Login script isn't working

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
martijn1
Forum Newbie
Posts: 1
Joined: Mon Jul 25, 2011 7:10 am

Login script isn't working

Post by martijn1 »

Hello

So I made this login script, but it doesnt work, because when logged in succesfully, the user should get the word "in" echoed.

This is the html :

Code: Select all

<?php

	require('global.inc.php');
	include('login_proccess.php');

?>
<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
	<head>	
			<title>Premium | Index</title>
				<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />			
				<meta name="description" content="" />
				<meta name="keywords" content="" />
				<meta name="author" content="Martijn van Meijel" />
				<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1" />
		
					
				<link rel="stylesheet" href="css/style.css" type="text/css" />	
				
			

	</head>
	
	
	<body>
			
		<h1>Login</h1>
		
		<div id="error_div">
			<?php
				echo $errors;
			?>
		</div>
		
		<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
			<p>
				<input type="text" name="username" value="Your username" onfocus="if(this.value == this.defaultValue) this.value = ''"/>
			</p>
			<p>
				<input type="text" name="password" value="Your password" onfocus="if(this.value == this.defaultValue) this.value = ''"/>
			</p>
			<p>
				<input type="submit" name="submit" value="Login" />
			</p>
		</form>	
		
	
	</body>
	
</html>
this is the php

Code: Select all

<?php

$errors = array();

	if(isset($post['submit'])){
		$username = mysql_real_escape_string(strtolower($_POST['username']));
		$password = md5(strtolower($_POST['password']));
			
			if(empty($username) && empty($password)){
				$errors[] = "Please fill in all fields";
			}else{
					$query = "SELECT `username` FROM `users` WHERE `username`= {$username} LIMIT 1";
					$query_perform_users = mysql_query($query);
					
					$row = mysql_fetch_assoc($query_perform_users);
					
					if(mysql_num_rows($query_perform_users) >= 1){
						if($row['premium'] != 1){
							$update_premium_q = "UPDATE `users` SET `premium`= 1";
							$q_update = mysql_query($update);
							
								if($row['username'] == $username && $row['password'] == $password){
									echo "in"; //place when user is logged in, should be redericted									
								}else{
									$errors[] = "User hasn't been found, try again";
								}
						}
					}else{
						$errors[] = "User doesn't exists";
					}
				}			
			}

?>
the sql

Code: Select all

-- phpMyAdmin SQL Dump
-- version 3.3.9
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Jul 25, 2011 at 12:54 
-- Server version: 5.5.8
-- PHP Version: 5.3.5

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--
-- Database: `eran_premium`
--

-- --------------------------------------------------------

--
-- Table structure for table `log`
--

CREATE TABLE IF NOT EXISTS `log` (
  `log_id` int(11) NOT NULL AUTO_INCREMENT,
  `txn_id` varchar(30) NOT NULL,
  `email` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
  PRIMARY KEY (`log_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

--
-- Dumping data for table `log`
--


-- --------------------------------------------------------

--
-- Table structure for table `users`
--

CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(25) NOT NULL,
  `password` varchar(32) NOT NULL,
  `premium` int(11) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;

--
-- Dumping data for table `users`
--

INSERT INTO `users` (`id`, `username`, `password`, `premium`) VALUES
(1, 'martijn1', '87df3cd22d6f9f8005bb222ed4c11d66', 0);
And this is where the user should be redericted to (membership.php)

Code: Select all

<?php

session_start();

?>

<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
	<head>	
			<title>Premium | Index</title>
				<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />			
				<meta name="description" content="" />
				<meta name="keywords" content="" />
				<meta name="author" content="Martijn van Meijel" />
				<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1" />
		
					
				<link rel="stylesheet" href="css/style.css" type="text/css" />	
				
			

	</head>
	
	
	<body>
	
		<h1>Welcome User to to the Memberarea</h1>
			
		<h4>Your membership is active</h4>
		<h4>Your can logout <a href="logout.php">Here</a></h4>
	
	</body>
	
</html>
So what is going wrong ?
Why isnt it working

thanks in advance

martijn1
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Login script isn't working

Post by social_experiment »

Code: Select all

<?php
// should be 
$query = "SELECT `username`, `premium` FROM `users` WHERE `username`= {$username} LIMIT 1";
                                        $query_perform_users = mysql_query($query);
                                        
                                        $row = mysql_fetch_assoc($query_perform_users);
                                        
                                        if(mysql_num_rows($query_perform_users) >= 1){
                                                if($row['premium'] != 1){
                                                        $update_premium_q = "UPDATE `users` SET `premium`= 1";
                                                        $q_update = mysql_query($update);
                                                        
                                                                if($row['username'] == $username && $row['password'] == $password){
                                                                        echo "in"; //place when user is logged in, should be redericted                                                                 
                                                                }else{
                                                                        $errors[] = "User hasn't been found, try again";
                                                                }
                                                }
                                        }else{
                                                $errors[] = "User doesn't exists";
                                        }
?>
You select only the username from the database in your query but you want to use the premium field. There are other issues with the script but try and get it 'logging in' first then take a look at those.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply