session login page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
petroz
Forum Newbie
Posts: 16
Joined: Sun Sep 06, 2009 11:56 pm

session login page

Post by petroz »

Hi Guys,

Newb here....

I am trying to create a login page and use sessions. Right now, I am not getting any errors with the code, it just seems to do nothing after I submit the username and password.... Any help would be greatly appreciated.

I checked to make sure, and there is a user and password for every single user I attempt to login with.

Thanks,
P

Code: Select all

 <?php 
 
include 'db.php';
 
// Add slashes to the username, and make a md5 checksum of the password. 
$user = addslashes($_POST['username']); 
$pass = md5($_POST['password']); 
 
$result = mysql_query("SELECT count(bus_id) FROM businesses WHERE password='$pass' AND bus_id='$user' LIMIT 1") or trigger_error('Query failed: ' . mysql_error($db), E_USER_ERROR); 
$num = mysql_result($result, 0);
//$row = mysql_fetch_array($result);
//$num = $row['bus_id'];
 
if (!$num) 
 
{
 
// When the query didn't return anything, 
// display the login form. 
 
echo "<h3>User Login</h3> 
<form action='$_SERVER[PHP_SELF]' method='post'> 
Username: <input type='text' name='username'><br> 
Password: <input type='password' name='password'><br><br> 
<input type='submit' value='Login'> 
</form>"; 
 
} else {
 
// Start the login session 
session_start(); 
 
echo "Hello";
 
// We've already added slashes and MD5'd the password 
$_SESSION['username'] = $_POST['username']; 
$_SESSION['password'] = $_POST['password']; 
 
// All output text below this line will be displayed 
// to the users that are authenticated. Since no text 
// has been output yet, you could also use redirect 
// the username to the next page using the header() function. 
// header('Location: page2.php'); 
 
echo "<h1>Welcome</h1>"; 
echo "You're now logged in. Try visiting <a href='update_info_form.php'>Update Info Form</a>."; 
 
} 
 
?> 
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: session login page

Post by Eric! »

So are you not seeing the "hello"? Are the passwords in your database md5 encoded too?
petroz
Forum Newbie
Posts: 16
Joined: Sun Sep 06, 2009 11:56 pm

Re: session login page

Post by petroz »

Thanks for the response. All the PW's are md5 encoded. Here is a bus_id and password that exists.

bus_id password
eric f4b00a307fa831ef56ef7117c

Thanks,
P
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: session login page

Post by Eric! »

So I assume you are not seeing the "hello" echo?

The only reason that would happen is if your database isn't matching your conditional statement. You are trying to do a numerical comparision on a resource. Try

$num=mysql_num_rows($result);
and change your if($num>0)

Because
$num=mysql_result($result,0); returns the resource information of $result, not an int.

or keep $num=mysql_result($result,0) and change your conditional to check for a resource. if(is_resource($num)) .....
petroz
Forum Newbie
Posts: 16
Joined: Sun Sep 06, 2009 11:56 pm

Re: session login page

Post by petroz »

Hi Eric,

Yes, I am not seeing "Hello".

I made the first change you noted but nothing is changing... Here is the updated code just to make sure I did it right.

Thanks in advance for looking!
P

Code: Select all

<?php 
 
include 'db.php';
 
// Add slashes to the username, and make a md5 checksum of the password. 
$user = addslashes($_POST['username']); 
$pass = md5($_POST['password']); 
 
$result = mysql_query("SELECT count(bus_id) FROM businesses WHERE password='$pass' AND bus_id='$user' LIMIT 1") or trigger_error('Query failed: ' . mysql_error($db), E_USER_ERROR); 
$num=mysql_num_rows($result);
 
print $results;
 
//$num = mysql_result($result, 0);
//$row = mysql_fetch_array($result);
//$num = $row['bus_id'];
 
//if (!$num) 
if($num>0)
 
{
 
// When the query didn't return anything, 
// display the login form. 
 
echo "<h3>User Login</h3> 
<form action='$_SERVER[PHP_SELF]' method='post'> 
Username: <input type='text' name='username'><br> 
Password: <input type='password' name='password'><br><br> 
<input type='submit' value='Login'> 
</form>"; 
 
} else {
 
// Start the login session 
session_start(); 
 
echo "Hello";
 
// We've already added slashes and MD5'd the password 
$_SESSION['username'] = $_POST['username']; 
$_SESSION['password'] = $_POST['password']; 
 
// All output text below this line will be displayed 
// to the users that are authenticated. Since no text 
// has been output yet, you could also use redirect 
// the username to the next page using the header() function. 
// header('Location: page2.php'); 
 
echo "<h1>Welcome</h1>"; 
echo "You're now logged in. Try visiting <a href='update_info_form.php'>Update Info Form</a>."; 
 
} 
 
?>
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: session login page

Post by Eric! »

Sorry, in your code the if statement should be looking for the failed case, so you want
if($num<1) or if($num==FALSE)

If this doesn't work then you should double check to make sure your query is working right and it is matching the data in your database.
petroz
Forum Newbie
Posts: 16
Joined: Sun Sep 06, 2009 11:56 pm

Re: session login page

Post by petroz »

Thanks for the help. That didnt work for me though.. I was getting a error on the or part of the if statement. Anyways, I found a more complete example script out there. Everything seems to be working fine on this script except passing the correct password during login. It keeps on telling me that my password is incorrect. I think the problem is here

Code: Select all

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
But I am not sure... Here is the entire script and a example user from the db.

Thanks for all the help so far,
P

Code: Select all

<?php
// Connects to your Database 
include 'db.php';
 
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
 
//if there is, it logs you in and directes you to the members page
{ 
$username = $_COOKIE['ID_my_site']; 
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM businesses WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check )) 
{
if ($pass != $info['password']) 
{
}
else
{
header("Location: members.php");
 
}
}
}
 
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
 
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
 
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT username , password FROM businesses WHERE username = '".$_POST['username']."'")or die(mysql_error());
 
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check )) 
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
 
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else 
{ 
 
// if login is ok then we add a cookie 
$_POST['username'] = stripslashes($_POST['username']); 
$hour = time() + 3600; 
setcookie(ID_my_site, $_POST['username'], $hour); 
setcookie(Key_my_site, $_POST['pass'], $hour);  
 
//then redirect them to the members area 
header("Location: members.php"); 
} 
} 
} 
else 
{   
 
// if they are not logged in 
?> 
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 
<table border="0"> 
<tr><td colspan=2><h1>Login</h1></td></tr> 
<tr><td>Username:</td><td> 
<input type="text" name="username" maxlength="40"> 
</td></tr> 
<tr><td>Password:</td><td> 
<input type="password" name="pass" maxlength="50"> 
</td></tr> 
<tr><td colspan="2" align="right"> 
<input type="submit" name="submit" value="Login"> 
</td></tr> 
</table> 
</form> 
<?php 
} 
 
?>
username password
peter 616cf81536ec18be23a5c5a83
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: session login page

Post by Eric! »

The previous method with the fetch_num_rows will work fine. But as this other script shows you have a problem matching your md5 passwords.

Have you compared your $_POST['password'] with your database? Work backwards by making a user/password without md5 and run your script without md5 to make things simple. Try hardcoding something to see if it has to do with your form submission.

Also if you're entering forms with firefox it will often insert a linefeed when you hit return. So use the trim() function to clean up all your form fields before md5 or stripslashes.
Post Reply