Hi everyone... Yesterday I copy and pasted a login script that I created earlier last year, problem is, when I created a DB in MySql, and connected it, it would always give me the error that the account doesn't exist. But it does, because I inserted it into the DB. What makes it even more weird is, when I connected it to another DB that I created a couple of months ago, it works fine! What on earth is going on here? The code is fine, the DBs match up, and there are no irregularities! The code's line is fixed to match with the connecting current DB, but thats not working. Does it take a couple of days for a DB to finally set in? Or? Thank you guys, Majo0od
Hi Majo0od, I have a few questions: What do you mean by the "account" doesn't exist? Have you tested this offline on a local server, or is this all performed on a remote server? It sounds like you've set up a MySQL database using cpanel? All server-side changes should be near enough instantaneous. If you have the code, you could post it here so I could have a look over it and replicate the problem? Lee.
Well I created a function for registering and logins, but those are not causing the registration is not the problem, its the logining in... I created a function where if the user is not in the database and that person tried logging in using those lines, it will say, ERROR, ACCOUNT DOESNT EXIST, or something along those lines. So, thats what it keeps on giving me. Also... It is on the server, and that's why I'm completely confused... What I don't under stand is that when I use it to connect to a newer DB it doesn't work, but when I connected to the other one, it worked perfectly... Here is the code for the login: <?php include ("sql/dbcon.php"); if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username'])) { ?> <font color = white><p> Your already logged in your being redirected to the home page</p></font> <meta http-equiv='refresh' content='1; url= profile.php'> <?php } elseif(!empty($_POST['username']) && !empty($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'"); if (mysql_fetch_array($checklogin)) { $row = mysql_fetch_array($checklogin); $email = $row['EmailAddress']; $_SESSION['Username'] = $username; $_SESSION['EmailAddress'] = $email; $_SESSION['LoggedIn'] = 1; echo"<META HTTP-EQUIV='REFRESH' CONTENT='0'>"; } else { echo "<h1>Error</h1>"; echo "<p>Sorry, your account could not be found. Please try again.</p>"; } } else { ?> <h3><font color = white>Login</h3></font> <form method="post" action="index.php" name="loginform" id="loginform"> <fieldset> <label for="username"><center><font color = #7FFF00>Username</center></font></label><input type="text" name="username" id="username" /><br /> <label for="password"><center><font color = #7FFF00>Password</center></font></label><input type="password" name="password" id="password" /><br /> <input type="submit" name="login" id="login" value="Login" /> </fieldset> </form> <!--<p><font size =2><font color = #7FFF00>Don't have an account? <br><u><a href="register.php"><font color = white>Register!</u></a></p></font> --> <?php } ?> Code (markup): The table is called users and has the column Username and Password, also EmailAddress. So what on earth is the problem? Also, the DB connection is correct.... I've checked thousands of times Thanks, Majo0od
Right, going on verification that an 'account' exists, as in, SQL records construct accounts, this is how I would do it without using classes and objects: <? # Forgive me for using short-tags :) function connect() { mysql_connect('localhost','root','password')or die(message("Couldn't connect to sql")); mysql_select_db('database') or die(message("Couldn't select database")); } function close() { mysql_close()or die(message("Couldn't close sql connection")); } function is_logging_in() { if($_POST) { $user_data = validate_input($_POST); $user_array = ''; array_push($user_array, $user_data['username'], $user_data['password']); check_user_data($user_array); } else { return false; } } function is_logged_in() { if($_SESSION['logged_in']) { // Should check session's contents against database table first for extra security redirect('profile.php'); } else { // User not logged in, redirect redirect('login.php'); } } function message($message_string) { print "<div>$message_string</div>"; // Formatting for message too } function redirect($header_location) { print '<meta http-equiv="REFRESH" content="0;url='.$header_location.'">'; die(); } function clean($input) { $input = strtolower($input); $input = php_strip_whitespace($input); $input = preg_replace('/[^a-z0-9]/','',$input); return $input; } function validate_input($input) // Any input in type string or array { if(is_string($input)) { $input = clean($input); return $input; } else if(is_array($input)) { foreach($input as $key) { $clean_array[] = clean($key); } return $clean_array; } else { die(message('Invalid input data type')); } } function check_user_data($array) // Array of two elements - username & password, use validate first { $account_exist = mysql_num_rows(mysql_query("select id from users where username = '{$array['username']}' && password = '{$array['password']}'"); if($account_exist > 0) { // Account exists - create session and flag as logged in session_start(); $_SESSION['logged_in'] = true; redirect('profile.php'); } else { die(message('Error: Account does not exist')); } } connect(); if(is_logging_in == false) { is_logged_in(); } close(); ?> Code (markup): I typed this out in the thread without any syntax highlighting and checking, so I apologise for any small errors, but you should get the idea. I noticed you use encryption, more specifically MD5 hashing, a simple encrypt() function could be placed and used here. I would ordinarily organise my functions into class methods, but as a demonstration this should suffice. Also, I noticed you use sessions, I would recommend cookies because they're easier to debug and if you use the appropriate flags, they can be secure.
Sure, there is always a way, but why do you not like cookies? I've only ever used them. Used properly they can be secure and easy to use. To use sessions, as long as there has been a session initialised, just replace instances of cookies with the appropriate session components, i.e. the is_logged_in() function need only be tweaked to check a session exists instead of a cookie existing. I don't understand why you would need to use sessions for small projects as the information is already stored in a table which can easily be read, but I suppose if you want the continuation of this data across multiple pages then sessions would be more convenient than cookies. I used cookies in my demonstration because it only relies on checking that the user is already logged in, and since your problem is arising from logging in, it should still be useful.
Code didn't work... You see, the code that I gave you IS login.php. I don't know why, but this very same code that I posted WORKED for another site that I created, I just don't know why its not working on this one!
If the code is correct, the new server you have must be configured differently to your old one. Have you tried talking to your host? Using my code, what happens exactly? When you say it doesn't work, are there syntax errors, or does it give the same outcome as yours?
Well when using your code, it does nothing, no errors or anything, its just a blank space... Aslo, it has nothing to do with the server, I think it has to do with the database... The reason why I say this is because I tested it out on the same server but with a different Database, its been only working for that database that it originally was for. I checked the codes, nothing seemed to restrict the code from working for any other database. Its so strange! I am deeply confused as to why its not working!
If within the same mysql server, different databases give different results, I would say there are some typos either in your code or in database field name, structure, configuration. Your password field was configured as number, or your field name was pasword instead of password, for example. When code is working flawlessly with other server, you will have to inspect your server. Good luck.
Still no dice. I kept on checking the databases when this occurred, even my code, its almost the exact replica of the other one used, only for the database info, are somewhat changed. The fields are the same, the Database name and username and password are the same, if not, it would of given me an error saying so, and I double checked to see if it were right, and it is. I really don't know, I also checked the source code, still, nothing... I don't know what I did wrong :s
If extremely essential to get it working, do you mind letting me access to your cpanel? If you are pretty sure everything is flawless, you may want to ask your hosting service to reinstall new mysql version in your account, and letting them know that your code was working fine in a particular mysql version.
I think I found the problem, see, when I tried to create a register panel this is the error that came up... Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'redrhino'@'localhost' (using password: NO)... See, it must be the localhost thing, I just don't know what to replace it with. I will see...