Page 1 of 1

Code doesnt work

Posted: Sat Feb 06, 2010 1:48 pm
by Worqy
Hello.
When i tested my login script I saw that the 'login system' doesnt work.
I'll explain more later, here is the codes:
login.php

Code: Select all

<html>
<form name="form1" method="post" action="checklogin.php">
<head>
    <meta http-equiv="Content-Language" content="fi">
    <title>Login</title>
</head>
<body bgcolor="#666666">
 
 
<p align="center"><font face="Aharoni" size="5">Login</font></p>
<p align="left">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp; 
Login</p>
 
<input name="myusername" type="text" id="myusername">&nbsp;
<p>
<input name="mypassword" type="password" id="mypassword"></p>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<input type="submit" name="Submit" value="Login">
</body>
</form>
</html>
 
login_success.php

Code: Select all

<?php
// Check if session is not registered , redirect back to main page.
// Put this code in first line of web page.
session_start();
if(!session_is_registered(myusername)){
header("Location:login.php");
}
?>
 
<html> 
 
<head>
<meta http-equiv="Content-Language" content="fi">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Login Success</title>
 
<body bgcolor="#666666" onload="FP_preloadImgs(/*url*/'button6.jpg',/*url*/'button7.jpg',/*url*/'button9.jpg',/*url*/'buttonA.jpg',/*url*/'buttonC.jpg',/*url*/'buttonD.jpg')">
 
<p align="center">&nbsp;</p>
<p align="center"><i><font size="5" face="Aharoni">You have been logged in 
successfully!</font></i></p>
<p align="center">&nbsp;</p>
<p align="left">&nbsp;</p>
<p align="left">&nbsp;</p>
<p align="left"><a href="index.php">
<img border="0" id="img2" src="button8.jpg" height="20" width="100" alt="Main Page" onmouseover="FP_swapImg(1,0,/*id*/'img2',/*url*/'button9.jpg')" onmouseout="FP_swapImg(0,0,/*id*/'img2',/*url*/'button8.jpg')" onmousedown="FP_swapImg(1,0,/*id*/'img2',/*url*/'buttonA.jpg')" onmouseup="FP_swapImg(0,0,/*id*/'img2',/*url*/'button9.jpg')" fp-style="fp-btn: Brick Row 9" fp-title="Main Page"></a></p>
<p align="left"><a href="cpanel.php">
<img border="0" id="img3" src="buttonB.jpg" height="20" width="100" alt="cPanel" onmouseover="FP_swapImg(1,0,/*id*/'img3',/*url*/'buttonC.jpg')" onmouseout="FP_swapImg(0,0,/*id*/'img3',/*url*/'buttonB.jpg')" onmousedown="FP_swapImg(1,0,/*id*/'img3',/*url*/'buttonD.jpg')" onmouseup="FP_swapImg(0,0,/*id*/'img3',/*url*/'buttonC.jpg')" fp-style="fp-btn: Brick Row 9" fp-title="cPanel"></a></p>
<p align="left"><a href="logout.php">
<img border="0" id="img1" src="button5.jpg" height="20" width="100" alt="Logout" onmouseover="FP_swapImg(1,0,/*id*/'img1',/*url*/'button6.jpg')" onmouseout="FP_swapImg(0,0,/*id*/'img1',/*url*/'button5.jpg')" onmousedown="FP_swapImg(1,0,/*id*/'img1',/*url*/'button7.jpg')" onmouseup="FP_swapImg(0,0,/*id*/'img1',/*url*/'button6.jpg')" fp-style="fp-btn: Brick Row 9" fp-title="Logout"></a></p>
 
</body>
 
</html>
 
And ofc the coming cPanel.php

Code: Select all

<?php
 
session_start();
 
if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
header ("Location: login.php");
}
 
?> 
 
<html>
<head>
    <title>Control Panel</title>
</head>
<body>
 
Control Panel
 
</body>
</html> 
I want this to happend:
I login -> I get access to cPanel
I logout -> I dont have access to cPanel anymore

This happens:
I login -> I dont have access to cPanel ( it puts me back to login.php)
I logout -> I dont have access to cPanel

SO I think something is wrong with the session codes...

Re: Code doesnt work

Posted: Sat Feb 06, 2010 5:13 pm
by cone13cone
Cant determine the problem without seeing where you store your $_SESSION variables.

Code: Select all

 
session_is_registered();
 
This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.
I'm not sure where where you are getting the argument passed to it anyway ?? is it the input field on the login script?

Code: Select all

 
if (!(isset($_SESSION['login']) && $_SESSION['login'] != ''))
 
The logic here is flawed, its reads if session login is not set AND session login does not equal an empty string.

Other than that Im not really sure whats going on, seeing how you store/validate your usernames/passwords would be most helpful.

Re: Code doesnt work

Posted: Sun Feb 07, 2010 7:09 am
by Worqy
"Other than that Im not really sure whats going on, seeing how you store/validate your usernames/passwords would be most helpful."
I'm very new to this, so I can have many big misstakes in the code.

If I understood you correctly; I stroe my username and password in MySQL.
And here is the checklogin.php:

Code: Select all

<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="160995kk"; // Mysql password
$db_name="Game"; // Database name
$tbl_name="members"; // Table name
 
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
 
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
 
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
 
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
 
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
 
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>