More worries - login form with u/n and p/w in MySQL

1

I’ve been hanging around this forum a bit lately, so thanks all for your help.

Now I need to get my login forms working with passwords and usernames from MySQL. I had it working for one session today, but then I must have changed something because I can’t get it to go again.

The login page has an included file as follows called login.php, which has the function for checking the database:


<?php

function login($username, $password){
	$query  = "SELECT * FROM itl_users WHERE user_login='$username' AND user_password='$password'";
	$result = mysql_query($query);
	if(!result)
	return 0;
	if (mysql_num_rows($result) > 0)
	return 1;
	else
	return 0;

}

?>

This is the page with the form and the protected area:


<html>
<head>
<title>Add Client Downloads to ITL</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">

<?php

require '../include.php';
require '../login.php';

$username = $_POST['txtUsername'];
$password = $_POST['txtPassword'];

if(!login($username, $password)){


?>

<div align="center"> 
  <TABLE WIDTH=500 BORDER=0 CELLPADDING=0 CELLSPACING=0>
    <tr> 
      <td colspan=2> 
        <div align="center"></div>
        <p><b><font face="Arial, Helvetica, sans-serif"><br>
          Add ITL Clients<br>
          &nbsp; </font></b></p>
      </td>
    </tr>
    <tr>
      <td colspan=2> 
        <form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
          <p><font face="Arial, Helvetica, sans-serif" size="-1">Please enter 
            your Username and Password to make changes to the ITL Clients Area</font></p>
          <table border="0" cellpadding="5" cellspacing="0">
            <tr> 
              <td><font face="Arial, Helvetica, sans-serif" size="-1"><label for="txtUsername">Username</label> 
                </font></td>
              <td><font face="Arial, Helvetica, sans-serif" size="-1"> 
                <input type="text" title="Enter your Username" name="txtUsername" size="16" maxlength="16" />
                </font></td>
            </tr>
            <tr> 
              <td><font face="Arial, Helvetica, sans-serif" size="-1"><label for="txtpassword">Password</label> 
                </font></td>
              <td><font face="Arial, Helvetica, sans-serif" size="-1"> 
                <input type="password" title="Enter your password" name="txtPassword" size="16" maxlength="16" />
                </font></td>
            </tr>
          </table>
          <p><font face="Arial, Helvetica, sans-serif" size="-1"> 
            <input type="submit" name="Submit" value="Login" />
            </font></p>
          <p><font face="Arial, Helvetica, sans-serif" size="-1"><b><a href="index.php">back 
            to clients options</a></b></font> </p>
        </form>
      </td>
    </tr>
  </TABLE>
</div>

<font face="Arial, Helvetica, sans-serif" size="-1"> 
<?php
}
else 
{
?>
</font> 
<div align=center>
  <TABLE WIDTH=500 BORDER=0 CELLPADDING=0 CELLSPACING=0>
    <tr> 
      <td colspan=2> 
        <div align="center"></div>
        <p><b><font face="Arial, Helvetica, sans-serif"><br>
          Add ITL Clients</font></b><b><font face="Arial, Helvetica, sans-serif"><br>
          &nbsp; </font></b></p>
      </td>
    </tr>
    <tr> 
      <td colspan=2><font face="Arial, Helvetica, sans-serif" size="-1">more stuff 
        here...</font></td>
    </tr>
  </table>
</div>



<?php
}
?> 

</body>
</html>

Thanks
C

2

Do you call mysql_connect and mysql_select_db with correct information in include.php? If not, that’s probably whats giving you trouble.

Also, for security reasons you should add the following lines before you call the login function with $username and $password:

if (!get_magic_quotes_gpc())
{
$username = addslashes($username);
$password = addslashes($password);
}

3

could be me but i do not see you executing the function

ie:


login($_POST['username'],$_POST['password']);
4

There’s a dollar sign missing in front of ‘result’ in the first if-statement in your login function. It should be
if (!$result)

5

see it now lol


 $check = login($username, $password);
 if ($check == 0) {
 // do
 }
 else
 {
 // do
 }
  • the if (!$result) as hans stated