Connecting to the database did not work, waiting for more answers

there are the following php files of the site:
authmain.php

<?php
session_start();
if (isset($_POST['userid']) && isset($_POST['password']))
{
  // if the user has just tried to log in
  $userid = $_POST['userid'];
  $password = $_POST['password'];
  $db_conn = mysql_connect('localhost', 'webauth', 'webauth');
  $query = 'select * from auth '
           ."where name='$userid' "
           ." and password=password('$password')";
  $result = mysql_query($query, $db_conn);
  if ($result->num_rows >0 )
  {
    // if they are in the database register the user id
    $_SESSION['valid_user'] = $userid;    
  }
}
?>
<html>
<body>
<h1>Home page</h1>
<? 
  if (isset($_SESSION['valid_user']))
  {
    echo 'You are logged in as: '.$_SESSION['valid_user'].' <br />';
    echo '<a href="logout.php">Log out</a><br />';
  }
  else
  {
    if (isset($userid))
    {
      // if they've tried and failed to log in
      echo 'Could not log you in.<br />';
    }
    else 
    {
      // they have not tried to log in yet or have logged out
      echo 'You are not logged in.<br />';
    }
    // provide form to log in 
    echo '<form method="post" action="authmain.php">';
    echo '<table>';
    echo '<tr><td>Userid:</td>';
    echo '<td><input type="text" name="userid"></td></tr>';
    echo '<tr><td>Password:</td>';
    echo '<td><input type="password" name="password"></td></tr>';
    echo '<tr><td colspan="2" align="center">';
    echo '<input type="submit" value="Log in"></td></tr>';
    echo '</table></form>';
  }
?>
<br />
<a href="members_only.php">Members section</a>
</body>
</html>

members_only.php

<?php
  session_start();
  echo '<h1>Members only</h1>';
  // check session variable
  if (isset($_SESSION['valid_user']))
  {
    echo '<p>You are logged in as '.$_SESSION['valid_user'].'</p>';
    echo '<p>Members only content goes here</p>';
  }
  else
  {
    echo '<p>You are not logged in.</p>';
    echo '<p>Only logged in members may see this page.</p>';
  }
  echo '<a href="authmain.php">Back to main page</a>';
?>

logout.php

<?php
  session_start();
  // store to test if they *were* logged in
  $old_user = $_SESSION['valid_user'];  
  unset($_SESSION['valid_user']);
  session_destroy();
?>
<html>
<body>
<h1>Log out</h1>
<?php 
  if (!empty($old_user))
  {
    echo 'Logged out.<br />';
  }
  else
  {
    // if they weren't logged in but came to this page somehow
    echo 'You were not logged in, and so have not been logged out.<br />'; 
  }
?> 
<a href="authmain.php">Back to main page</a>
</body>
</html>

there is also a mysql database created in denwer

create database auth;
use auth;
create table auth (
name varchar(lO) not null,
pass varchar(30) not null,
primary key (name)
);
insert into auth values
( 'user', 'pass');
insert into auth values
( 'testuser', password('test123') );
grant select, insert, update, delete
on auth.*
to webauthglocalhost
identified by 'webauth';

At the same time, when I enter testuser and test123 as user and password, I can’t log in, it says Couldn’t log you in


Answer 1, authority 100%

if (isset($userid))
    {
      // if they've tried and failed to log in
      echo 'Could not log you in.<br />';
    }
    else 
    {
      // they have not tried to log in yet or have logged out
      echo 'You are not logged in.<br />';
    }

I didn’t go to logic in logic, but

if (isset($userid)) //        ,       !
  ,    .
 .

more than once wrote already “put and not be lazy quotes!”

$query = "Select * from auth where name='".$userid."' and password=password('".$password."')"; 
//     -   MySql - PASSWORD() .
$result = mysql_query($query, $db_conn);
  if ($result->num_rows >0 ) //  ?
  {
    // if they are in the database register the user id
    $_SESSION['valid_user'] = $userid;    
  }

There is no desire and time to understand.

PPC.

<?php
session_start();
if (isset($_POST['userid']) && isset($_POST['password']))
{
  // if the user has just tried to log in
  $userid = $_POST['userid'];
  $password = $_POST['password'];
  $db_conn = mysql_connect('localhost', 'webauth', 'webauth');
  $query = 'select * from auth '
           ."where name='$userid' "
           ." and password=password('$password')";
  $result = mysql_query($query, $db_conn);
  if ($result->num_rows >0 )
  {
    // if they are in the database register the user id
    $_SESSION['valid_user'] = $userid;    
  }
}
?>

at the end of the file insert

echo "<PRE>";
var_dump($_SESSION);
echo "<PRE>";

And then unsubscribe that is displayed.

Leave a reply

Please enter your comment!
Please enter your name here