Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 20
  1. #1
    New Coder
    Join Date
    Sep 2002
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Login Script Error

    Okay, I'm having troubles with a login script, and I have no clue what's going wrong. The problem lies in the session that's created, because it logs me in fine, but I don't stay logged in.

    This is the index.php file. htmlfns.php and all the functions in this file is just the html source, my layout etc. It has nothing to do with the script. leftcon.php is where the login script actually is.

    index.php contents:
    PHP Code:
    <? 
       session_start
    ();
       include (
    "inc/htmlfns.php");
       
    do_html_head();
       include(
    "inc/leftcon.php");
       
    do_html_middle();
    ?>

    <!-- MAIN CONTENT HERE -->


    Blahblahblah

    <!-- END MAIN CONTENT -->
    <? do_html_footer(); ?>

    leftcon.php contents:
    PHP Code:
    <? 
    session_start
    ();
    $db mysql_connect ("localhost""*****""*****") or die ('I cannot connect to the database because: ' mysql_error());
    mysql_select_db ("*****"); 


    $username $_POST['username'];
    $password $_POST['password'];

    if ((!
    $username) || (!$password)) {
    ?><center><form name=login method=post action="<? $php_self ?>">
    <? echo '<center>You are not logged in</center>
    Username: <input type=text name=username class="small" size="16">
    Password: <input type=password name=password class="small" size="16">
    <center><input type=submit value=Login></center>
    <center>Click here to register</center>
    </form></center>'
    ;
    }
    else {


    $query "SELECT * FROM user WHERE uname = '$username'";
    $result mysql_query($query$db) or die(mysql_error());
    $numRows mysql_num_rows($result);
    for (
    $count 0$count $numRows$count++) {
      
    $resultArray mysql_fetch_array($result);
    }

    $uname $resultArray["uname"];
    $pword $resultArray["pword"];

    if ((
    $username == $uname) && ($password == $pword))  {
    session_start();
    $_SESSION['username'] = $username;
    $_SESSION['password'] = $password;

    echo 
    "user is $uname, and password is $pword
    <br> <a href=\"?action=logout\" >Log Out</a>"
    ;
    }
    else echo 
    "nope";
    }

    if (
    $action == "logout") {
    session_unregister("username"); 
    session_unregister("password"); 
    }
    ?>

  • #2
    New Coder
    Join Date
    Jan 2004
    Location
    UK
    Posts
    62
    Thanks
    0
    Thanked 0 Times in 0 Posts
    try exiting the script ... ..

    echo "user is $uname, and password is $pword
    <br> <a href=\"?action=logout\" >Log Out</a>";
    }
    else echo "nope";
    exit;
    }

    if ($action == "logout") {
    session_unregister("username");
    session_unregister("password");
    }


    seems to me the script is registering the session vars & then presumimg logout is true and teh unregistering them,

    by exiting the script it should ignore logout until it is definatly true

    try it and see

    hope it helps

  • #3
    New Coder
    Join Date
    Jan 2004
    Location
    UK
    Posts
    62
    Thanks
    0
    Thanked 0 Times in 0 Posts
    i also notice you have session_start() twice on the page... should only be on the page once at the very top before any code is used at all


    eg
    <?php
    session_start();?>
    <?php

    my code here ;

    ?>
    <?php include('footer.php');?>

    hope that helps too

  • #4
    New Coder
    Join Date
    Jan 2004
    Location
    UK
    Posts
    62
    Thanks
    0
    Thanked 0 Times in 0 Posts
    also ....

    replace
    <form name=login method=post action="<? $php_self ?>">

    with
    <form name=login method=post action="<? echo $_SERVER['PHP_SELF']; ?>">

    not sure if you have defined $php_self as $_SERVER['PHP_SELF'] ; but thought id ost it and find out

  • #5
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Try canging the names of the sessionvariabes.

    so change
    $_SESSION['username'] = $username;

    into
    $_SESSION['sesusername']
    or so.

    I've noticed at some accounts of mine that having the same variablenames (although in different collections) creates problems, so i made it a codingpractice to always have unique variablenames, even across collections.


