billperrotta Posted March 26, 2010 Report Share Posted March 26, 2010 My login.php is pasted below. so I never get you are now logged in, even when i successfully register with register.php. using this tut http://www.youtube.com/watch?v=qs7ekhdQ1Co&feature=related <?php session_start(); include ('mysql.php'); if (isset ($_POST['submit'])) { $username = mysql_escape_string($_POST['username']); $password = mysql_escape_string(sha1 ($_POST['password'])); if (!empty ($username) && !empty ($password)) { $sql = mysql_query ("SELECT * FROM users WHERE username ='" . $username . "' AND user_password='" . $password . "' LIMIT 1"); if (mysql_num_rows ($sql) > 0) { $_SESSION['loggedin'] = true; $_SESSION['username'] = $username; echo 'you are now logged in!'; } else { echo 'your username and/or password is incorrect!'; } } } else { echo '<form action="login.php" method="post"> Username: <input type ="text" name="username" /><br /> Password: <input type="password" name="password" /><br /> <input type="submit" name="submit" value="login" /> </form>'; } ?> Quote Link to comment Share on other sites More sharing options...
krillz Posted March 26, 2010 Report Share Posted March 26, 2010 Check these to rule out some common mistakes: when you register a user do you save the password encrypted using the sha1 encryption? Is the mysql column where you are storing your encrypted password of the correct length, sha1 means that anything is encrypted to a 40 char long key. So if you have let say a column only storing 25 chars at a time you will be comparing a 40 char vs 25 char which will never become true. Other than that I cannot see any other mistakes one could make. Quote Link to comment Share on other sites More sharing options...
billperrotta Posted March 26, 2010 Author Report Share Posted March 26, 2010 Check these to rule out some common mistakes: when you register a user do you save the password encrypted using the sha1 encryption? Is the mysql column where you are storing your encrypted password of the correct length, sha1 means that anything is encrypted to a 40 char long key. So if you have let say a column only storing 25 chars at a time you will be comparing a 40 char vs 25 char which will never become true. Other than that I cannot see any other mistakes one could make. I believe it is using sha1. Here is the tutorial i created it with http://www.youtube.com/watch?v=Kl6XcfkKle4&NR=1 How do I figure that out? I created the varchar fields as close to the tut as possible. I could edit the column if I can figure out which one. My goal is to get this working so that I can create login functionality that I can reuse. Then go on to create a report uploading functionality for registered users. Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 9, 2010 Author Report Share Posted April 9, 2010 I believe it is using sha1. Here is the tutorial i created it with http://www.youtube.com/watch?v=Kl6XcfkKle4&NR=1 How do I figure that out? I created the varchar fields as close to the tut as possible. I could edit the column if I can figure out which one. My goal is to get this working so that I can create login functionality that I can reuse. Then go on to create a report uploading functionality for registered users. Can you please clarify. I do not understand. I am new to this. I know I created a varchar field with the above tutorial.http://www.youtube.com/watch?v=Kl6XcfkKle4&NR=1 Can you see an error in the field size, Can you Explain how to correct it? I just checked. the varchar length for the password is 40. Really need help I tried to follow tut to t. but still falling short. Thanks. More specifically user id is auto increment, username is 30, user password is 40, user regdate int 11. Quote Link to comment Share on other sites More sharing options...
