php login script issue

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

http://php.net/manual/en/function.session-start.php
PHP Manual wrote: Note:

To use cookie-based sessions, session_start() must be called before outputing anything to the browser.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

You're currently only checking that one row was returned. For debugging, check what is being returned, if anything. Try querying on just the username. You shouldn't be storing passwords anyway, you should store hashes.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

ianhaney wrote:I am hashing the passwords in the database

Code: Select all

  $pass_word = trim($_POST['pass_word']);
  $query = "SELECT user_name, pass_word FROM visitors WHERE user_name='$user_name' AND pass_word='$pass_word' AND com_code IS NULL";
This would suggest you're comparing the raw password against the hash, then. That's not going to work.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

Have you tried? Is that working?
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

Code: Select all

md5('$pass_word')
$pass_word shouldn't be in quotes. You're passing in a string literal rather than the value of the variable.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

Try this

Code: Select all

$query = "SELECT visitor_id, user_name, pass_word FROM visitors WHERE user_name='".$user_name."' AND pass_word='".md5($pass_word)."' AND com_code IS NULL";
$result = mysqli_query($db, $query)or die(mysqli_error($db));
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

Not getting errors is good, but are you getting any results? I don't see a form there. header() calls need to go before any other output has been sent to the browser. Is that happening?
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

What's going on here? Isn't the header call to redirect the user after validating their login? Wouldn't in then have to be after the query is run? You need your logic first, then your output.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

Can you please post the code in its entirety?

Also,

Code: Select all

$pass_word = md5(mysqli_real_escape_string($db, $_POST['pass_word']));
   
  $query = "SELECT visitor_id, user_name, pass_word FROM visitors WHERE user_name='".$user_name."' AND pass_word='".md5($pass_word)."' AND com_code IS NULL";
You're hashing the password twice.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

You're still putting your session and header calls after you have sent output to the browser. All the logic first, all the markup last. Really, they should be in separate places, but one thing at a time. Try like this

Code: Select all

<?php
ini_set('display_startup_errors',1);
ini_set('display_errors',1);
error_reporting(-1);

session_start(); // Starting Session
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$db = mysqli_connect("" , "", "") or die("Check connection parameters!");
// Optionally skip select_db and use: mysqli_connect(host,user,pass,dbname)  
mysqli_select_db($db,"") or die(mysqli_error($db));

if (mysqli_connect_error()) {
    die ('Failed to connect to MySQL');
} else {
        /*SUCCESS MSG*/
        echo '';
}

if(isset($_POST['submit']))
 {
  $user_name = mysqli_real_escape_string($db, $_POST['user_name']);
  $pass_word = mysqli_real_escape_string($db, $_POST['pass_word']);
   
  $query = "SELECT visitor_id, user_name, pass_word FROM visitors WHERE user_name='".$user_name."' AND pass_word='".md5($pass_word)."' AND com_code IS NULL";
 
  $result = mysqli_query($db, $query)or die(mysqli_error($db));
 
 
  while($row = mysqli_fetch_array($result, MYSQLI_ASSOC)){

     if(isset($row['user_name'])) {
        $_SESSION['user_name']=$row['user_name'];
  header("Location: http://www.broadwaymediadesigns.co.uk/s ... rofile.php");
   
   exit;
  }
  else
         {
   echo 'Wrong Username or Password';
                 }
 
  }
 
 }
?>

<?php
$title = "Login - The Tax Elephants";

$pgDesc="";

$pgKeywords="";

include ( 'includes/header.php' );
?>
<!--CONTENT-->


<div id="column-left">
<form action="login.php" method="post" >
  <label for="user_name">Username:</label>
  <input name="user_name" type="text" id="user_name" size="60"/>
<br><br>
  <label for="pass_word">Password:</label>
  <input name="pass_word" type="password" id="pass_word" size="30"/>
<br><br>
  <input name="submit" type="submit" value="Submit"/>
</form>
</div>

<div class="clear"></div>

<?php include( 'includes/footer.php' ); ?>
 
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

The form is being reset because you aren't setting values from $_POST. That's fine. How many rows are being returned?
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

ianhaney wrote:Ahh ok

I can't see any rows being returned?
Have you checked with http://php.net/manual/en/mysqli-stmt.num-rows.php ?
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

You want to put those back in your form.

Code: Select all

<div id="column-left">
    <form action="login.php" method="post" >
        <label for="user_name">Username:</label>
        <input name="user_name" type="text" id="user_name" size="60" value="<?= isset($_POST['user_name']) ? $_POST['user_name'] : ''; ?>"/>
        <br><br>

        <label for="pass_word">Password:</label>
        <input name="pass_word" type="password" id="pass_word" size="30"/>
        <br><br>

        <input name="submit" type="submit" value="Submit"/>
    </form>
</div>
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: php login script issue

Post by Celauran »

Is your query returning results?
Post Reply