Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Nov 2006
    Posts
    601
    Thanks
    1
    Thanked 2 Times in 2 Posts

    login not working :S

    i have been imroving my login system but it does not seem to work... all it does is refresh my page..

    login.php
    PHP Code:
    <?php <link rel="stylesheet" type="text/css" href="css/login.css">

    <
    table width="150" border="1" cellpadding="3" cellspacing="0" bordercolor="#000000">
      <
    tr>
        <
    td width="200" bordercolor="99b3b4" bgcolor="99b3b4"><span class="style5">
          <
    center>
          <
    em><u>Login</u></em>
            </
    center></span></td>
      </
    tr>
      <
    tr>
        <
    td bordercolor="99b3b4" bgcolor="#FFFFFF" ><form action="<?=$_SERVER['PHP_SELF']?>" method="post">

                <
    input type="hidden" name="_submit_check" value="1"/>
                  <
    div style="margin-top:12px; margin-bottom:10px">    
                    <
    span class="style4"><em>Username:                </em></span>
                    <
    input class="input" type="text" name="username" id="username" size="25" maxlength="30" value="" />
              </
    div>
    <
    div style="margin-top:12px; margin-bottom:10px">
                    <
    span class="style4"><em>Password:</em></span>
          <
    input class="input" type="password" name="password" id="password" size="25" maxlength="30" />
    </
    div>
    <
    center><?php if ( ALLOW_REMEMBER_ME ):?>
                
                    <input type="checkbox" name="remember" id="remember" />
                    <label for="remember">Remember me</label>
            
                <?php endif;?></center>
                        <table width="150" align="center">
                  <tr>
                    <td width="97" align="center" valign="middle"><div align="center">
                      <input name="Login" type="image"  class="submit-btn" title="submit" value="Login" src="images/btn.gif" alt="submit"  align="middle" />
                    </div></td>
                    <td width="41" align="center" valign="middle">&nbsp;</td>
                  </tr>
                </table>            
                <center>
                  <span class="style8"><a href="http://www.runningprofiles.com/register.php" onclick="NewWindow(this.href,'register','240','500','no','center');return false" onfocus="this.blur()" class="style6">
                Register</a> / <a href="forgot_password.php" onclick="NewWindow(this.href,'forgot_password','270','250','no','center');return false" onfocus="this.blur()" class="style6">Lost Password </a></span>
              

        </center>  <center>
        <div  style="margin-top:12px; margin-bottom:10px"    id="log">
    <?php if ( isset( $error ) ) { echo '            <p class="error">' $error '</p>' "\n";}?>
        </div>         </center>
        </form></td>
      </tr>
    </table>

        
    <!-- here is the function for the popup window dont delete jarratt -->

    <script>
    var win=null;
    function NewWindow(mypage,myname,w,h,scroll,pos){
    if(pos=="random"){LeftPosition=(screen.availWidth)?Math.floor(Math.random()*(screen.availWidth-w)):0;TopPosition=(screen.availHeight)?Math.floor(Math.random()*((screen.availHeight-h)-75)):0;}
    if(pos=="center"){LeftPosition=(screen.availWidth)?(screen.availWidth-w)/2:0;TopPosition=(screen.availHeight)?(screen.availHeight-h)/2:0;}
    if(pos=="default"){LeftPosition=0;TopPosition=0}
    else if((pos!="center" && pos!="random" && pos!="default") || pos==null){LeftPosition=0;TopPosition=20}
    settings='width='+w+',height='+h+',top='+TopPosition+',left='+LeftPosition+',scrollbars='+scroll+',location=no,directories=no,status=no,menubar=no,toolbar=no,resizable=no';
    win=window.open(mypage,myname,settings);
    if(win.focus){win.focus();}}
    function CloseNewWin(){if(win!=null && win.open)win.close()}
    window.onfocus=CloseNewWin;</script>
    then loginfunction.php

    PHP Code:
    <?php
    if(isset($_GET['login'])) {
    //removes sql injections from the data
    $usernamehtmlspecialchars(addslashes($_POST[username])); 
    //encrypts the password
    $password sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST[password]))))))));
    //gets the username data from the members database
    $uinfo mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error()); 
    //see if the user exists
    $checkuser mysql_num_rows($uinfo);
    //if user name not found in database error
    if($checkuser == '0')
    {
    echo 
    "Username not found";
    }else{
    //fetch the sql
    $udata mysql_fetch_array($uinfo);
    //checks see if the account is verified
    if($udata[userlevel] == 1) { 
    echo 
    "This account had not been verified.";
    }
    //if it is continue
    else
    //if the db password and the logged in password are the same login
    if($udata[password] == $password) {
    $query mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error()); 
    //fetchs the sql
    $user mysql_fetch_array($query);
    //sets the logged session
    $_SESSION['id'] = "$user[id]";
    $_SESSION['password'] = "$user[password]";

    echo 
    "You are now logged in, Please wait. . .";
    //redirects them
    echo "<meta http-equiv='Refresh' content='2; URL=/members/index.php'/>";
    }
    //wrong password
    else{
    echo 
    "Incorrect username or password!"
    }
    }
    }
    echo 
    "<center>";
    ?>


    i will also add register.php so you can see how the data is beeing put into the table

    register.php
    PHP Code:
    <?php
    session_start
    (); //allows session
    include "config.php";
    echo 
    "<center>";
    //checks if there trying to veriy there account
    if(isset($_GET['verify'])) {
    //gets the code and makes it safe
    $code addslashes($_GET['code']);
    //gets the code from the database
    $getcode=mysql_query("SELECT * FROM `verification` WHERE `code` = '$code'");
    //counts the number of rows
    $getcode mysql_num_rows($getcode);
    //if the ammount of rows is 0 the code does not exist
    if($getcode == 0) { 
    echo 
    "Invalid verification code!"