falkencreative Posted April 9, 2010 Report Share Posted April 9, 2010 Sounds like the field sizes are all correct. So what is happening at the moment? You visit the page, enter your login details, click submit and...? The page refreshes and nothing happens? You get a "your username and/or password is incorrect" message? If you are getting a "your username and/or password is incorrect" message, what is the password you are putting into the password field? And what value does the password column in your database hold? (no, they shouldn't match up, but the password in the database should match with the plain text password run through the sha1() function: password in database = sha1(password entered in for) And you have a row in your database with your user information, right? I haven't watched the video you are working with, but I'd imagine it should include values for username, password, etc. Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 9, 2010 Author Report Share Posted April 9, 2010 Sounds like the field sizes are all correct. So what is happening at the moment? You visit the page, enter your login details, click submit and...? The page refreshes and nothing happens? You get a "your username and/or password is incorrect" message? If you are getting a "your username and/or password is incorrect" message, what is the password you are putting into the password field? And what value does the password column in your database hold? (no, they shouldn't match up, but the password in the database should match with the plain text password run through the sha1() function: password in database = sha1(password entered in for) And you have a row in your database with your user information, right? I haven't watched the video you are working with, but I'd imagine it should include values for username, password, etc. was usising hal0mods. will try a dictionary word see if that works. No good same difference. could a zero throw it off? yes username/password incorrect message. here is my login.php below <?php session_start(); include ('mysql.php'); if (isset ($_POST['submit'])) { $username = mysql_escape_string($_POST['username']); $password = mysql_escape_string(sha1 ($_POST['password'])); if (!empty ($username) && !empty ($password)) { $sql = mysql_query ("SELECT * FROM users WHERE username ='" . $username . "' AND user_password='" . $password . "' LIMIT 1"); if (mysql_num_rows ($sql) > 0) { $_SESSION['loggedin'] = true; $_SESSION['username'] = $username; echo 'you are now logged in!'; } else { echo 'your username and/or password is incorrect!'; } } } else { echo '<form action="login.php" method="post"> Username: <input type ="text" name="username" /><br /> Password: <input type="password" name="password" /><br /> <input type="submit" name="submit" value="login" /> </form>'; } ?> Quote Link to comment Share on other sites More sharing options...
falkencreative Posted April 9, 2010 Report Share Posted April 9, 2010 OK, if you are using "hal0mods" as your password, it should show up as "b27aef71192824a3529075e4d7152f2c7d2a5faf" in the database. According to the query, SELECT * FROM users WHERE username ='" . $username . "' AND user_password='" . $password . "' LIMIT 1 It's checking the database for a record in the "users" table where the username is whatever is put in the username field, and the password is "b27aef71192824a3529075e4d7152f2c7d2a5faf" (the password "hal0mods" run through the sha1() function). Have you double checked the database? Do you have a record in the "users" table that includes your username (the same as the one you are entering in the form) and the "b27aef71192824a3529075e4d7152f2c7d2a5faf" password? The code you are using looks fine. If you are getting a user not found error, that's because the record for that particular user/password isn't found in the database. Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 10, 2010 Author Report Share Posted April 10, 2010 " I have no idea how to view the username through the sha1 function. All I know is that I can view the database through php myadmin on oneandone's website. It is a username not correct error. I also have no idea how to view usernames that have been added to the database" Suggestions are appreciated. I also have no idea how to view it from the linux command line either" The Database is in Mysql Quote Link to comment Share on other sites More sharing options...
falkencreative Posted April 10, 2010 Report Share Posted April 10, 2010 I'll see if I can put together something for you later tonight to show you how to do that. Quote Link to comment Share on other sites More sharing options...
falkencreative Posted April 10, 2010 Report Share Posted April 10, 2010 OK, here's a quick screencast that may help (3 minutes - quicktime file): http://www.falkencre...forum/login.mov I briefly cover how to check your database to see if there are users present / how to find the user password, and how to figure out what your password will be when run through the sha1() function. here's the code from the video for that for that: <?php echo sha1("anothertest"); ?> I also have no idea how to view it from the linux command line either Shouldn't be any need for that if you can view it through your host's website. It can be done, you'd just need to do some research to figure it out, it's not something I haven't done in a while and I'm not sure of the exact commands. If you have any questions let me know. Hopefully it will help you figure out the issue. One other point... Stefan has a couple videos covering PHPMyAdmin that you might want to look at: http://killerphp.com/mysql/videos/ Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 13, 2010 Author Report Share Posted April 13, 2010 OK, here's a quick screencast that may help (3 minutes - quicktime file): http://www.falkencre...forum/login.mov I briefly cover how to check your database to see if there are users present / how to find the user password, and how to figure out what your password will be when run through the sha1() function. here's the code from the video for that for that: <?php echo sha1("anothertest"); ?> Shouldn't be any need for that if you can view it through your host's website. It can be done, you'd just need to do some research to figure it out, it's not something I haven't done in a while and I'm not sure of the exact commands. If you have any questions let me know. Hopefully it will help you figure out the issue. One other point... Stefan has a couple videos covering PHPMyAdmin that you might want to look at: http://killerphp.com/mysql/videos/ the users names are not showing up see image The server name database name then table name. What should I check next? Quote Link to comment Share on other sites More sharing options...
