Need help with a login page problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
genetix
Forum Contributor
Posts: 115
Joined: Fri Aug 01, 2003 7:40 pm
Location: Sask, Regina
Contact:

Need help with a login page problem

Post by genetix »

I have been working on this error a lot!!!! Its not really an error. The login page just wont log people in!

Code: Select all

$username = $_POSTї'loginusername'];
$password = $_POSTї'loginpassword'];
$password = md5($password);

$logincheck=mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

$logincheck2 = mysql_num_rows($logincheck);

while($row = mysql_fetch_array($logincheck))
{
 $username = $rowї'username'];
 $age = $rowї'age'];
 $email = $rowї'email'];
 $fname = $rowї'fname'];
 $registrydate = $rowї'registrydate'];
 $gender = $rowї'gender'];
 $country = $rowї'country'];
 $civilization = $rowї'civilization'];
}

$_SESSIONї'username'] = $username;
$_SESSIONї'email'] = $email;
$_SESSIONї'fname'] = $fname;
$_SESSIONї'registrydate'] = $registrydate;
$_SESSIONї'gender'] = $gender;
$_SESSIONї'country'] = $country;
$_SESSIONї'age'] = $age;
$_SESSIONї'civilization'] = $civilization;

if($logincheck2 == 1)
{
 echo "You are now logged in as: $_sessionїusername]";
}
else
{
 echo "You couldn't be logged in.  Please try again!";
die;
}

 if($_sessionї'civilization'] == admin)
 {
   echo 'To go to the admin hompage <a href="sbadmin.php">Click Here</a>!';
 &#125;

 elseif($_session&#1111;'civilization'] == human)
 &#123;
   echo 'To go to the human hompage <a href="humans/">Click Here</a>!';
 &#125;

 elseif($_session&#1111;'civilization'] == alien)
 &#123;
echo 'To go to the aliens hompage <a href="aliens/">Click Here</a>!';
 &#125;




?>
Admin Note: I am going to start fixing these posts now that contain lots of uneeded CAPITAL letters and extra '!!!''s Let's be civilized here.
Last edited by genetix on Mon Aug 18, 2003 4:37 pm, edited 1 time in total.
User avatar
genetix
Forum Contributor
Posts: 115
Joined: Fri Aug 01, 2003 7:40 pm
Location: Sask, Regina
Contact:

Bet you cant!

Post by genetix »

NO ONE I KNOW CAN FIX THIS!!! I have had MANY php EXPERTS look at this and NO ONE can find the error! If you want to see where the script is setup go to: http://www.generation-x.ca and type in username: test password: test
User avatar
nigma
DevNet Resident
Posts: 1094
Joined: Sat Jan 25, 2003 1:49 am

Post by nigma »

A Constructive Comment:
Your posts seem kind of kinky with all the capitalized words and such.
User avatar
genetix
Forum Contributor
Posts: 115
Joined: Fri Aug 01, 2003 7:40 pm
Location: Sask, Regina
Contact:

Post by genetix »

Sorry its just a habit i have.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

After you've skipped the capitals in your text (I don't like being shouted at):

$_session[username]

ironically needs capitalisation, e.g. $_SESSION["username"]. Also note the quotes in the associative array.

I would replace the while(...) as I users will only have one login and password, with an if(...).
Also, loose $logincheck2. It's redundant.
User avatar
genetix
Forum Contributor
Posts: 115
Joined: Fri Aug 01, 2003 7:40 pm
Location: Sask, Regina
Contact:

Post by genetix »

Look back up on the first post. I think I fixed most of it. LoginCheck2 is nessesary though.
User avatar
genetix
Forum Contributor
Posts: 115
Joined: Fri Aug 01, 2003 7:40 pm
Location: Sask, Regina
Contact:

Post by genetix »

I think I'm echoing the username wrong now or something. Its saying this:

Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in /home/httpd/vhosts/generation-x.ca/httpdocs/login.php on line 53
jason
Site Admin
Posts: 1767
Joined: Thu Apr 18, 2002 3:14 pm
Location: Montreal, CA
Contact:

Post by jason »

Yes, you are doing something wrong.