    Also:
    - you don't need the second session_start()
    - the connectionlines should be inside an include
    - the following code can be optimized
    PHP Code:
    $query "SELECT * FROM user WHERE uname = '$username'";
    $result mysql_query($query$db) or die(mysql_error());
    $numRows mysql_num_rows($result);
    for (
    $count 0$count $numRows$count++) {
      
    $resultArray mysql_fetch_array($result);
    }

    $uname $resultArray["uname"];
    $pword $resultArray["pword"];

    if ((
    $username == $uname) && ($password == $pword))  { 
    There is absolutely no point in select the complete usertable! --> use the username and pwd in a where clause. Look at the code below: only 1 variable-value pair is returned, and that gives you the same info, with far less trafic (imagen you have a usertable of a few 1000 records ...)
    and you don't need that count and for-loop --> use a while loop to loop through recrdsets.
    you should also check for sql-injection attacks, specially if you don't hash the passwords! --> if you only return the count, then an sql attack probably wount work unless they can slip in a LIMIT clasue, but that's unlikely. Still it's better to run an explicit check.

    so your code could better look like
    PHP Code:
    $query = ("SELECT Count(*) as numrec FROM user WHERE username='" $username "' AND password='" $password "'"); 
    $result mysql_query($query,$db) or die ('Queryproblem: ' mysql_error());
    if (
    $result){
        
    $row=mysql_fetch_assoc($result);
       
    mysql_free_result($result)   // free resources from recordset --> not necessary here 
       
    if ($row['numrec'] != 1){
           echo 
    'nope';
           die()    
    // stops scriptexecution
       
    } else {
           
    your code if login succeeds.
       }

    <edit>
    Posts from sitami crossed mine typing in.

    The last post about the selfreferencing form makes me believe that you have register_globals set to on (older version ?)
    Then you certainly need to try to change the sessionvariables !
    </edit>
    Last edited by raf; 01-25-2004 at 02:00 AM.

  • #6
    New Coder
    Join Date
    Jan 2004
    Location
    UK
    Posts
    62
    Thanks
    0
    Thanked 0 Times in 0 Posts
    rafs explaination was better lol

    its too early in the morning for me to think :S

  • #7
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Originally posted by sitami
    rafs explaination was better lol

    its too early in the morning for me to think :S
    It's 2 o'clock for me

    temper,

    you better also not rely on shorttags (which aren't always enabled) so better use <?php ?> instead of <? ?>.
    And while we're ripping the code appart (sorry, no bad intended), you might as well have some propper html-code and try to avoid slipping in and out php-mode.
    So
    PHP Code:
    if ((!$username) || (!$password)) {
    ?><center><form name=login method=post action="<? $php_self ?>">
    <? echo   ...
    would be
    PHP Code:
    if ((!$username) || (!$password)) {
        echo (
    '<center><form id="login" name="login" method="post" action="' $_SERVER['PHP_SELF'] . '">');
        echo   ... 
    (even if this all doesn't solve your problem, it would at least have become better buggy code )

  • #8
    New Coder
    Join Date
    Jan 2004
    Location
    UK
    Posts
    62
    Thanks
    0
    Thanked 0 Times in 0 Posts
    2am lol .. im usually awake til 6am but its startin to affect me now lol
    yeah i agree with raf .. embed the html into the php code liek raf suggested. makes your code look a lot neater + helps eradicate common mistakes .. thats what i found anyway

  • #9
    New Coder
    Join Date
    Sep 2002
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hey guys, thanks for the help. My code is more efficient now, but sadly I still don't stay logged in when I excecute the script. I'm using the code that raf posted, and I used some of the other suggestions given to me, but it wants to be stubborn. Could it not be keeping the session because I'm running the script in an included file?

    the index.php file now looks like:

    PHP Code:
    <? 
       session_start
    ();   // I have to start the session here, or it won't work
       
    include ("inc/htmlfns.php");
       
    do_html_head();
       include(
    "inc/leftcon.php");  // I include the login script here.
       
    do_html_middle();
    ?>

    <!-- MAIN CONTENT HERE -->


    Blah Blah Blah

    <!-- END MAIN CONTENT -->
    <? do_html_footer(); ?>

    This is the leftcon.php file now:
    PHP Code:

    <? 