falkencreative Posted April 13, 2010 Report Share Posted April 13, 2010 If you have no users in your database, your login won't work. Perhaps your register functionality isn't working -- according to your screenshot it seems like records aren't getting inserted properly. I'll post back later tonight when I have more time -- I have to run at the moment. Can you post the code you are using for your register page? Quote Link to comment Share on other sites More sharing options...
falkencreative Posted April 13, 2010 Report Share Posted April 13, 2010 On second thought, the screenshot you posted doesn't actually show if you have/don't have records in that table... it's just showing the details for the username column in the table. Look, this is taking way longer than is necessary. We could do this, passing posts back and forth and trying to get to the bottom of things, or if you PM me your login details for PHPMyAdmin I can take a look directly. It will probably be way faster for me to look directly, and I can put together a very quick screenscast for you showing what I am doing so you know for future reference. If you're not comfortable with that, no worries, I'll try to help you out as best I can here. Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 13, 2010 Author Report Share Posted April 13, 2010 wish i could but it it's a friends web site. browse won't work. but if i edit and query i get see below Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 13, 2010 Author Report Share Posted April 13, 2010 Also here is my register.php below <?php include ('mysql.php'); if (isset ($_POST['submit'])) { $username = mysql_escape_string($_POST['username']); $password = mysql_escape_string(sha1($_POST['password'])); if (!empty ($username) && !empty ($password)) { $sql = mysql_query("INSERT INTO users (user_id, username, user_regdate) Values (0,$username,$password,time()"); echo 'you are now registered!'; }else{ echo 'you must enter a username and a password!'; } }else{ echo '<form action="register.php" method="post"> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="password" /><br /> <input type="submit" name="submit" value="Register" /> </form>'; } ?> Quote Link to comment Share on other sites More sharing options...
falkencreative Posted April 13, 2010 Report Share Posted April 13, 2010 Based on your code above, I think your sql query to insert new users into the database is wrong: $sql = mysql_query("INSERT INTO users (user_id, username, user_regdate) Values (0,$username,$password,time()"); Notice that the first part of the insert inserts three items (user_id, username, user_regdate) while the last part inserts four items (0,$username,$password,time()). My educated guess is that there is an error there. It probably needs to be something like: $sql = mysql_query("INSERT INTO users (username, user_password, user_regdate) Values ($username,$password,time()"); You don't have to include user_id, since that will auto-increment automatically for you, but you do need to make sure you are inserting the password in the correct field. I would go back to whatever video you are using to help you make this, and double check what code they are using. I can just about guarantee that their code and your code won't match up. If you have no data in your users table, or data in wrong columns, this will prevent you from logging in, since the database query you use to check if the username/password fields are in the database will always return 0 results, preventing you from logging in. To double check this... If you can't access the browse tab (why, I'm not sure -- seems like a pretty important piece of functionality for the host to disable) try using this script instead: Create a new .php file, copy the below code into it, update the database connection database with your own details (db username, password, correct db table etc -- I imagine you have these details in your mysql.php file) and then upload to the server and view the file. This file will display all of your data in the database table that you specify in $table, or if there is nothing there, a "nothing in table!" message. My guess is that it will display "nothing in table!", or possibly data that is in the wrong location (password data in the user_regdate field?) <?php // Database Variables $server = 'localhost'; $user = 'root'; $pass = 'root'; $db = 'databasetest'; $table = 'users'; // Connect to Database $connection = mysql_connect($server, $user, $pass) or die ("Could not connect to server ... \n" . mysql_error ()); mysql_select_db($db) or die ("Could not connect to database ... \n" . mysql_error ()); ?