First, change all your $_session vars to $_SESSION, and then change this:

echo "You are now logged in as: $_session['username']";

to this:

echo "You are now logged in as: {$_session['username']}";
User avatar
genetix
Forum Contributor
Posts: 115
Joined: Fri Aug 01, 2003 7:40 pm
Location: Sask, Regina
Contact:

Post by genetix »

Okay thanks.
User avatar
genetix
Forum Contributor
Posts: 115
Joined: Fri Aug 01, 2003 7:40 pm
Location: Sask, Regina
Contact:

Post by genetix »

It still wont work.
User avatar
genetix
Forum Contributor
Posts: 115
Joined: Fri Aug 01, 2003 7:40 pm
Location: Sask, Regina
Contact:

Post by genetix »

Anyone else have an idea?
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

have you replaced all $_session with $_SESSION?
PHP is case-sensitive.
User avatar
phice
Moderator
Posts: 1416
Joined: Sat Apr 20, 2002 3:14 pm
Location: Dallas, TX
Contact:

Post by phice »

Code: Select all

<?

$username = $_POST["loginusername"]; 
$password = $_POST["loginpassword"]; 
$password = md5($password); 

$logincheck=mysql_query("SELECT * FROM users WHERE `username` = '{$username}' AND `password` = '{$password}'"); 

$logincheck2 = mysql_num_rows($logincheck); 

while($row = mysql_fetch_array($logincheck)) 
{ 
$_SESSION["username"] = $row["username"]; 
$_SESSION["age"] = $row["age"]; 
$_SESSION["email"] = $row["email"]; 
$_SESSION["fname"] = $row["fname"]; 
$_SESSION["registrydate"] = $row["registrydate"]; 
$_SESSION["gender"] = $row["gender"]; 
$_SESSION["country"] = $row["country"]; 
$_SESSION["civilization"] = $row["civilization"]; 
} 


if($logincheck2 == 1) { 
echo "You are now logged in as: {$_SESSION["username"]}"; 
} else { 
echo "You couldn't be logged in.  Please try again!"; 
die(); 
} 

if($_SESSION["civilization"] == "admin") { 
   echo "To go to the admin hompage <a href="sbadmin.php">Click Here</a>!"; 
} elseif($_SESSION["civilization"] == "human") { 
   echo "To go to the human hompage <a href="humans/">Click Here</a>!"; 
} elseif($_SESSION["civilization"] == "alien") { 
echo "To go to the aliens hompage <a href="aliens/">Click Here</a>!"; 
} 
?>
Fixed code. BTW, after reviewing/fixing your code, I doubt any of the people you've talked to were "EXPERTS", by the type of errors inside the coding. ;)
Image Image
User avatar
greenhorn666
Forum Commoner
Posts: 87
Joined: Thu Aug 14, 2003 7:14 am
Location: Brussels, Belgium

Post by greenhorn666 »

The most beautyfull error that IS STILL in the code is the

Code: Select all

$password = md5($password);
What the heck do you think you are doing?
crypting the password? because you are NOT!!!

Calculating the hash, isn't crypting, it only calculates a value which you can then use in order to be sure the content (your password in this case) hasn't been altered, that's all!
One important point about scripting your user's passwords is that no two users having the same password end up with the same crypted password, which won't be the case with MD5... Brute-forcing MD5 hashes is too simple!

If you want to crypt (using the MD5 encryption with a twelve character salt or another one) see the crypt() function for details
User avatar
genetix
Forum Contributor
Posts: 115
Joined: Fri Aug 01, 2003 7:40 pm
Location: Sask, Regina
Contact:

Post by genetix »

md5() i thought encrypted the variable.
Post Reply