Page 1 of 1
session login page
Posted: Mon Sep 07, 2009 12:00 am
by petroz
Hi Guys,
Newb here....
I am trying to create a login page and use sessions. Right now, I am not getting any errors with the code, it just seems to do nothing after I submit the username and password.... Any help would be greatly appreciated.
I checked to make sure, and there is a user and password for every single user I attempt to login with.
Thanks,
P
Code: Select all
<?php
include 'db.php';
// Add slashes to the username, and make a md5 checksum of the password.
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);
$result = mysql_query("SELECT count(bus_id) FROM businesses WHERE password='$pass' AND bus_id='$user' LIMIT 1") or trigger_error('Query failed: ' . mysql_error($db), E_USER_ERROR);
$num = mysql_result($result, 0);
//$row = mysql_fetch_array($result);
//$num = $row['bus_id'];
if (!$num)
{
// When the query didn't return anything,
// display the login form.
echo "<h3>User Login</h3>
<form action='$_SERVER[PHP_SELF]' method='post'>
Username: <input type='text' name='username'><br>
Password: <input type='password' name='password'><br><br>
<input type='submit' value='Login'>
</form>";
} else {
// Start the login session
session_start();
echo "Hello";
// We've already added slashes and MD5'd the password
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
// All output text below this line will be displayed
// to the users that are authenticated. Since no text
// has been output yet, you could also use redirect
// the username to the next page using the header() function.
// header('Location: page2.php');
echo "<h1>Welcome</h1>";
echo "You're now logged in. Try visiting <a href='update_info_form.php'>Update Info Form</a>.";
}
?>
Re: session login page
Posted: Mon Sep 07, 2009 12:43 am
by Eric!
So are you not seeing the "hello"? Are the passwords in your database md5 encoded too?
Re: session login page
Posted: Mon Sep 07, 2009 12:48 am
by petroz
Thanks for the response. All the PW's are md5 encoded. Here is a bus_id and password that exists.
bus_id password
eric f4b00a307fa831ef56ef7117c
Thanks,
P
Re: session login page
Posted: Mon Sep 07, 2009 12:54 am
by Eric!
So I assume you are not seeing the "hello" echo?
The only reason that would happen is if your database isn't matching your conditional statement. You are trying to do a numerical comparision on a resource. Try
$num=mysql_num_rows($result);
and change your if($num>0)
Because
$num=mysql_result($result,0); returns the resource information of $result, not an int.
or keep $num=mysql_result($result,0) and change your conditional to check for a resource. if(is_resource($num)) .....
Re: session login page
Posted: Mon Sep 07, 2009 1:23 am
by petroz
Hi Eric,
Yes, I am not seeing "Hello".
I made the first change you noted but nothing is changing... Here is the updated code just to make sure I did it right.
Thanks in advance for looking!
P
Code: Select all
<?php
include 'db.php';
// Add slashes to the username, and make a md5 checksum of the password.
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);
$result = mysql_query("SELECT count(bus_id) FROM businesses WHERE password='$pass' AND bus_id='$user' LIMIT 1") or trigger_error('Query failed: ' . mysql_error($db), E_USER_ERROR);
$num=mysql_num_rows($result);
print $results;
//$num = mysql_result($result, 0);
//$row = mysql_fetch_array($result);
//$num = $row['bus_id'];
//if (!$num)
if($num>0)
{
// When the query didn't return anything,
// display the login form.
echo "<h3>User Login</h3>
<form action='$_SERVER[PHP_SELF]' method='post'>
Username: <input type='text' name='username'><br>
Password: <input type='password' name='password'><br><br>
<input type='submit' value='Login'>
</form>";
} else {
// Start the login session
session_start();
echo "Hello";
// We've already added slashes and MD5'd the password
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
// All output text below this line will be displayed
// to the users that are authenticated. Since no text
// has been output yet, you could also use redirect
// the username to the next page using the header() function.
// header('Location: page2.php');
echo "<h1>Welcome</h1>";
echo "You're now logged in. Try visiting <a href='update_info_form.php'>Update Info Form</a>.";
}
?>
Re: session login page
Posted: Mon Sep 07, 2009 8:36 am
by Eric!
Sorry, in your code the if statement should be looking for the failed case, so you want
if($num<1) or if($num==FALSE)
If this doesn't work then you should double check to make sure your query is working right and it is matching the data in your database.
Re: session login page
Posted: Mon Sep 07, 2009 3:39 pm
by petroz
Thanks for the help. That didnt work for me though.. I was getting a error on the or part of the if statement. Anyways, I found a more complete example script out there. Everything seems to be working fine on this script except passing the correct password during login. It keeps on telling me that my password is incorrect. I think the problem is here
Code: Select all
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
But I am not sure... Here is the entire script and a example user from the db.
Thanks for all the help so far,
P
Code: Select all
<?php
// Connects to your Database
include 'db.php';
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM businesses WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: members.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT username , password FROM businesses WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
//then redirect them to the members area
header("Location: members.php");
}
}
}
else
{
// if they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>
username password
peter 616cf81536ec18be23a5c5a83
Re: session login page
Posted: Mon Sep 07, 2009 6:11 pm
by Eric!
The previous method with the fetch_num_rows will work fine. But as this other script shows you have a problem matching your md5 passwords.
Have you compared your $_POST['password'] with your database? Work backwards by making a user/password without md5 and run your script without md5 to make things simple. Try hardcoding something to see if it has to do with your form submission.
Also if you're entering forms with firefox it will often insert a linefeed when you hit return. So use the trim() function to clean up all your form fields before md5 or stripslashes.