HomeBuilding Your WebsiteWeb Programming and Application Development

Is it the code, the server or the database?

mizzy posted this at 12:45 — 30th October 2004.

They have: 47 posts

Joined: Jun 2001

I have been using the following code to validate a user on login to a members' section of a website (It was working on a RAQ4). After moving the site to a Linux Server [running Apache/2.0.50 (Fedora)]. The script does not work.. Can anyone help me diagnose it? Even if the correct login information is entered, it still lands on the first if statement and returns to the login page rather than going to the main content page. The musql query works fine when ran using telnet... meaning that the database has been set up fine. ... any ideas?

*************************************

<?php
$username = strtolower( $username );
$password = strtolower( $password );
include("mysqlconn.php");
$result = mysql_query( "select * from users where username='$username' and password='$password'");
$data = mysql_fetch_object($result);
$num_rows = mysql_num_rows($result);
if ($num_rows == 0){
    header("location:index.php?loginfailed=YES");
}
if ($num_rows > 0) {
    session_start();
    session_register( "sid_user" );
    session_register( "sid_email" );
    session_register( "curr" );
    $sid_user = $data->realname;
    $sid_email = $data->email;
    $curr = $data->currency;
    include("mysqltidy.php");
    $locator1 = "main.php?curr=$curr";
    header("location:".$locator1);
}
?>

**********************************
Thanks

Busy posted this at 21:25 — 30th October 2004.

Busy's picture

He has: 6,151 posts

Joined: May 2001

break this down into two lines : $result = mysql_query( "select * from users where username='$username' and password='$password'");

something like:
$query = "select * from users where username='$username' and password='$password'";
$result = mysql_query($query);

then you can display the query: echo $query;

can also try:
$query = "select * from users where username='".$username."' and password='".$password."'";

mizzy posted this at 20:01 — 31st October 2004.

They have: 47 posts

Joined: Jun 2001

I think the problem is with the way the session anf URL variables are being handled... I have tried to put actual data into the query
eg
$result = mysql_query( "select * from users where username='test' and password='test'");

It logs me in fine though it does not carry the session variables for the name and the like... any ideas what the problem could be?

Busy posted this at 10:13 — 1st November 2004.

Busy's picture

He has: 6,151 posts

Joined: May 2001

put your session register variables below the listing of the database variables

$sid_user = $data->realname;
$sid_email = $data->email;
$curr = $data->currency;
session_start();
session_register( "sid_user" );
session_register( "sid_email" );
session_register( "curr" );

you can also do the session register with one variable: session_register("sid_user","sid_email","curr");

Mark Hensler posted this at 03:06 — 17th November 2004.

Mark Hensler's picture

He has: 4,048 posts

Joined: Aug 2000

Does the new server have a different version of PHP? It may not have register_globals on.

Try:
$username = strtolower( $_POST['username'] );

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.