PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
jimmyjambo
Forum Newbie
Posts: 7 Joined: Thu Oct 29, 2009 5:51 pm
Post
by jimmyjambo » Wed Feb 23, 2011 4:45 pm
I am having problems with my login script. The first time i try and log in the session variable is not getting stored. When i try a second time it works without a problem. Please help its driving me mad!
Check Login Page
Code: Select all
<?php
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("");
mysql_select_db("$db_name")or die("");
// username and password sent from form
$_POST['mypassword']=md5($_POST['mypassword']);
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername=stripslashes($myusername);
$mypassword=stripslashes($mypassword);
$myusername=mysql_real_escape_string($myusername);
$myusername=strtolower($myusername);
$mypassword=mysql_real_escape_string($mypassword);
$sql=mysql_query("SELECT * FROM family_users WHERE username='$myusername' AND password='$mypassword' AND active='1' LIMIT 0,1")or die();
while($ids = mysql_fetch_array( $sql )){
$id=$ids['id'];
$familyid=$ids['family_id'];
$login1=$ids['login'];
}
$login=$login1 +1;
$logindate=date('d/m/Y');
$count=mysql_num_rows($sql);
if($count==1){
$sql2 = "UPDATE family_users SET login='$login', login_date='$logindate' WHERE id='$id'";
if (@mysql_query($sql2)){
} else {
exit();
}
session_start();
$_SESSION['valid_user'] = $id;
echo "<html><head><title>Login</title><meta http-equiv='REFRESH' content='0;url=main.php?id=$id&familyid=$familyid'></HEAD><BODY></BODY></HTML>";
}
else {
$link = "login.php";
$error = "Wrong Username or Password, Please try again";
require('../error.php');
}
ob_flush();
?>[/php]
[b]Main Page, after login[/b]
[php]<?php
session_start();
$sesid=$_SESSION['valid_user'];
// Connects to your Database
mysql_connect("db104.oneandone.co.uk", "dbo197162027", "woodlands") or die(mysql_error());
mysql_select_db("db197162027") or die(mysql_error());
if (isset($_SESSION['valid_user']))
{
$check = mysql_query("SELECT * FROM family_users WHERE id = '$sesid' LIMIT 0,1")or die(mysql_error());
while($info = mysql_fetch_array( $check )) {
$family=($info['family_id']);
}
if ($sesid == $id & $family == $familyid) {
?>
<?php
$check = mysql_query("SELECT * FROM family_users WHERE id = '$id'")or die(mysql_error());
while($info = mysql_fetch_array( $check )) {
$fname=($info['fname']);
$lname=($info['lname']);
$aid=($info['id']);
$sex=($info['sex']);
}
?>
[b]Extra Code[/b]
<?php
}
else {
$link = "logout.php";
$error = "<font size='2' face='Arial'><b>You can't view this page</b><br>Please make sure you are logged in!</font>";
require('../error.php');
}
}
else
{
require('../failed.php');
}
?>
Crisy
Forum Newbie
Posts: 1 Joined: Thu Feb 24, 2011 11:00 am
Post
by Crisy » Thu Feb 24, 2011 11:07 am
Move session_start();
to the top of the page, that should always be on the first line of every page you use it on
jimmyjambo
Forum Newbie
Posts: 7 Joined: Thu Oct 29, 2009 5:51 pm
Post
by jimmyjambo » Thu Feb 24, 2011 12:53 pm
Tried that, it didnt work.
social_experiment
DevNet Master
Posts: 2793 Joined: Sun Feb 15, 2009 11:08 am
Location: .za
Post
by social_experiment » Tue Mar 01, 2011 10:57 am
Is all this code on 1 page?
Code: Select all
$sql=mysql_query("SELECT * FROM family_users WHERE username='$myusername' AND password='$mypassword' AND active='1' LIMIT 0,1")or die();
By limiting the amount of rows return to 1 you could lock out another user (and thus give 'accidental' access to another) with similar login details which shouldn't happen if your registration process is set up correctly. You should change your
die() statements to something like this
In this way you know where (and what type) errors occur. If you were to develop and error somewhere you'd be looking for hours trying to pin it down.
Code: Select all
($sesid == $id & $family == $familyid)
This needs another ampersand (AND = &&)
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
jimmyjambo
Forum Newbie
Posts: 7 Joined: Thu Oct 29, 2009 5:51 pm
Post
by jimmyjambo » Tue Mar 01, 2011 3:30 pm
thank you for your help. The code is on two seperate pages. Login Page -> check login page -> main page. I have only included the checklogin page and main page above.
I think i may have found my problem, but maybe you could help.
I use a meta refresh to redirect from the check login page to the main page, does meta refresh destroy sessions?
I cant get the PHP Location header to work. I think my hosting provider doesnt allow output buffers. So meta refresh is my only option.
Thanks
social_experiment
DevNet Master
Posts: 2793 Joined: Sun Feb 15, 2009 11:08 am
Location: .za
Post
by social_experiment » Tue Mar 01, 2011 4:31 pm
jimmyjambo wrote: I use a meta refresh to redirect from the check login page to the main page, does meta refresh destroy sessions?
I don't think so (not 100% certain) .
jimmyjambo wrote: I cant get the PHP Location header to work. I think my hosting provider doesnt allow output buffers. So meta refresh is my only option.
You just need to create slightly better code then you can get it working without output buffering
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
jimmyjambo
Forum Newbie
Posts: 7 Joined: Thu Oct 29, 2009 5:51 pm
Post
by jimmyjambo » Thu Mar 03, 2011 1:20 pm
Could you help me make this code better, so that i can use location rather than meta refresh.
Thanks
Code: Select all
<?php
session_start();
// DATABASE CONNECT REMOVED
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$_POST['mypassword'] = md5($_POST['mypassword']);
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$myusername = strtolower($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql = mysql_query("SELECT * FROM family_users WHERE username='$myusername' AND password='$mypassword' AND active='1'")or die(mysql_error());
while($ids = mysql_fetch_array( $sql )) {
$id=$ids['id'];
$familyid=$ids['family_id'];
$login1=$ids['login'];
}
$login=$login1 +1;
$logindate=date('d/m/Y');
// Mysql_num_row is counting table row
$count=mysql_num_rows($sql);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "members.php"
$sql2 = "UPDATE family_users SET login='$login', login_date='$logindate' WHERE id='$id'";
if (@mysql_query($sql2)) {
} else {
exit('<p>Error: ' . mysql_error() . '</p>');
}
$_SESSION['valid_user'] = $id;
// PROBLEM WITH META REFRESH
echo "<html><head><title>Login</title><meta http-equiv='REFRESH' content='0;url=main.php?id=$id&familyid=$familyid'></HEAD><BODY></BODY></HTML>";
}
else {
$link = "login.php";
$error = "Wrong Username or Password, Please try again";
require('error.php');
}
?>