Login with php

[brocsman]

This is the php. I know you've made comments about my continuing to use HTML, but I'm doing things as I was taught (if that's the right word). I'm using HTML with JS on the client side (or intend to), and php for server side validation and linking to MYSql.

As I said before this now logs me in using Firefox and Chrome, but achieves nothing using IE. I've spent so long on this I haven't had a chance even to read about encryption yet.

Thanks


<?php

ini_set('display_errors',1);
error_reporting(E_ALL);


if (isset($_POST['user']) && isset($_POST['upword'])){


session_start(); // MUST be at the top of every page where you need to use sessions and be before any other code in the page

$uname = mysql_real_escape_string(trim($_POST['user'])); // Prevention of sql injection
$upassword = mysql_real_escape_string(trim($_POST['upword']));

$link = mysql_connect('host.fatcowmysql.com', 'me', 'password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}


mysql_select_db('members1');

$sql=mysql_query("SELECT id FROM members WHERE user='$uname' and password='$upassword' LIMIT 1");
$result=mysql_fetch_array($sql);

if ($result) {

$_SESSION['username'] = $uname;
$_SESSION['user_id'] = $result['id'];

header('location:members.html');

} else {
// If this PHP is in the same page as your login
echo"Sorry, your credentials are not valid, Please try again.";
}
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

etc

[simplypixie]

My only comment about HTML is that your files should be .php, not .html - it doesn't mean that you don't use HTML in the pages as otherwise the page / site wouldn't work

You still have your session_start() in the wrong place (please read my notes after it):

Code: Select all

session_start(); // MUST be at the top of every page where you need to use sessions and be before any other code in the page

Therefore it needs to be before your error checking and checking to see if anything has been posted - it needs to be the first line of code at the very start of the file right after the opening <?php tag

[brocsman]

OK. I've moved it again. Is this correct? It gives me the same result - OK with Firefox and Chrome, but not with IE.

<?php

session_start(); // MUST be at the top of every page where you need to use sessions and be before any other code in the page

ini_set('display_errors',1);
error_reporting(E_ALL);


if (isset($_POST['user']) && isset($_POST['upword'])){




$uname = mysql_real_escape_string(trim($_POST['user'])); // Prevention of sql injection
$upassword = mysql_real_escape_string(trim($_POST['upword']));

$link = mysql_connect('shropshirefungusgrou.fatcowmysql.com', 'les', 'pogg11');
if (!$link) {
die('Could not connect: ' . mysql_error());
}


mysql_select_db('sfg_members1');

$sql=mysql_query("SELECT id FROM members WHERE user='$uname' and password='$upassword' LIMIT 1");
$result=mysql_fetch_array($sql);

if ($result) {

$_SESSION['username'] = $uname;
$_SESSION['user_id'] = $result['id'];

header('location:members.html');

} else {
// If this PHP is in the same page as your login
echo"Sorry, your credentials are not valid, Please try again.";
}
}
?>

[simplypixie]

You don't say exactly what isn't working but one thing I have noticed (which is partly my fault) is that the mysql_real_escape_string is being applied before the dtaabase connection has been made and it needs to be afterwards as only works when there is a connection so change it around to below and see what happens

Code: Select all

$link = mysql_connect('shropshirefungusgrou.fatcowmysql.com', 'les', 'pogg11');
if (!$link) {
die('Could not connect: ' . mysql_error());
}

mysql_select_db('sfg_members1');

$uname = mysql_real_escape_string(trim($_POST['user'])); // Prevention of sql injection
$upassword = mysql_real_escape_string(trim($_POST['upword']));

[brocsman]

Thanks. I'll try it. When I say it doesn't work in IE all that happens is that the HTML part of the files displays, the header, the menu, the footer. No message about success or failure of login, no error messages.

I'll report back this evening.

Thanks again.

[simplypixie]

Again are your file types saved as .php, not .html???

[brocsman]

To answer your last question first, I thought I only needed to save my files as php if they contain php code. I only have one such, and it is a php file. I changed the name of the file it calls to a php file to see if it makes any difference, but no. Am I wrong about this?

The code change you suggested makes no difference I'm afraid. My login file is an html file which calls the php file, which then should call the header file. It works fine in Firefox and Chrome, but not in IE.

Still confused. Thanks for your forbearance.

[simplypixie]

You are correct with regard to the php and html however I am confused that you say you have an html file that is calling a php file - if that is the case then the file that is calling the php also needs to be php for the php code to work as expected.

There must be something else going on in your code that is causing you problems. Why not try running just the php code on its own (to calling it into another page or trying to load any other pages) and see what happens.

Also post here all the code from all the files involved so I can check if anything is causing an issue or conflict.

[shop4frames]

it,s very easy in php check

http://www.shop4frames.com/index.php?ro ... ount/login