    // I used to have a session_start() on this page, but it didn't make any difference. 
    $db mysql_connect ("localhost""*****""*****") or die ('I cannot connect to the database because: ' mysql_error());
    mysql_select_db ("*****"); 

    $username $_POST['username'];
    $password $_POST['password'];

    if ((!
    $username) || (!$password)) {
    echo (
    '<center><form id="login" name="login" method="post" action="' $_SERVER['PHP_SELF'] . '">');
    echo 
    '<center>You are not logged in</center>
    Username: <input type=text name=username class="small" size="16">
    Password: <input type=password name=password class="small" size="16">
    <center><input type=submit value=Login></center>
    <center>Click here to register</center>
    </form></center>'
    ;
    }
    else {

    $query = ("SELECT Count( * ) AS numrec FROM user WHERE uname = '" $username "' AND pword = '" $password "' "); 
    $result mysql_query($query,$db) or die ('Error:' mysql_error());
    if (
    $result){
        
    $row mysql_fetch_assoc($result);
        
    mysql_free_result($result);
       if (
    $row['numrec'] != 1){
           echo 
    'nope';
           die();    
    // stops scriptexecution
       
    } else {
         
    $_SESSION['sesusername'] = $username;
         
    $_SESSION['sespassword'] = $password;

       }
    }
    }

    if (
    $action == "logout") {
    session_unregister("sesusername"); 
    session_unregister("sespassword"); 
    }
    ?>
    Any ideas what I'm doing wrong? Is it not working perhaps because I declare the session_start in the index.php file, and the login script is included, thus for some reason not interacting with the index.php file?

    Thanks in advance.

  • #10
    New Coder
    Join Date
    Sep 2002
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I hate sounding rude, but can anyone help me?

  • #11
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Whether the code is inside an include or not makes no difference.

    Lets try some clasic debugging and change
    PHP Code:
    $query = ("SELECT Count( * ) AS numrec FROM user WHERE uname = '" $username "' AND pword = '" $password "' "); 
    $result mysql_query($query,$db) or die ('Error:' mysql_error());
    if (
    $result){
        
    $row mysql_fetch_assoc($result);
        
    mysql_free_result($result);
       if (
    $row['numrec'] != 1){
           echo 
    'nope';
           die();    
    // stops scriptexecution
       
    } else {
         
    $_SESSION['sesusername'] = $username;
         
    $_SESSION['sespassword'] = $password;

       }

    into
    PHP Code:
    $query = ("SELECT Count( * ) AS numrec FROM user WHERE uname = '" $username "' AND pword = '" $password "' "); 
    echo (
    'Executed query = ' $query );  // remove after debugging
    $result mysql_query($query,$db) or die ('Error:' mysql_error());
    if (
    $result){
        
    $row mysql_fetch_assoc($result);
       echo  (
    '<br />Number of matched rows = ' $row['numrec'] ); // remove after debugging
       
    mysql_free_result($result);
       if (
    $row['numrec'] != 1){
           echo 
    'nope';
           die();    
    // stops scriptexecution
       
    } else {
         echo (
    '<br />Logged in now'); // remove after debugging
    /* If you see the 'logged in now' on screen, then the session should be set. So were gonne print then*/
         
    $_SESSION['sesusername'] = $username;
         
    $_SESSION['sespassword'] = $password;
    die (
    '<br />sesusername = ' .  $_SESSION['sesusername']);  // remove after debugging
    /* The scriptexecution is stoppen after the sessionvar is printed.
    If no value is printed for the sessionvar, then your PHP version is probably
    lower the 4.0.6 and then you need to use
    $HTTP_SESSION_VARS['sesusername'] = $username;


    If a value is printed, then the problem must lie further down i the script
    Then add
    echo ('action=' . $action);
    or else the problem is somewhere iside code tou didn't include */
       
    }

    which will tell you what i going on. Then check the comments above and add the extra code i suggest inthere.

    It might also be intresting to include
    phpinfo() ;
    inside a page and then look if register_globvals in on and what php version your using.

