my script below worked perfect on PHP 4.0 but my ISP upgraded to PHP 5.6 and now there seems to be something wrong (it does not connect to mySQL, etc), any help is appreciated
Many thanks
<?php
$userdb="var1";
$pass="var2";
$database="var3";
mysql_connect("sql.servername.com",$userdb,$pass);
@mysql_select_db($database) or die ( header('location: status4.htm') );
$match = "select id from USER_ACCOUNTS where username = '$username' and password = '$password'";
$qry = mysql_query($match)
or die ( header('location: status.htm?status=9') );
$num_rows = mysql_num_rows($qry);
// Valid Username and Password
if ($num_rows > 0) {
$qry = "SELECT * FROM USER_ACCOUNTS WHERE username like '%" . $username . "%'";
$res = mysql_query($qry);
$output='';
while($row = mysql_fetch_assoc($res)){
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
?>
Here is the mySQL 4.0 Table
id viewUsername viewPassword username password name title email admin file file2 file3 file4
1 user1 pass123 USER1 Manager email1 1 file1 file2 file3 file4
Here you go example with PDO prepared statements
<?php
error_reporting(1);
ini_set('display_errors', '1');
// mysql connection
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'mydatabase';
$dbh = new PDO('mysql:host='.$db_host.';dbname='.$db_name.';charset=utf8', $db_user, $db_pass);
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $dbh->prepare("SELECT * FROM USER_ACCOUNTS WHERE username = :username AND password = :password");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
$number_of_rows = $stmt->fetchColumn();
// Valid Username and Password
if ($number_of_rows > 0)
{
$row = $stmt->fetchAll();
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
}
?>
And html form
<form action="" method="post">
<input type="text" name="username" placeholder="Username"><br />
<input type="password" name="password" placeholder="Password"><br />
<input type="submit" name="submit" value="Login">
</form>
Update
<?php
error_reporting(1);
ini_set('display_errors', '1');
// mysql connection
$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'mydatabase';
$mysqli = new mysqli($db_host, $db_user, $db_pass, $db_name);
/* check connection */
if (mysqli_connect_errno())
{
echo "Connect failed: " . mysqli_connect_error();
exit();
}
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT * FROM USER_ACCOUNTS WHERE username = ? AND password = ?"))
{
/* bind parameters for markers */
$stmt->bind_param("s", $username);
$stmt->bind_param("s", $password);
/* execute query */
$stmt->execute();
$number_of_rows = $stmt->rowCount();
// Valid Username and Password
if ($number_of_rows > 0)
{
$row = $stmt->fetchAll();
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
/* close statement */
$stmt->close();
}
}
$mysqli->close();
?>
And try this
<?php
error_reporting(1);
ini_set('display_errors', '1');
$conn = mysqli_connect('host', 'username', 'password', 'table name');
/* check connection */
if (mysqli_connect_errno())
{
echo "Connect failed: " . mysqli_connect_error();
exit();
}
// submit form
if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$query = mysqli_query($conn, "SELECT * FROM USER_ACCOUNTS WHERE username = '$username' AND password = '$password'");
if ($query)
{
// Valid Username and Password
if (mysqli_row_count($query) > 0)
{
$row = mysqli_fetch_array($query);
$output = '';
while($row)
{
// loop through all returned results
$output .= '&viewUsername=' . $row['viewUsername'] . '&viewPassword=' . $row['viewPassword'] . '&username=' . $row['username'] . '&password=' . $row['password'] . '&name=' . $row['name'] . '&title=' . $row['title'] . '&email=' . $row['email'] . '&admin=' . $row['admin'] . '&file=' . $row['file'] . '&file2=' . $row['file2'] . '&file3=' . $row['file3'] . '&file4=' . $row['file4'];
echo "&status=1";
echo $output;
}
}
}
}
?>