Page 1 of 2
Re: php login script issue
Posted: Thu Jun 25, 2015 10:22 am
by Celauran
http://php.net/manual/en/function.session-start.php
PHP Manual wrote: Note:
To use cookie-based sessions, session_start() must be called before outputing anything to the browser.
Re: php login script issue
Posted: Thu Jun 25, 2015 10:24 am
by Celauran
You're currently only checking that one row was returned. For debugging, check what is being returned, if anything. Try querying on just the username. You shouldn't be storing passwords anyway, you should store hashes.
Re: php login script issue
Posted: Thu Jun 25, 2015 12:32 pm
by Celauran
ianhaney wrote:I am hashing the passwords in the database
Code: Select all
$pass_word = trim($_POST['pass_word']);
$query = "SELECT user_name, pass_word FROM visitors WHERE user_name='$user_name' AND pass_word='$pass_word' AND com_code IS NULL";
This would suggest you're comparing the raw password against the hash, then. That's not going to work.
Re: php login script issue
Posted: Thu Jun 25, 2015 12:50 pm
by Celauran
Have you tried? Is that working?
Re: php login script issue
Posted: Thu Jun 25, 2015 1:10 pm
by Celauran
$pass_word shouldn't be in quotes. You're passing in a string literal rather than the value of the variable.
Re: php login script issue
Posted: Thu Jun 25, 2015 1:53 pm
by Celauran
Re: php login script issue
Posted: Thu Jun 25, 2015 2:06 pm
by Celauran
Try this
Code: Select all
$query = "SELECT visitor_id, user_name, pass_word FROM visitors WHERE user_name='".$user_name."' AND pass_word='".md5($pass_word)."' AND com_code IS NULL";
$result = mysqli_query($db, $query)or die(mysqli_error($db));
Re: php login script issue
Posted: Thu Jun 25, 2015 2:23 pm
by Celauran
Not getting errors is good, but are you getting any results? I don't see a form there. header() calls need to go before any other output has been sent to the browser. Is that happening?
Re: php login script issue
Posted: Thu Jun 25, 2015 2:51 pm
by Celauran
What's going on here? Isn't the header call to redirect the user after validating their login? Wouldn't in then have to be after the query is run? You need your logic first, then your output.
Re: php login script issue
Posted: Thu Jun 25, 2015 3:03 pm
by Celauran
Can you please post the code in its entirety?
Also,
Code: Select all
$pass_word = md5(mysqli_real_escape_string($db, $_POST['pass_word']));
$query = "SELECT visitor_id, user_name, pass_word FROM visitors WHERE user_name='".$user_name."' AND pass_word='".md5($pass_word)."' AND com_code IS NULL";
You're hashing the password twice.
Re: php login script issue
Posted: Thu Jun 25, 2015 3:22 pm
by Celauran
You're still putting your session and header calls
after you have sent output to the browser. All the logic first, all the markup last. Really, they should be in separate places, but one thing at a time. Try like this
Code: Select all
<?php
ini_set('display_startup_errors',1);
ini_set('display_errors',1);
error_reporting(-1);
session_start(); // Starting Session
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$db = mysqli_connect("" , "", "") or die("Check connection parameters!");
// Optionally skip select_db and use: mysqli_connect(host,user,pass,dbname)
mysqli_select_db($db,"") or die(mysqli_error($db));
if (mysqli_connect_error()) {
die ('Failed to connect to MySQL');
} else {
/*SUCCESS MSG*/
echo '';
}
if(isset($_POST['submit']))
{
$user_name = mysqli_real_escape_string($db, $_POST['user_name']);
$pass_word = mysqli_real_escape_string($db, $_POST['pass_word']);
$query = "SELECT visitor_id, user_name, pass_word FROM visitors WHERE user_name='".$user_name."' AND pass_word='".md5($pass_word)."' AND com_code IS NULL";
$result = mysqli_query($db, $query)or die(mysqli_error($db));
while($row = mysqli_fetch_array($result, MYSQLI_ASSOC)){
if(isset($row['user_name'])) {
$_SESSION['user_name']=$row['user_name'];
header("Location: http://www.broadwaymediadesigns.co.uk/s ... rofile.php");
exit;
}
else
{
echo 'Wrong Username or Password';
}
}
}
?>
<?php
$title = "Login - The Tax Elephants";
$pgDesc="";
$pgKeywords="";
include ( 'includes/header.php' );
?>
<!--CONTENT-->
<div id="column-left">
<form action="login.php" method="post" >
<label for="user_name">Username:</label>
<input name="user_name" type="text" id="user_name" size="60"/>
<br><br>
<label for="pass_word">Password:</label>
<input name="pass_word" type="password" id="pass_word" size="30"/>
<br><br>
<input name="submit" type="submit" value="Submit"/>
</form>
</div>
<div class="clear"></div>
<?php include( 'includes/footer.php' ); ?>
Re: php login script issue
Posted: Thu Jun 25, 2015 3:38 pm
by Celauran
The form is being reset because you aren't setting values from $_POST. That's fine. How many rows are being returned?
Re: php login script issue
Posted: Thu Jun 25, 2015 3:45 pm
by Celauran
ianhaney wrote:Ahh ok
I can't see any rows being returned?
Have you checked with
http://php.net/manual/en/mysqli-stmt.num-rows.php ?
Re: php login script issue
Posted: Thu Jun 25, 2015 3:52 pm
by Celauran
You want to put those back in your form.
Code: Select all
<div id="column-left">
<form action="login.php" method="post" >
<label for="user_name">Username:</label>
<input name="user_name" type="text" id="user_name" size="60" value="<?= isset($_POST['user_name']) ? $_POST['user_name'] : ''; ?>"/>
<br><br>
<label for="pass_word">Password:</label>
<input name="pass_word" type="password" id="pass_word" size="30"/>
<br><br>
<input name="submit" type="submit" value="Submit"/>
</form>
</div>
Re: php login script issue
Posted: Fri Jun 26, 2015 6:24 am
by Celauran
Is your query returning results?