I have been having a bit of trouble trying to authorize my username and password against the MySql 'Users' table. For some reason even with a valid username and password in the database it always goes to the login failure page. I don't understand why the count does not work or why the record can't be recognised.
Here is the simpe authorization and login page:
<?php
if(!isset($HTTP_POST_VARS['name'])&&!isset($HTTP_POST_VARS['password']))
{
//Visitor needs to enter a name and password
?>
<h1>Please Log In</h1>
This page is secret.
<form method="post" action="login2.php">
<table>
<tr>
<th> Username </th>
<td> <input type="text" name="name"> </td>
</tr>
<tr>
<th> Password </th>
<td> <input type="password" name="password"> </td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Log In">
</td>
</tr>
</table>
</form>
<?php
}
else
{
// connect to mysql
$mysql = mysql_connect( 'localhost', 'username', 'password' );
if(!$mysql)
{
echo 'Cannot connect to database.';
exit;
}
// select the appropriate database
$mysql = mysql_select_db( 'dbName');
if(!$mysql)
{
echo 'Cannot select database.';
exit;
}
// query the database to see if there is a record which matches
$query = "select * from Users where
username = '$name' and
password ='$password'";
$result = mysql_query( $query );
if(!$result)
{
echo 'Cannot run query.';
exit;
}
$count = mysql_num_rows($result);
if ( $count > 0 )
{
// visitor's name and password combination are correct
echo '<h1>Here it is!</h1>';
echo 'I bet you are glad you can see this secret page.';
}
else
{
// visitor's name and password combination are not correct
echo '<h1>Go Away!</h1>';
echo 'You are not authorized to view this resource.';
}
}
?>
If anyone could give me an idea where i might be going wrong whether it is to do with the code or whether my database might not be set up 100% correctly i would be very grateful.
Thanks H
Here is the simpe authorization and login page:
<?php
if(!isset($HTTP_POST_VARS['name'])&&!isset($HTTP_POST_VARS['password']))
{
//Visitor needs to enter a name and password
?>
<h1>Please Log In</h1>
This page is secret.
<form method="post" action="login2.php">
<table>
<tr>
<th> Username </th>
<td> <input type="text" name="name"> </td>
</tr>
<tr>
<th> Password </th>
<td> <input type="password" name="password"> </td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Log In">
</td>
</tr>
</table>
</form>
<?php
}
else
{
// connect to mysql
$mysql = mysql_connect( 'localhost', 'username', 'password' );
if(!$mysql)
{
echo 'Cannot connect to database.';
exit;
}
// select the appropriate database
$mysql = mysql_select_db( 'dbName');
if(!$mysql)
{
echo 'Cannot select database.';
exit;
}
// query the database to see if there is a record which matches
$query = "select * from Users where
username = '$name' and
password ='$password'";
$result = mysql_query( $query );
if(!$result)
{
echo 'Cannot run query.';
exit;
}
$count = mysql_num_rows($result);
if ( $count > 0 )
{
// visitor's name and password combination are correct
echo '<h1>Here it is!</h1>';
echo 'I bet you are glad you can see this secret page.';
}
else
{
// visitor's name and password combination are not correct
echo '<h1>Go Away!</h1>';
echo 'You are not authorized to view this resource.';
}
}
?>
If anyone could give me an idea where i might be going wrong whether it is to do with the code or whether my database might not be set up 100% correctly i would be very grateful.
Thanks H