> <style type="text/css"> td { border:1px solid #000; padding: 10px; } table { border-collapse: collapse; } </style> <?php $result = mysql_query("SELECT * from $table"); if (mysql_num_rows($result) > 0) { // display data in table echo "<table>"; while ($field=mysql_fetch_field($result)) { echo "<th style='text-align:left'>"; echo "$field->name"; echo "</th>"; } echo "</tr>"; while ($row = mysql_fetch_row($result)) { echo "<tr>"; for ($i=0; $i<mysql_num_fields($result); $i++) { echo "<td>"; echo "$row[$i]"; echo "</td>"; } echo "</tr>\n"; } echo "</table>"; } else { echo "nothing in table!"; } ?> Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 14, 2010 Author Report Share Posted April 14, 2010 (edited) When i paste your php test file. getting this " Could not connect to server ... Unknown MySQL server host 'db319013537' (1)" Here is the file you told me to create pasted below, copied straight from an ssh session. maybe I'm doing something wrong see below. <?php // Database Variables $server = 'xx'; $user = 'xx'; $pass = 'xx'; $db = 'xx'; $table = 'users'; // Connect to Database $connection = mysql_connect($db, $user, $pass) or die ("Could not connect to server ... \n" . mysql_error ()); mysql_select_db($db) or die ("Could not connect to database ... \n" . mysql_error ()); ?> <style type="text/css"> td { border:1px solid #000; padding: 10px; } table { border-collapse: collapse; } </style> <?php $result = mysql_query("SELECT * from $table"); if (mysql_num_rows($result) > 0) { // display data in table echo "<table>"; while ($field=mysql_fetch_field($result)) { echo "<th style='text-align:left'>"; echo "$field->name"; echo "</th>"; } echo "</tr>"; while ($row = mysql_fetch_row($result)) { echo "<tr>"; for ($i=0; $i<mysql_num_fields($result); $i++) { echo "<td>"; echo "$row[$i]"; echo "</td>"; } echo "</tr>\n"; } echo "</tr>\n"; } echo "</table>"; } else { echo "nothing in table!"; } ?> Edited April 14, 2010 by falkencreative Quote Link to comment Share on other sites More sharing options...
falkencreative Posted April 14, 2010 Report Share Posted April 14, 2010 I deleted your database details above -- you don't want that information being available to anyone who comes along and views this forum. I'm not sure how/why this changed, but you'll notice that my connection string includes the $server variable, but your code includes the $db server. Mine: // Connect to Database $connection = mysql_connect($server, $user, $pass) or die ("Could not connect to server ... \n" . mysql_error ()); Yours: // Connect to Database $connection = mysql_connect($db, $user, $pass) or die ("Could not connect to server ... \n" . mysql_error ()); Your error message is telling you that exact thing -- that there's an unknown server host, which means that either your connection string is wrong or you are inputting the wrong database/server details. Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 14, 2010 Author Report Share Posted April 14, 2010 Could not connect to server ... Access denied for user 'xxxxx'@'xxxxxx' (using password: YES) I omitted the actual username and password. Those are my ssh/ftp password and username. Maybe I should try my main oneandone login password and user name? Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 14, 2010 Author Report Share Posted April 14, 2010 I changed it to my main oneandone customer id and password and go the same thing. Maybe I should change the server name to gotabeef2.com instead of the server name that the database is giving me? Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 14, 2010 Author Report Share Posted April 14, 2010 got this when server name variable is gotabeef2.com " Could not connect to server ... Lost connection to MySQL server at 'reading initial communication packet', system error: 111" Quote Link to comment Share on other sites More sharing options...
