PHP4 / MySQL User Auth Help!

[freeOn]

Ok I want to make a user and password login that goes into the mysql database then when the users log in it querys the database and validates the username and password. Everything goes well until I get to the validation. Heres what I've got so far

I make the database to hold the username and password like this:

mysql>create database users;
Query OK, 1 row affected (0.58 sec)

mysql> use user;
Database changed

mysql> create table users
-> (
-> username varchar(15) null,
-> password varchar(15) null
-> )
-> ;
Query OK, 0 rows affected (0.28 sec)

mysql>

Ok so that's how I created my database then I move onto creating the index.html page

<html>
<head>
<h2>
User Login
</h2>
<form method=post action="/login.php">
</head>
<body>



Username



<input type=text size=15 name="username">



UserPassword



<input type=password size=15 name="password">


<input type=submit name=submit value="Login">
<input type=reset name=reset value="Clear">


Register
</form>
</body>
</html>

That made a nice little login form for me, but since there is nothing in the database yet to log in and validate the username and password you have to click the link that says Register. Now Here is what my register.html file looks like.

<html>
<head>
<h2>
User Registration
</h2>
<form method=post action="create_entry.php">
</head>
<body>



Username



<input type=text size=15 name=username>



UserPassword



<input type=password size=15 name=password>


<input type=submit name=submit value="Register">
<input type=reset name=reset value="Clear">
</form>
</body>
</html>

Once the user files out the form and hit's submit I make a .php file to enter the text into the database I call it <form method=post action="create_entry.php"> so this is what my creat_entry.php file looks like

<?php
mysql_connect("localhost", "root") or
die ("Could not connect to database");
mysql_select_db("users") or
dir ("Could not select database");

if ($submit == "Register")
{
$query = "insert into user
(name, password) values ('$name', '$password')";
mysql_query($query) or
die (mysql_error());
?>
<h3>You are now registered</h3>
Go back to main page
<?php
}
else
{
include("notvalid.html");
}
?>

This will put the user input into the database, and it works if the username is already taken the user gets to go the notvalid.html . So after the user registers a username and password we go back to the index.html that has the login.

<html>
<head>
<h2>
User Login
</h2>
<form method=post action="/login.php">
</head>
<body>



Username



<input type=text size=15 name="username">



UserPassword



<input type=password size=15 name="password">


<input type=submit name=submit value="Login">
<input type=reset name=reset value="Clear">



Register
</form>
</body>
</html>

This time I hit submit after entering a username and password. When the user hits submit it's going to a php file called /login.php . This is the php file that will validate the username and password. But I can't seem to get it to work at all. And this is where I'm asking for help. Here is what my login.php file looks like I need help with this

<?

if ($submit = "Login")
{
mysql_connect("localhost","root")
or die ("cant connect");
mysql_select_db("user")
or die ("cant change");
$result=mysql_query("select * from user where name='$username'")
or die ("cant do it");
while ($row=mysql_fetch_array($result)) {
if ($row["password"]==$password )
{
printf("Successfully Logged In!");
}else{
print("Nope");

}
}
}
?>

[nancen]

Hi!
I've tried your code after several minor changes,at my machine it works.

1)I found if I use database name "user" ,database always couldn't be selected.
So I change the database name to "testdb",table name "testuser",then it works.
I think maybe the database name "user" is used by the system,just like the keywords
in c++,you can't name a variable "if"
So my database creation is like this:

mysql>create database testdb;
Query OK, 1 row affected (0.58 sec)

mysql> use testdb;
Database changed

mysql> create table testuser
-> (
-> username varchar(15) null,
-> password varchar(15) null
-> )
-> ;
Query OK, 0 rows affected (0.28 sec)

mysql>

2)create_entry.php :
$query = "insert into user (name, password) values ('$name', '$password')";
change to:
$query = "insert into testuser (username, password) values ('$username', '$password')";

3)login.php:
$result=mysql_query("select * from user where name='$username'")
or die ("cant do it");
change to:
$result=mysql_query("select * from testuser where username='$username'")
or die ("cant do it");

of course, my database select statements will be: mysql_select_db("testdb")

Also make sure the script name is same as in the relevant html file,like "create_entry.php"
instead of "creat_entry.php",and action path is the right path

Good Luck!

nan

[freeOn]

Yeah I figured it out Saturday I mixed up the form names in the html so I was basically moving blanks into it. hehee