Re: Login is not working. Please help....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

twistednetadmin wrote:

> When I fill in the form with user and password, it goes to the
> loginerror.php anyway.
> Is this because I use switch with only one case(I'm going to make more
> later), and if it is. What should I use instead?
> This is my first php-script. I have tested this on both php4 and php5.
> Please help.
> 
> (login.php)
> <?php
> 
> 
> include ("connection"); // obvious
> 
> 
> 
> session_start();
> switch (@$_GET['action']) // Gets set by the form action
> {
> case "login":
> $sql = "SELECT name FROM DB
> WHERE name='$_POST[user]'";
> $result = mysql_query($sql) or die("Couldn't execute query.");
> $num = mysql_num_rows($result);
> if ($num ==1) // loginname found
> {
> $sql = "SELECT name FROM DB
> WHERE name='$_POST[user]'
> AND pass=password('$_POST[pass]')";
> $result2 = mysql_query($sql) or die("Couldn't execute query 2.");
> $num2 = mysql_num_rows($result2);
> if ($num2 > 0) // password is correct
> {
> $_SESSION['auth']="yes";
> $logname=$_POST['user'];
> $_SESSION['logname'] = $logname;
> header("Location: page1.php");
> }
> else // password is not correct
> {
> unset($action);
> header("Location: loginerror.php");
> }
> }
> elseif ($num == 0) // Wrong name. Name not in db
> {
> unset($action);
> header("Location: loginerror.php");
> }
> 
> }
> 
> ?>
> --------------------------------------------
> (form.php)
> 
> 
> <table>
> <form action="login.php?action=login" method="post">
> 
> <tr>
> <td align="center" valign="middle" class="maintext">
> 
> Login as:<input type=text name="name">
> 
> </td>
> </tr>
> <tr>
> <td align="center" valign="middle" class="maintext">
> 
> Password:<input type="password" name="pass"><br>
> 
> </td>
> </tr>
> <tr>
> 
> <td align="center" valign="middle" class="maintext">
> 
> <input name="log" type="submit" value="Enter"></td>
> 
> </tr>
> </form>
> </table>
> ----------------------------

Seems to me that you are passing a value 'name' as the username, but when
you search the database, you are using a value of $_POST[user] which does
not exist.

Note that the correct syntax should be $_POST['varname']


Cheers
-- 
David Robley

What goes up has probably been doused with petrol.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux