Page 1 of 1

Login script isn't working

Posted: Mon Jul 25, 2011 7:15 am
by martijn1
Hello

So I made this login script, but it doesnt work, because when logged in succesfully, the user should get the word "in" echoed.

This is the html :

Code: Select all

<?php

	require('global.inc.php');
	include('login_proccess.php');

?>
<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
	<head>	
			<title>Premium | Index</title>
				<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />			
				<meta name="description" content="" />
				<meta name="keywords" content="" />
				<meta name="author" content="Martijn van Meijel" />
				<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1" />
		
					
				<link rel="stylesheet" href="css/style.css" type="text/css" />	
				
			

	</head>
	
	
	<body>
			
		<h1>Login</h1>
		
		<div id="error_div">
			<?php
				echo $errors;
			?>
		</div>
		
		<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
			<p>
				<input type="text" name="username" value="Your username" onfocus="if(this.value == this.defaultValue) this.value = ''"/>
			</p>
			<p>
				<input type="text" name="password" value="Your password" onfocus="if(this.value == this.defaultValue) this.value = ''"/>
			</p>
			<p>
				<input type="submit" name="submit" value="Login" />
			</p>
		</form>	
		
	
	</body>
	
</html>
this is the php

Code: Select all

<?php

$errors = array();

	if(isset($post['submit'])){
		$username = mysql_real_escape_string(strtolower($_POST['username']));
		$password = md5(strtolower($_POST['password']));
			
			if(empty($username) && empty($password)){
				$errors[] = "Please fill in all fields";
			}else{
					$query = "SELECT `username` FROM `users` WHERE `username`= {$username} LIMIT 1";
					$query_perform_users = mysql_query($query);
					
					$row = mysql_fetch_assoc($query_perform_users);
					
					if(mysql_num_rows($query_perform_users) >= 1){
						if($row['premium'] != 1){
							$update_premium_q = "UPDATE `users` SET `premium`= 1";
							$q_update = mysql_query($update);
							
								if($row['username'] == $username && $row['password'] == $password){
									echo "in"; //place when user is logged in, should be redericted									
								}else{
									$errors[] = "User hasn't been found, try again";
								}
						}
					}else{
						$errors[] = "User doesn't exists";
					}
				}			
			}

?>
the sql

Code: Select all

-- phpMyAdmin SQL Dump
-- version 3.3.9
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Jul 25, 2011 at 12:54 
-- Server version: 5.5.8
-- PHP Version: 5.3.5

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--
-- Database: `eran_premium`
--

-- --------------------------------------------------------

--
-- Table structure for table `log`
--

CREATE TABLE IF NOT EXISTS `log` (
  `log_id` int(11) NOT NULL AUTO_INCREMENT,
  `txn_id` varchar(30) NOT NULL,
  `email` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL,
  PRIMARY KEY (`log_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

--
-- Dumping data for table `log`
--


-- --------------------------------------------------------

--
-- Table structure for table `users`
--

CREATE TABLE IF NOT EXISTS `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(25) NOT NULL,
  `password` varchar(32) NOT NULL,
  `premium` int(11) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;

--
-- Dumping data for table `users`
--

INSERT INTO `users` (`id`, `username`, `password`, `premium`) VALUES
(1, 'martijn1', '87df3cd22d6f9f8005bb222ed4c11d66', 0);
And this is where the user should be redericted to (membership.php)

Code: Select all

<?php

session_start();

?>

<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
	<head>	
			<title>Premium | Index</title>
				<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />			
				<meta name="description" content="" />
				<meta name="keywords" content="" />
				<meta name="author" content="Martijn van Meijel" />
				<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1" />
		
					
				<link rel="stylesheet" href="css/style.css" type="text/css" />	
				
			

	</head>
	
	
	<body>
	
		<h1>Welcome User to to the Memberarea</h1>
			
		<h4>Your membership is active</h4>
		<h4>Your can logout <a href="logout.php">Here</a></h4>
	
	</body>
	
</html>
So what is going wrong ?
Why isnt it working

thanks in advance

martijn1

Re: Login script isn't working

Posted: Mon Jul 25, 2011 10:16 am
by social_experiment

Code: Select all

<?php
// should be 
$query = "SELECT `username`, `premium` FROM `users` WHERE `username`= {$username} LIMIT 1";
                                        $query_perform_users = mysql_query($query);
                                        
                                        $row = mysql_fetch_assoc($query_perform_users);
                                        
                                        if(mysql_num_rows($query_perform_users) >= 1){
                                                if($row['premium'] != 1){
                                                        $update_premium_q = "UPDATE `users` SET `premium`= 1";
                                                        $q_update = mysql_query($update);
                                                        
                                                                if($row['username'] == $username && $row['password'] == $password){
                                                                        echo "in"; //place when user is logged in, should be redericted                                                                 
                                                                }else{
                                                                        $errors[] = "User hasn't been found, try again";
                                                                }
                                                }
                                        }else{
                                                $errors[] = "User doesn't exists";
                                        }
?>
You select only the username from the database in your query but you want to use the premium field. There are other issues with the script but try and get it 'logging in' first then take a look at those.