Page 1 of 2

Need help with a login page problem

Posted: Mon Aug 18, 2003 1:05 pm
by genetix
I have been working on this error a lot!!!! Its not really an error. The login page just wont log people in!

Code: Select all

$username = $_POSTї'loginusername'];
$password = $_POSTї'loginpassword'];
$password = md5($password);

$logincheck=mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");

$logincheck2 = mysql_num_rows($logincheck);

while($row = mysql_fetch_array($logincheck))
{
 $username = $rowї'username'];
 $age = $rowї'age'];
 $email = $rowї'email'];
 $fname = $rowї'fname'];
 $registrydate = $rowї'registrydate'];
 $gender = $rowї'gender'];
 $country = $rowї'country'];
 $civilization = $rowї'civilization'];
}

$_SESSIONї'username'] = $username;
$_SESSIONї'email'] = $email;
$_SESSIONї'fname'] = $fname;
$_SESSIONї'registrydate'] = $registrydate;
$_SESSIONї'gender'] = $gender;
$_SESSIONї'country'] = $country;
$_SESSIONї'age'] = $age;
$_SESSIONї'civilization'] = $civilization;

if($logincheck2 == 1)
{
 echo "You are now logged in as: $_sessionїusername]";
}
else
{
 echo "You couldn't be logged in.  Please try again!";
die;
}

 if($_sessionї'civilization'] == admin)
 {
   echo 'To go to the admin hompage <a href="sbadmin.php">Click Here</a>!';
 &#125;

 elseif($_session&#1111;'civilization'] == human)
 &#123;
   echo 'To go to the human hompage <a href="humans/">Click Here</a>!';
 &#125;

 elseif($_session&#1111;'civilization'] == alien)
 &#123;
echo 'To go to the aliens hompage <a href="aliens/">Click Here</a>!';
 &#125;




?>
Admin Note: I am going to start fixing these posts now that contain lots of uneeded CAPITAL letters and extra '!!!''s Let's be civilized here.

Bet you cant!

Posted: Mon Aug 18, 2003 1:27 pm
by genetix
NO ONE I KNOW CAN FIX THIS!!! I have had MANY php EXPERTS look at this and NO ONE can find the error! If you want to see where the script is setup go to: http://www.generation-x.ca and type in username: test password: test

Posted: Mon Aug 18, 2003 1:31 pm
by nigma
A Constructive Comment:
Your posts seem kind of kinky with all the capitalized words and such.

Posted: Mon Aug 18, 2003 1:33 pm
by genetix
Sorry its just a habit i have.

Posted: Mon Aug 18, 2003 1:40 pm
by patrikG
After you've skipped the capitals in your text (I don't like being shouted at):

$_session[username]

ironically needs capitalisation, e.g. $_SESSION["username"]. Also note the quotes in the associative array.

I would replace the while(...) as I users will only have one login and password, with an if(...).
Also, loose $logincheck2. It's redundant.

Posted: Mon Aug 18, 2003 4:35 pm
by genetix
Look back up on the first post. I think I fixed most of it. LoginCheck2 is nessesary though.

Posted: Mon Aug 18, 2003 4:40 pm
by genetix
I think I'm echoing the username wrong now or something. Its saying this:

Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in /home/httpd/vhosts/generation-x.ca/httpdocs/login.php on line 53

Posted: Mon Aug 18, 2003 4:47 pm
by jason
Yes, you are doing something wrong.

First, change all your $_session vars to $_SESSION, and then change this:

echo "You are now logged in as: $_session['username']";

to this:

echo "You are now logged in as: {$_session['username']}";

Posted: Mon Aug 18, 2003 4:50 pm
by genetix
Okay thanks.

Posted: Mon Aug 18, 2003 4:51 pm
by genetix
It still wont work.

Posted: Tue Aug 19, 2003 8:24 am
by genetix
Anyone else have an idea?

Posted: Tue Aug 19, 2003 8:31 am
by patrikG
have you replaced all $_session with $_SESSION?
PHP is case-sensitive.

Posted: Tue Aug 19, 2003 9:23 am
by phice

Code: Select all

<?

$username = $_POST["loginusername"]; 
$password = $_POST["loginpassword"]; 
$password = md5($password); 

$logincheck=mysql_query("SELECT * FROM users WHERE `username` = '{$username}' AND `password` = '{$password}'"); 

$logincheck2 = mysql_num_rows($logincheck); 

while($row = mysql_fetch_array($logincheck)) 
{ 
$_SESSION["username"] = $row["username"]; 
$_SESSION["age"] = $row["age"]; 
$_SESSION["email"] = $row["email"]; 
$_SESSION["fname"] = $row["fname"]; 
$_SESSION["registrydate"] = $row["registrydate"]; 
$_SESSION["gender"] = $row["gender"]; 
$_SESSION["country"] = $row["country"]; 
$_SESSION["civilization"] = $row["civilization"]; 
} 


if($logincheck2 == 1) { 
echo "You are now logged in as: {$_SESSION["username"]}"; 
} else { 
echo "You couldn't be logged in.  Please try again!"; 
die(); 
} 

if($_SESSION["civilization"] == "admin") { 
   echo "To go to the admin hompage <a href="sbadmin.php">Click Here</a>!"; 
} elseif($_SESSION["civilization"] == "human") { 
   echo "To go to the human hompage <a href="humans/">Click Here</a>!"; 
} elseif($_SESSION["civilization"] == "alien") { 
echo "To go to the aliens hompage <a href="aliens/">Click Here</a>!"; 
} 
?>
Fixed code. BTW, after reviewing/fixing your code, I doubt any of the people you've talked to were "EXPERTS", by the type of errors inside the coding. ;)

Posted: Tue Aug 19, 2003 10:20 am
by greenhorn666
The most beautyfull error that IS STILL in the code is the

Code: Select all

$password = md5($password);
What the heck do you think you are doing?
crypting the password? because you are NOT!!!

Calculating the hash, isn't crypting, it only calculates a value which you can then use in order to be sure the content (your password in this case) hasn't been altered, that's all!
One important point about scripting your user's passwords is that no two users having the same password end up with the same crypted password, which won't be the case with MD5... Brute-forcing MD5 hashes is too simple!

If you want to crypt (using the MD5 encryption with a twelve character salt or another one) see the crypt() function for details

Posted: Tue Aug 19, 2003 3:20 pm
by genetix
md5() i thought encrypted the variable.