connect problem?help

View previous topic View next topic Go down

avatar
grimofdoom
Member
Member
Forum Posts : 106
Member Since : 2012-03-06
View user profile

Postgrimofdoom on 8/4/2012, 6:05 pm

I followed phpacademy's guide for login/register and ended with
Code:
<?php

$_username=$_post['username'];
$_password=$_psot['password'];

if ($username&&$password)

{

$connect=mysql_connect("host","nmae","possiblepassword")or die ("could not connect");
mysql_select_db("users") or die("deaad");


}

else
  die("please enter a username AND password $username");
?>
(login.php)
and
Code:
<html>

      <form action='login.php' method='post'>

      username:<input type='text' name='username'><br>
      password<input type='password' name='password'><br>
      <input type='submit' value='log in'>
</form>


</html>
(index.php) but whenever i try putting in my insterted test,test.it keeps using the else function ad saying the phrase.can someone help.


Last edited by grimofdoom on 9/4/2012, 2:04 pm; edited 1 time in total
avatar
LGforum
Moderator
Forum Posts : 77
Member Since : 2011-11-12
View user profile

PostLGforum on 9/4/2012, 9:13 am

Okay first off, you NEED to get rid of mysql password and username from your above post. THAT IS SERIOUS SECURITY ISSUES. People could access your database and steal all the data and sell it. Not good.

Secondly, if you use curly braces in the IF then they should be used for ELSE too.

Plus you have a spelling mistake $_psot['password']

And lastly, you should change the IF to this:
if(!empty($username) && !empty($password))

And again lastly, you should be mysql escaping all user input to prevent mysql injection.
Google it, its one of the most important things to know about when dealing with databases.
avatar
LGforum
Moderator
Forum Posts : 77
Member Since : 2011-11-12
View user profile

PostLGforum on 9/4/2012, 9:17 am

Oh and I just spotted another thing wrong with it.
Your IF will always false, because you've named the variables $_username and $_password not $username and $password...

All in all, it seems the video you watched sucked.


I'm gonna say this now actually after realising when your post was posted. You should change mysql user and password and delete the old one, unless your data will never be safe.
avatar
grimofdoom
Member
Member
Forum Posts : 106
Member Since : 2012-03-06
View user profile

Postgrimofdoom on 9/4/2012, 2:15 pm

Code:
<?php

$username=$_post['username'];
$password=$_post['password'];

 if(!empty($username) && !empty($password))

{

$connect=mysql_connect("1","33","3")or die ("could not connect");
mysql_select_db("users") or die("deaad");


} else
  die("please enter a username AND password $username");
?>
it still keeps saying the die phrase.i changed what you said.
avatar
LGforum
Moderator
Forum Posts : 77
Member Since : 2011-11-12
View user profile

PostLGforum on 9/4/2012, 4:32 pm

Code:

<?php

$username=$_POST['username'];
$password=$_POST['password'];

 if(!empty($username) && !empty($password))

{

  echo 'both password and username were entered';


}
else {
  die("please enter a username AND password $username");
}
?>

I'll also iterate again, that you make sure to look into database security and preventing SQL Injection.
avatar
grimofdoom
Member
Member
Forum Posts : 106
Member Since : 2012-03-06
View user profile

Postgrimofdoom on 9/4/2012, 5:53 pm

that gives me an error at the "else {" line.
avatar
LGforum
Moderator
Forum Posts : 77
Member Since : 2011-11-12
View user profile

PostLGforum on 9/4/2012, 9:49 pm

What? .. It shouldn't. What PHP version is installed on your server?

Try this:
Code:

    <?php

    $username=$_POST['username'];
    $password=$_POST['password'];

    if(!empty($username) && !empty($password))
    {
       echo 'both password and username were entered';
   }
    else {
      echo "please enter a username AND password $username";
     exit;
    }
    ?>
avatar
grimofdoom
Member
Member
Forum Posts : 106
Member Since : 2012-03-06
View user profile

Postgrimofdoom on 10/4/2012, 4:12 am

Were do i place the mysql connect
avatar
Vanilla990
Administrator
Forum Posts : 114
Member Since : 2011-10-30
View user profile

PostVanilla990 on 10/4/2012, 5:09 am

You could place it anywhere. I could recommend that you place the mysql connect information inside another .php file in a folder and make sure you have a .htaccess file in there which has the text "Deny From All". That will stop people being able to access the information in that folder i.e. the secure data to connect to the database. All you would have to do then is include the php file in the index.php or whichever file has the login screen.
avatar
LGforum
Moderator
Forum Posts : 77
Member Since : 2011-11-12
View user profile

PostLGforum on 10/4/2012, 9:13 am

Yeah having the connection in another file is the best way.
But if you want to place it in your current script, it has to go anywhere before your first MySQL query.
avatar
grimofdoom
Member
Member
Forum Posts : 106
Member Since : 2012-03-06
View user profile

Postgrimofdoom on 10/4/2012, 6:34 pm

Now im getting mad....the host(000webhost)keeps not connecting to the database.i have everything right in the code but it is not attempting to connect.
Sponsored content

PostSponsored content

View previous topic View next topic Back to top

Create an account or log in to leave a reply

You need to be a member in order to leave a reply.

Create an account

Join our community by creating a new account. It's easy!


Create a new account

Log in

Already have an account? No problem, log in here.


Log in

 
Permissions in this forum:
You cannot reply to topics in this forum