PHP login script displays blank

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Mathanan
    New Member
    • Feb 2010
    • 12
    #1

    PHP login script displays blank

    Code:
    <?php

include("connect.php");
include("dbaselevel.php");

session_start();

	$username = $_POST['username'];
	$password = $_POST['password'];

		if ($username&&$password)
		{ 
			echo("checking username and password");
			$open_data = connect_dbase("login");
			
			$query = mysql_query("SELECT * FROM users WHERE userid = '$username'");		
			$rows = mysql_numrows($query);
			
			echo($rows);
			
			if ($rows!=0)
			{
				while ($dbrows = mysql_fetch_assoc($query)) 
				{
					$dbusername = $dbrows['userid'];
					$dbpassword = $dbrows['password'];
				}
				if ($username==$dbusername&&$password==$dbpassword)
				{
					$_session['username']=$username;
					$dblevel = mysql_query("SELECT 'level' FROM users WHERE userid = '$username'");
					$return_level = dbase_level_check($dblevel);
					$echo ($username. "you're in at". $dblevel);
					//header("location: {$return_level}");
					exit();
				}
				else 
				 	die("incorrect login information");	
			}
			else 
				die("Username does not exist!");
		}
		else
			die("Please enter Username and Password");
?>
    I am building a database driven website, and this is the login.php file that I have written to access a users database.

    it dies as soon as it checks to see if the user's name and password are correct. I am using a directory structure on my server (SME 7.4) that looks like this

    HTML/includes

    the includes directory holds all of my PHP files and is called from my index.html file through a simple HTML login form. The login form calls login.php, and the address bar, in the browser, shows that it is at least looking for the file, but no output.

    I am stumped.
    Last edited by Atli; Feb 9 '10, 06:27 PM. Reason: Added [code] tags.
    Tags: calling php files, directory structure, login
    • Atli
      Recognized Expert Expert
      • Nov 2006
      • 5062
      #2
      Hey.

      Does it stop before the echo on line #13?
      And do you have error messages turned on?

      Also, consider what would happen if I were to pass this as my username:
      Code:
      ' OR 1='1
      See what would happen to your SQL query?
      You should read up on SQL Injection and check out the mysql_real_esca pe_string function. (The most important thing you will learn about PHP development!)

        Comment

        • Mathanan
          New Member
          • Feb 2010
          • 12
          #3
          No echo

          I get a blank screen with the browser pointing at the login.php file

            Comment

            • Mathanan
              New Member
              • Feb 2010
              • 12
              #4
              Thank you!!!!!

              I just read up on the escape characters.. . . . yikes

              anyways Thank you very much. I have changed the code a bit to reflect mysql_real_esca pe_string that is a huge hole in my code. . . .

                Comment

                • Atli
                  Recognized Expert Expert
                  • Nov 2006
                  • 5062
                  #5
                  Ok, so you aren't getting any errors, even though you have turned on the error messages?

                  How exactly does your connect_dbase function look like? Could the error be there?

                  There is at least nothing in that code that would explain this, so the problem must be in the code you have included into this script.

                    Comment

                    • Mathanan
                      New Member
                      • Feb 2010
                      • 12
                      #6
                      Here is the connect.php file

                      Code:
                      <?php
// connect to the database needed

function connect_dbase($DBase)
{
	echo("connecting to data");
	if ($DBase == "login")
	{
		$DB= "XXXXXX";
		$uname= "apid";
		$pword= "xxxxxx";
		echo("user login");
	}
	else if ($DBase == "users")
	{
		$DB= "XXXXXXX";
		$uname= "level1";
		$pword= "xxxxx";
		echo("user database entry");
	}	
	else if ($DBase == "animal")
	{
		$DB= "XXXXXXX";
		$uname= "level1";
		$pword= "xxxxxx";
	}		
	$connection = mysql_connect("localhost:3306",$uname,$pword) or die("could not connect to the database");
	mysql_select_db($DB);
	echo ("your connected ". $DB);
}


?>
                      Last edited by Atli; Feb 10 '10, 11:52 AM. Reason: Added [code] tags.

                        Comment

                        • Mathanan
                          New Member
                          • Feb 2010
                          • 12
                          #7
                          the problem I am seeing is that it never gets there. . . . I never see connect.php in the address bar of the browser, or will I?

                            Comment

                            • Phill
                              New Member
                              • Feb 2010
                              • 4
                              #8
                              I think your problem is your connection file. Try requiring it rather than including it. Also, make sure the details are correct. Tested it and it works fine on my server.

                                Comment

                                • Phill
                                  New Member
                                  • Feb 2010
                                  • 4
                                  #9
                                  Code:
                                   $open_data = connect_dbase("login");
                                  Don't understand why you have this. Wouldn't it just be:

                                  Code:
                                  connect_dbase("login");
                                  OR put your sql as:

                                  Code:
                                  $query = mysql_query("SELECT * FROM users WHERE userid = '$username'", $open_data);        
            $rows = mysql_numrows($query);
                                  mmm

                                    Comment

                                    • Mathanan
                                      New Member
                                      • Feb 2010
                                      • 12
                                      #10
                                      lol. I was just coming on to let you know that I fixed it, and it works. . . . I rewrote the section where it checks the database for the username and password so that it reflects the more secure mysql_real_esca pe_string and that part is working great as well.

                                      that part is working great. . . . .but I have a LOOOOOONNNNNNNN GGGGGG way togo on this project. .. lol

                                        Comment

                                        • Mathanan
                                          New Member
                                          • Feb 2010
                                          • 12
                                          #11
                                          thank you so much for your help. . . .

                                            Comment

                                            • Mathanan
                                              New Member
                                              • Feb 2010
                                              • 12
                                              #12
                                              took out that erroneous variable. . . . .leftovers from a bad idea.

                                                Comment

                                                Previous template Next
                                                Working...