ID:181875
 
Anyone have any clue as to why this would throw up the Fail tag, every time;

<html>
<body>

<form action="databaseniz.php" method="post">
Name: <input type="text" name="login" /><br>
Password: <input type="password" name="password" /><br>

<input type="submit" />
</form>

</body>
</html>


<?php
session_start();
$link = mysql_connect("localhost", "root", "password");
if(!$link)
{
die('Failed to connect to server: ' . mysql_error());
}

$db = mysql_select_db("my_db");
if(!$db)
{
die("Unable to select database");
}
$login = $_POST['login'];
$password = $_POST['password'];

if(!$login || !$password)
{
echo "Error";
session_write_close();
exit();
}

$qry="SELECT * FROM Username WHERE Name='$login' AND Pass='$password'";
$result=mysql_query($qry);

if($result)
{
if(mysql_num_rows($result) > 0)
{
echo "Success";
session_write_close();
header("home.html");
exit();
}
else
{
echo "Fail"; //THIS LINE ALWAYS IS SHOWN
exit();
}
}
else
{
$qry2="INSERT INTO Username VALUES Name='$login' AND Pass='$password'";
$result2=mysql_query($qry2);
if($result2)
{
echo "Created";
}
header("2.html");
}
?>
Well, it's been a long time since I've used the mysql library for PHP, I tend to use the mysqli library instead, which works a little differently.

Your use of sessions also confuses me, as they don't appear to be... used. You're not assigning anything to $_SESSION, so it seems a bit pointless. (On that note, you're also not hashing the users passwords. You should -always- hash a users password, never store it in your database in plain text.)

Your assignment of the database to a variable is unnecessary unless you intend to connect to several databases at once. You can perform the same check with this:
mysql_connect('localhost', 'root', 'password') or die("An error has occurred: " . mysql_error());


exit() and die() are one in the same. You can print stuff to the user with it just as the script dies. echo("omg"); die(); is the same as die("omg"); or exit("omg");

Your error itself could be related to MySQL. Instead of printing "Fail", try printing something like:
die("Fail: " . mysql_error());
And see what the response is.
As a rough idea for what you're trying to do, I wrote up this as a small guideline.

It's untested (as previously stated, I don't use the mysql library) but it should give you some idea of what you're trying to achieve.
<?
// Connect to the database.
mysql_connect('localhost', 'username', 'password') or die("Error: " . mysql_error());
mysql_select_db('MyDB') or die("Error: " . mysql_error());

// Start or continue a session.
session_start();

if(!$_POST['username'] || !$_POST['password']) die("Error: Username or password not supplied.");

$username = $_POST['username'];
$password = $_POST['password']; // If you were hashing like you should be: $password = md5("salt" . $_POST['password'] . "pepper");

// I tend to not use the wildcard and select the exact data I want. But for the sake of example:
$query = mysql_query("SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . $password . "' LIMIT 1") or die("Error: " . mysql_error());
if(mysql_num_rows($query)) {
$row = mysql_fetch_assoc($query);
$_SESSION['username'] = $row['username'];
die("Hello, " . $_SESSION['username'] . "!");
} else {
$query = mysql_query("INSERT INTO users(username, password) VALUES('" . $username . "', '" . $password . "')") or die("Error: " . mysql_error());
if(mysql_affected_rows()) die("You were added to the database!");
else die("You were <i><b>NOT</b></i> added to the database!");
}
?>


You'll also have to note that this example is riddled with my own personal PHP style. Things like the variables in strings aren't necessary to be included like that, but I like to do it that way.
In response to Tiberath
Your PHP is too much like Linux. With that sort of effort you may as well not bother.
In response to Smoko
Smoko wrote:
Your PHP is too much like Linux. With that sort of effort you may as well not bother.

Short of liking my variables to be outside of the strings (as I use different strings in different instances, and they're just far easier to keep track off that way), you don't know a thing about my PHP style. You'll have to bare in mind that this is example and not functioning script...

I hardly consider doing "something '" . $var . "' something else" to be a considerable amount of effort. "I don't like my variables to be encased in the strings like most others, might as well quit and find another hobby to spend my time on!"
In response to Tiberath
I assigned it simply due to lazyness.
I didn't hash my passwords YET because I'm still learning PHP and wished to see in the mysql databases whether or not they coded themselves =/

Thanks for the tip on exit and die ;o

About the SESSION, I was litterally taking baby steps, doing something, trying it out, then fixing/improving, I was going to add $_SESSION data later on ;)

Thanks for the help so far, can't test it JUST yet as a major powercut has d/ced the servers at where I'm working, the UPS (Uninterrupted power supply) can;t last much longer, once We have fixed those I'll get to work