0
<?php
require_once("Actions/config.php");
if(isset($_POST['email_address']) && $_POST['password']){

$sql    = "SELECT * FROM $tbl_name WHERE email_address ='$email_address' and password ='$password'";
$result = @mysql_query($sql);
// Mysql_num_row is counting table row
$count  = @mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("email");
session_register("password");
header("Location: http://localhost/Actions/home.php");
}
else 
{

echo "Wrong Username or Password";
}
} 

?>

I get a undefined varible to email_address on line 5
this varible is declared in the form which is on index.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>YourRoom-Social Networking Engine</title>
</head>
<body>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="login.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Email</td>
<td width="6">:</td>
<td width="294"><input name="email_address" type="text" id="email_address"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="password" type="text" id="password"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="submit" value="submit"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</body>
</html>

Any ideas why I keep on getting this?

3
Contributors
5
Replies
6
Views
8 Years
Discussion Span
Last Post by FlashCreations
0
if(isset($_POST['email_address']) && $_POST['password']){

$sql    = "SELECT * FROM $tbl_name WHERE email_address ='$email_address' and password ='$password'";

Have you got anything that says $email_address = $_POST;
And likewise for $password?

Is $tbl_name declared in Actions/config.php?

Also, there is a slight problem with the syntax you are using.
It should be

$sql    = "SELECT * FROM ".$tbl_name." WHERE email_address ='".$email_address."' and password ='".$password."'";
0

Ok so I got that fixed thanks for the help. Now I can't login to the home.php it keeps on telling me that my username or password is wrong...I entered the information myself into the database so I know that my email_address an password is correct any reason this could be happening?

<?php
require_once("Actions/config.php");
if(isset($_POST['email_address']) && $_POST['password']){

$email_address = $_POST['email_address'];
$password      = $_POST['password']; 

$sql    = "SELECT * FROM ".$tbl_name." WHERE email_address ='".$email_address."' and password ='".$password."'";
$result = @mysql_query($sql);
// Mysql_num_row is counting table row
$count  = @mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("email");
session_register("password");
header("Location: http://localhost/Actions/home.php");
}
else 
{

echo "Wrong Username or Password";
}
} 

?>
0

First off, I would mysql_real_escape() any string you pass to MySQL. Secondly, your problem is once someone logs in, the $_POST for the username and password are no longer passed to the page. You need to set a cookie using $_COOKIE['name']="value" containing the username and password and get the username and password from that instead of $_POST . Please know, this is very weak security. You should not only md5() you passwords, but instead of storing a password in a cookie, use a unique session id.

0

I am using session as of right now if you noticed but I get what your saying so my cookie would be something like this..

$_COOKIE['email_address']=."$email_address".

or would that not be correct?

Also as of right now I am just in testing stages of the site so there is no md5 as of right now. Just trying to get a working login script then will modify it for more security.

0

I am using session as of right now if you noticed but I get what your saying so my cookie would be something like this..

$_COOKIE['email_address']=."$email_address".

or would that not be correct?

Also as of right now I am just in testing stages of the site so there is no md5 as of right now. Just trying to get a working login script then will modify it for more security.

That would be correct. To get the email you would use $_COOKIE['email'] and you would obtain the password with $_COOKIE['password'] . Your problem is in the home.php script you are getting these values using $_POST . In home.php, you need to use the Cookie method I talked about above.

So that I understand correctly, the PHP code you've given is for login.php. If so, remove the @ before the mysql query function and see what error comes up. It will help to know if the problem is with your query (That is if the problem is with the login.php and not home.php).

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.