Page 1 of 1

Login Script - Help Needed

Posted: Tue Jul 29, 2003 3:04 am
by daniworldwide
Hey, uh, I'm having some issues with a simple login script. I've written a login script no problem at all, hell, I've written a whole simple text-based sim game. I don't know what the problem is with this, though.

Login.php:

Code: Select all

<form method="post" action="log.php">
<b>Play:<BR>
<table border="0">
<tr><td><td><td>
<font color="#002346">Login:<td><input type="text" size="10" name="mlogin"><BR><tr>
<td><td><td><font color="#002346">Password:<td><input type="password" size="10" name="mpass"></table>
<input type="Submit" name="login" value="Login!"><BR></form>
Log.php

Code: Select all

<?php

include ('dbconnect.php');


$mlogin = $_POST['mlogin'];
$mpass = $_POST['mpass'];

if ($mlogin != "" and $mpass != "")
{


$result = mysql_query("SELECT * FROM members WHERE mlogin='$mlogin' and mpass='$mpass'") or die('cannot select members');

$row = mysql_fetch_array($result);
$pid = $row['pid'];
$mname = $row['mname'];


if ($pid != "")  {

setcookie("pid",$pid,time()+3600,"/",".site.com",0);


$timenow = time();

$sql = ("UPDATE members SET atime='$timenow' WHERE pid='$pid'")
or die ("cannot select updae active time");

$result = mysql_query($sql);

$sql = ("UPDATE members SET logged_on='1' WHERE pid='$pid'")
or die ("cannot select updae active time");

$result = mysql_query($sql);

include("news.php");
exit;

}
else
{
include("index.php");
}
}


?>
news.php

Code: Select all

<?php
$pid = $_COOKIE['pid'];

if ($pid == "")
{
echo "$pid this is pid <BR>";
include('logout.php');
exit;
}

include ('dbconnect.php');


$result = mysql_query("SELECT pid from members") or die ('error on selecting horses');
$numplayers = mysql_num_rows($result);

$result = mysql_query("SELECT mname, pid from members where logged_on='1'") or die ('error on selecting horses');
$numon = mysql_num_rows($result);
echo "There are $numon out of $numplayers members logged on!<BR>";
if ($numon = 0)
{
echo "No Members On!";
}
else
{
while ($row = mysql_fetch_array($result))
{
$onmname = $row['mname'];
$onpid = $row['pid'];
echo "<a href='pid.php?pid=$onpid'>$onmname</a>  -   ";
}
}
$result = mysql_query("SELECT mname from members where pid='$pid'") or die ('error on selecting member');
$row = mysql_fetch_array($result);
$mname = $row['mname'];
echo "<BR><BR>You are logged in as $mname, #$pid.";
echo "<BR>You have (#) new messages!";


?>
logout.php

Code: Select all

<?php


$mid = $_COOKIE['mid'];
include('dbconnect.php');
		
//get the current time

$timenow = time();

//while loop that selects members who have active time

$result = mysql_query("SELECT pid, atime FROM members WHERE logged_on='1'")
or die ("cannot select last logged in time");

while ($row = mysql_fetch_array($result))
{
$pid = $row["pid"];
$atime = $row["atime"];

$timediff = $timenow - $atime;

 if ( $timediff >= 30) //kicks off members who have been on for an hour
{

$sql = mysql_query("UPDATE members SET logged_on='0' where pid='$pid'") or die ('cannot log off membrers');

$sql = mysql_query("UPDATE members SET atime='0' where pid='$pid'") or die ('cannot reset members last active time on the site');

} //end if
} //end while
?>
<font color="white"><center>
<form name="login" method="post" action="log.php" target="_parent">
Login Name:<input type="text" name="login"><br>
password:<input type="password" name="pass"><br>
<input type="submit" value="submit">
</form>


Logged out! <? echo"$pid = pid."; ?>
?>
Those are roughly all my codes. So what happens is:

You start at login.php and you login, which brings you to log.php
Log.php brings you to logout.php, though it doesn't log you out, it just brings you to that page. It doesnt set anything to 0 or anything, and it doesn't delete the cookie. The url is then log.php, so its being included. I've looked at this for a really long time, I even tried using sessions, but I still can't figure it out. Any ideas what could be causing this problem? The cookie sets properly, because, at the bottom of logout.php

Code: Select all

<?php


Logged out! <? echo"$pid = pid."; ?>

?>
, it has that snip of code, and it does not return anything empty. Now, if I logged in, and got to logout.php, i can just type the url 'news.php' and it doesn't log me out.

Thanks in advance for looking at this.

-Dani

Posted: Tue Jul 29, 2003 3:21 am
by Tubbietoeter
in logout, you acces the cookie with "mid" but in log you set it with "pid" ... i guess this needs to be corrected.

you should set the cookie with time=0, this means it will expire automatically at the end of the session

instead of the cookie i would use session varaibles though

then, you dont want to log off everybody who is logged in, just the current user:
$result = mysql_query("SELECT pid, atime FROM members WHERE logged_on='1' and pid='".$cookie_pid."'")

then, you always should concatenate strings, e.g.
echo "Pid: ".$pid."<br>";

also i saw that you open a lot of html tags and never close them:
<table border="0">
<tr><td><td><td>
<font color="#002346">Login:<td><input type="text" size="10" name="mlogin"><BR><tr>
<td><td><td><font color="#002346">Password:<td><input type="password" size="10" name="mpass"></table>
<input type="Submit" name="login" value="Login!"><BR></form>

you open the table and a bunch of <td>'s and never close them. this may cause serious problems in some browsers.


i hope some of the stuff i wrote will help you find your error

Posted: Tue Jul 29, 2003 7:02 pm
by daniworldwide
I set the cookie to expire in an hour, because logged_on displays how many users are online. Logout will boot all members who have been on longer than an hour off, because you need to run that script to boot them off, so if that script isn't run, they still display online. Its accurate to an hour. I fixed all that there is to fix, but still, it won't log you on, unless you just logged on and visited the logout page, and then view news.php seperately. It also won't delete the cookie after the hour. Any more ideas?

Thanks again...

-Dani

About 30 minutes later...

I got it fixed! The cookies don't work until the next page, so I couldn't have a (if $pid == "") on that page. Thanks for all your help!

-Dani

Posted: Fri Aug 01, 2003 6:34 pm
by Jade
Hehe, andi you're so funny. Jade to the resuce!!!


whadda know....her login script is fixed. Don't even bother thanking me.


Jade
whiteoakstables.net