falkencreative Posted April 14, 2010 Report Share Posted April 14, 2010 Maybe I should change the server name to gotabeef2.com instead of the server name that the database is giving me? No, that won't work. If you are still getting errors saying "Access denied for user 'xxxxx'@'xxxxxx'" that means that your database username or password is incorrect. How are you connecting to your database in your mysql.php script? You should be able to use the exact same details? Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 14, 2010 Author Report Share Posted April 14, 2010 if I make the host uiserver I get unknown host uiserver. I tried that because the name uiserver is in my command prompt. Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 14, 2010 Author Report Share Posted April 14, 2010 Fixed It! Now getting "nothing in table" Quote Link to comment Share on other sites More sharing options...
falkencreative Posted April 14, 2010 Report Share Posted April 14, 2010 OK, that means that your login isn't working because you don't have any users in your users table -- meaning that your registration page has an error. Take a look at the change I suggested for the register PHP page (specifically the lines of code where you add the new user to the database), and see if that fixes things. Once you are no longer getting "nothing in table", and your register PHP page is working, then try out the login functionality again. Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 14, 2010 Author Report Share Posted April 14, 2010 Where is the change for the register.php can't remember. Can you give me a link? Quote Link to comment Share on other sites More sharing options...
falkencreative Posted April 14, 2010 Report Share Posted April 14, 2010 http://www.killersites.com/community/index.php?/topic/2794-successful-login-variable-not-working/page__view__findpost__p__16040 Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 16, 2010 Author Report Share Posted April 16, 2010 http://www.killersites.com/community/index.php?/topic/2794-successful-login-variable-not-working/page__view__findpost__p__16040 No good. Here is the error "Parse error: syntax error, unexpected T_STRING, expecting T_VARIABLE or '$' in /homepages/21/d176117763/htdocs/register.php on line 8" new register.php pasted below <?php include ('mysql.php'); if (isset ($_POST['submit'])) { $username = mysql_escape_string($_POST['username']); $ password = mysql_escape_string(sha1($_POST['password'])); if (!empty ($username) && !empty ($password)) { $sql = mysql_query("INSERT INTO users (username, user_password, user_regdate) Values ($username,$password,time()"); echo 'you are now registered!'; }else{ echo 'you must enter a username and a password!'; } }else{ echo '<form action="register.php" method="post"> Username: <input type="text" name="username" /><br /> Password: <input type="password" name="password" /><br /> <input type="submit" name="submit" value="Register" /> </form>'; } ?> Quote Link to comment Share on other sites More sharing options...
falkencreative Posted April 16, 2010 Report Share Posted April 16, 2010 You've added an unnecessary line between "{:content:}quot; and "password". $ password = mysql_escape_string(sha1($_POST['password'])); When you hit an error like this, usually the error message is pretty good at describing the issue, and it specifies the line number so it's easier to track things down. Line 8 was the start of "password = ..." so that is the first place to look for an error. You might want to take a look at the link I posted in the PHP forum: http://www.killersit...-debugging-php/ Quote Link to comment Share on other sites More sharing options...
billperrotta Posted April 16, 2010 Author Report Share Posted April 16, 2010 I corrected it moved the dollar sign down to line 8. The register.php appears again, but login.php still says username is incorrect all the time. The test file still says no users in database. here is login.php pasted below. <?php session_start(); include ('mysql.php'); if (isset ($_POST['submit'])) { $username = mysql_escape_string($_POST['username']); $password = mysql_escape_string(sha1 ($_POST['password'])); if (!empty ($username) && !empty ($password)) { $sql = mysql_query ("SELECT * FROM users WHERE username ='" . $username . "' AND user_password='" . $password . "' LIMIT 1"); if (mysql_num_rows ($sql) > 0) { $_SESSION['loggedin'] = true; $_SESSION['username'] = $username; echo 'you are now logged in!'; } else { echo 'your username and/or password is incorrect!'; } } } else { echo '<form action="login.php" method="post"> Username: <input type ="text" name="username" /><br /> Password: <input type="password" name="password" /><br /> <input type="submit" name="submit" value="login" /> </form>'; } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.