1

I'm having massive issues with creating this login system for my website and we are required to use php and oracle.

The table itself is very simple and only has a Username and Password value attached to it.

This is the code I am using and the main issue that comes with it is that the variable $password always returns a blank value. 

<?php
/* Set oracle user login and password info */
$dbuser = "*MY USERNAME*";
$dbpass = "*MY PASSWORD*";
$dbname = "SSID";
$db = oci_connect($dbuser, $dbpass, $dbname);

if (!$db)  {
    echo "An error occurred connecting to the database"; 
    exit; 
}

$user = $_POST['user'];
$pass = $_POST['pass'];

$sql_login = "SELECT Username FROM users WHERE Username='%".$user."%'"; 

$login_stmt = oci_parse($db, $sql_login);

if(!$login_stmt)
{
    echo "An error occurred in parsing the sql string.\n"; 
    exit; 
}

oci_execute($login_stmt);

while(oci_fetch_array($login_stmt))
{
    $password = oci_result($login_stmt,"Password");
}

if ($password == "")
{
    echo 'Password = blank';
}

if ($pass == $password)
{
    echo 'Logged In';
}
else
{
    echo 'Login Failed';
}


?>

I am using this command to try and write a value to the variable but I am having no luck.

while(oci_fetch_array($login_stmt))
{
    $password = oci_result($login_stmt,"Password");
}

The form used is below, but I don't think there is a problem with it.

<form name="register" method="post" action="inc/login.php">          
                <div class="form_row">
                <label class="contact"><strong>Username:</strong></label>
                <input type="text" name="user" class="contact_input" />
                </div>  


                <div class="form_row">
                <label class="contact"><strong>Password:</strong></label>
                <input type="password" name="pass" class="contact_input" />
                </div>                     

                <div class="form_row">
                    <div class="terms">
                    <input type="checkbox" name="terms" />
                    Remember me
                    </div>
                </div> 


                <div class="form_row">
                <input type="submit" class="register" value="login" />
                </div>   
</form>
user2854076
  • 83
  • 3
  • 6
  • problem could be in your form itself; you should post it. Use error reporting in the meantime to catch and display http://php.net/manual/en/function.error-reporting.php – Funk Forty Niner Oct 01 '15 at 12:37
  • I tried both, but the problem I am having is assigning a value to $password. Unless there is an easier way to check whether the input password is the same as the one stored in the database – user2854076 Oct 01 '15 at 12:43
  • thats what this is for, except it is returning the varible as blank while(oci_fetch_array($login_stmt)) { $password = oci_result($login_stmt,"Password"); } – user2854076 Oct 01 '15 at 12:45
  • Change your query to `SELECT Username, Password FROM users WHERE Username='%".$user."%'` – Epodax Oct 01 '15 at 12:46
  • Still returning $password as blank – user2854076 Oct 01 '15 at 12:47
  • you're using LIKE syntax `WHERE Username='%".$user."%'` which should technically read as `WHERE Username LIKE '%".$user."%'`. But you want to check for truthness and not likeness `WHERE Username='".$user."'` – Funk Forty Niner Oct 01 '15 at 12:59
  • The problem wasn't finding the password. I had to select all of the values from the database instead of the one and sort through them afterwards. The problem is solved now. – user2854076 Oct 01 '15 at 13:03
  • great, either post your own answer or you can delete the question. Far as I'm concerned, the answer given below should have been posted as a comment. Edit: they decided to delete their "answer". – Funk Forty Niner Oct 01 '15 at 13:04

2 Answers2

0

problem is sql return 0 rows, bacase if u using in where clause % U must use like operator, not =

use this sql:

$sql_login = "SELECT Username FROM users WHERE Username like '%".$user."%'";

Here is good informatioun about this:

Equals(=) vs. LIKE

Community
  • 1
  • 1
Michal Hože
  • 116
  • 4
0

In $password = oci_result($login_stmt,"Password"); the word "Password" must be written on CAPS so it will be something like

$password = oci_result($login_stmt,"PASSWORD");

Worked that way for me

Ricardo Nuñez
  • 1