    //or if the code does exist we will activiate there account
    else{
    //get the data from the database
    $getcode=mysql_query("SELECT * FROM `verification` WHERE `code` = '$code'");
    //fetchs the data from the db
    $dat mysql_fetch_array($getcode);
    //sets the users user level to 2 which means they can now use there account
    $update mysql_query("UPDATE `members` SET `userlevel` = '2' WHERE `username` = '".$dat['username']."'") or die(mysql_error());
    //deletes the code as there is no use of it now
    $delete mysql_query("DELETE FROM `verification` WHERE code = '$code'");
    //says thanks and your account is ready for use
    echo "Thank you, Your account has been verified.";
    }
    }else
    //if we have posted the register for we will register this user
    if(isset($_GET['register'])) {
    //check to see if any fields were left blank
    if((!$_POST[username]) || (!$_POST[password]) || (!$_POST[cpassword]) || (!$_POST[email])) {
    echo 
    "A field was left blank please go back and try again.";
    }else{
    //posts all the data from the register form
    $username $_POST[username]; 
    $password $_POST[password]; 
    $cpassword $_POST[cpassword]; 
    $email $_POST[email];
    //check see if the 2 passwords are the same
    if($password == $cpassword)
    {
    //encrypts the password 8 times
    $password sha1(md5(md5(sha1(md5(sha1(sha1(md5($password)))))))); 
    $cname mysql_query("SELECT `username` FROM `members` WHERE `username` = '$username'"); 
    $cnamemysql_num_rows($cname); 
    //checks to see if the username or email allready exist
    if($cname>=1) { 
    echo 
    "The username is already in use"
    }else{
    //gets rid of bad stuff from there username and email
    $username addslashes(htmlspecialchars($username)); 
    $email addslashes(htmlspecialchars($email));

    if(
    $semail == "1") { // $email set as 1 means email activation is active
    //adds them to the db
    $adduser mysql_query("INSERT INTO `members` (`username`, `password`, `email`) VALUES('$username','$password','$email')");
    //posible letters for the verification code
    $alphanum  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
    //shuffles the letters around to create a 16 long code
    $code substr(str_shuffle($alphanum), 016); 
    //adds there code along with there user name to the db
    $addcode mysql_query("INSERT INTO `verification` (`username`, `code`) VALUES('$username','$code')");
    //don't edit this, this is the link for there activication
    $link "http://$host$self?verify&code=$code";
    //sends the email to the person
    mail("$email""Member-Ship Validation""Thank you for registering on $sitename.
    Please copy the below link into you address bar,

    $link"
    "From: Site Verification");
    //message sent now lets tell them to check there email
    echo "You are now registered,<br><br>Please check your email to activate your account.";
    }else{ 
    //no need for email activation
    $adduser mysql_query("INSERT INTO `members` (`username`, `password`, `email`, `userlevel`) VALUES('$username','$password','$email','2')");
    echo 
    "You are now registered,<br><br>You can now loggin to your account";
    }
    }
    }else{
    echo 
    "Your password and conformation password do not match!";
    }
    }
    }else{
    //none of the above so lets show the register form
    echo "<form action='register.php?register' method='post'>
    <table width='350'>
      <tr>
        <td width='150'>Username:</td>
        <td width='200'><input type='text' name='username' size='30' maxlength='25'></td>
      </tr>
      <tr>
        <td>Password:</td>
        <td><input type='password' name='password' size='30' maxlength='25'></td>
      </tr>
      <tr>
        <td>Confirm Password:</td>
        <td><input type='password' name='cpassword' size='30' maxlength='25'></td>
      </tr>
      <tr>
        <td>Email:</td>
        <td><input type='text' name='email' size='30' maxlength='55'></td>
      </tr>
      <tr>
        <td colspan='2'><center><input type='submit' value='Register'></center></td>
      </tr>
    </table>
    </form>"
    ;
    }
    echo 
    "<center>";
    ?>
    Last edited by runnerjp; 05-09-2008 at 03:40 PM.

  • #2
    Senior Coder TheShaner's Avatar
    Join Date
    Sep 2005
    Location
    Orlando, FL
    Posts
    1,126
    Thanks
    2
    Thanked 40 Times in 40 Posts
    Well, just looking at it real quick, I hope that your login.php page has an include or require that adds your loginfunction.php.

    Once you have that added, you'll need to change:
    PHP Code:
    if(isset($_GET['login'])) { 
    to
    PHP Code:
    if(isset($_POST['_submit_check'])) { 
    There are two things I changed and we'll start with the most important.

    1. $_GET was changed to $_POST as your login form is using method="post" (login forms definitely should not use method="get", so you had that right)
    2. login was changed to _submit_check because if someone hits Enter rather than clicking the submit button, nothing happens since the submit button called Login was never used. Using a hidden input with a value is the best way to check whether your form has been submitted. The funny thing is that you have this input in your form, but you just weren't using it.


    -Shane

  • #3
    Regular Coder
    Join Date
    Nov 2006
    Posts
    601
    Thanks
    1
    Thanked 2 Times in 2 Posts
    wahooo ty that works a treat

    and ty very much for the very easy to follow explanation!

  • #4
    Regular Coder
    Join Date
    Feb 2005
    Posts
    663
    Thanks
    5
    Thanked 14 Times in 14 Posts
    Wow.. This is a pretty nice login script. Would you be willing to share the rest of it for other to try and use elsewhere? I really like that you created something that will email the user a verification code, etc.

  • #5
    Regular Coder
    Join Date
    Nov 2006
    Posts
    601
    Thanks
    1
    Thanked 2 Times in 2 Posts
    haha i will do...just let me work out sum "kinks" in the system lol like error messages and stuff


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •