Login Script for PostGreSQL and PHP not working =[

Question

Ok I'm quite new at logins what not so bare with me here lol but I gota learn so don't discourage me.

I tried this so far

<?php

$error = "";

$conn = pg_connect("host=localhost dbname=brittains_db user=brittains password=XXXX" );

$sql = "SELECT * FROM logins";
$result = pg_query($conn, $sql);




if($_SERVER["REQUEST_METHOD"] == "GET") {

    $userName="";
    $password="";

}

else if($_SERVER["REQUEST_METHOD"] == "POST") {

    $userName=trim($_POST["userNameLogin"]);
    $password=trim($_POST["passwordLogin"]);

    if(pg_fetch_result($results, $userName, "userName")==true && pg_fetch_result($results, $password, "userName")==true) {

        setcookie("userIDforDV", $userName, time()+43200);

    }
    else {

        $error = "Your username and or password is incorrect";

    }

}

$userName = $_COOKIE['userIDforDV'];

if(isset($userName) && $userName!="") {

    echo "Welcome " . $userName;

}

echo $error;

?>

<form action="<?php echo $_SERVER['PHP_SELF'];  ?>" method="post">
    <table>
        <tr>
            <td class="signupTd">
                User Name:&nbsp;
            </td>
            <td>
                <input type="text" name="userNameLogin" value="" size="20" />
            </td>
        </tr>
        <tr>
            <td class="signupTd">
                Password:&nbsp;
            </td>
            <td>
                <input type="password" name="passwordLogin" value="" size="20" />
            </td>
        </tr>
        <tr>
            <td class="signupTd" colspan="2">
                <input type="submit" name="submit" value="Submit"/>
            </td>
        </tr>
    </table>
</form>

that was the idea I came up with... but its prolly a really bad idea and it doesn't work... how might I go about this properly? I need really detailed descriptions please.

btw my SQL is

CREATE TABLE logins(
    userName VARCHAR(25) NOT NULL PRIMARY KEY,
    password VARCHAR(25) NOT NULL,
    firstName VARCHAR NOT NULL,
    lastName VARCHAR NOT NULL,
    ageDay INTEGER NOT NULL,
    ageMonth INTEGER NOT NULL,
    ageYear INTEGER NOT NULL,
    email VARCHAR(255) NOT NULL,
    createDate DATE
);

and my registration form has already been made and is working and I do have users in my database... they just can't login lol

Thanks a tun Shelby

Answer 1

check http://php.net/manual/en/function.pg-fetch-result.php 's comments. edit : password should be varchar(32) and use md5 passwords (or even better 64 and use sha1). also I'm not familiar with pgSQL in general, however IMO the correct way would be to use an sql query to check instead of using pg_fetch_result.

$query = "SELECT * FROM logins WHERE userName = '$userName' AND password = md5('$password');";
$result = pg_query($conn, $query);
if(pg_num_rows($result) != 1) {
    // do error stuff
} else {
    // user logged in
}

Answer 2

If you would like to see a phenominal login script in action (and thereby learn from it) Check out jpmaster77's core: http://evolt.org/node/60384 It has a strong class based infrastructure and takes full advantage of your object-oriented background. It works out of the box & is free.

glhf