  • #12
    New Coder
    Join Date
    Sep 2002
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the help, but for some reason I still have trouble. I checked my phpinfo(); and register_globals is turned on, and my server is running php 4.3.3.

    I think to help you understand I'll give you a link to the site.
    See what if you can see what's going on when you log in @http://www.pwcs.ca/index.php

    The code for the index.php file is the same, and the leftcontent now looks like this: (note, I removed all the "die" commands since the layout is before and after the login script, and I want the page to load).

    PHP Code:
    <? session_start(); ?>
    <a href="http://www.pwcs.ca/index.php">Test Session 1</a><br>
    <a href="http://www.pwcs.ca/index2.php">Test Session 2</a><br>
    <br><br><br>

    <? 

    $db 
    mysql_connect ("localhost""****""****") or die ('I cannot connect to the database because: ' mysql_error());
    mysql_select_db ("pwcs36_db"); 


    $username $_POST['username'];
    $password $_POST['password'];

    if ((!
    $username) || (!$password)) {
    echo (
    '<center><form id="login" name="login" method="post" action="' $_SERVER['PHP_SELF'] . '">');
    echo 
    '<center>You are not logged in</center>
    Username: <input type=text name=username class="small" size="16">
    Password: <input type=password name=password class="small" size="16">
    <center><input type=submit value=Login></center>
    <center>Click here to register</center>
    </form></center>'
    ;
    }
    else {

    $query = ("SELECT Count( * ) AS numrec FROM user WHERE uname = '" $username "' AND pword = '" $password "' "); 
    echo (
    'Executed query = ' $query );  // remove after debugging
    $result mysql_query($query,$db) or die ('Error:' mysql_error());
    if (
    $result){
        
    $row mysql_fetch_assoc($result);
       echo  (
    '<br />Number of matched rows = ' $row['numrec'] ); // remove after debugging
       
    mysql_free_result($result);
       if (
    $row['numrec'] != 1){
           echo 
    'nope';
       } else {
         echo (
    '<br />Logged in now'); // remove after debugging
    /* If you see the 'logged in now' on screen, then the session should be set. So were gonne print then*/
         
    $_SESSION['sesusername'] = $username;
         
    $_SESSION['sespassword'] = $password;
    echo (
    '<br />sesusername = ' .  $_SESSION['sesusername']);  // remove after debugging
    /* The scriptexecution is stoppen after the sessionvar is printed.
    If no value is printed for the sessionvar, then your PHP version is probably
    lower the 4.0.6 and then you need to use
    $HTTP_SESSION_VARS['sesusername'] = $username;


    If a value is printed, then the problem must lie further down i the script
    Then add
    echo ('action=' . $action);
    or else the problem is somewhere iside code tou didn't include */
       
    }
    }

    }
    if (
    $action == "logout") {
    session_unregister("username"); 
    session_unregister("password"); 
    }
    ?>
    Thank you for taking the time to help me out so much so far.
    Last edited by Temper; 01-27-2004 at 06:18 PM.

  • #13
    New Coder
    Join Date
    Sep 2002
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'm only going to bump it this last time, so I won't annoy you guys too much. I just don't know what to do.

  • #14
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    OK. So everything for the login is fine and you are logged in and the sessions or set.

    So read the comment and use the

    echo ('action=' . $action);

    to see what value it has. If it is (logout', then that is the problem. If its not, then your problem is inside other code that is executed later on in some code you don't show here.

  • #15
    New Coder
    Join Date
    Sep 2002
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I've read up on sessions some more and I've made some changes to the script, and I stay logged in now (the sessions work), and I'm wondering if the way I have it done is good.

    instead of

    PHP Code:
    $username $_POST['username'];
    $password $_POST['password'];

    if ((!
    $username) || (!$password)) {
    echo (
    '<center><form id="login" name="login" method="post" action="' $_SERVER['PHP_SELF'] . '">');
    echo <
    center>You are not logged in</center>

                   ........................... 
    I've changed it to

    PHP Code:
    if((!$username) || (!$password)){
    $_SESSION['username'] = $_POST['username'];
    $_SESSION['password'] = $_POST['password'];
    $username $_SESSION['username'];
    $password $_SESSION['password'];


    Is this a good way to code it?


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •