('SELECT something FROM sometable WHERE somecolumn=somevalue');

[... do something with that resultset ...]

$myDb->close();