Page 1 of 2

problem with code, not sure fix

Posted: Thu Nov 27, 2003 3:05 am
by malcolmboston
Hello (again :oops: ) guys

basically having a problem with a login behavior (a different way of doing it anyway) the one i had before worked fine but now i need to add some information from login so that it can be retrieved later. Someone gave me the code yesterday(sorry m8, cant remember your name :o ) and after editing it and debugging to get the errors out of it, i came up with this, when i run it i get no errors from PHP only that no matter what happens it refuses to accept my login, by the way the MySQL connection is there as i have already checked using the first bit of PHP coding

Heres the database confirmation code.

Code: Select all

// The Database Connection Is Defined Here
$link = mysql_connect("localhost","malcolmboston","********")
or die("Connection Error" . mysql_error());
print "Connection To MySQL Server Established";
mysql_select_db("TDN") or die("Unable To Make Connection To Relevant Database");
// Database Connection Code Completed */
now heres the problematic code

Code: Select all

<?php 
// user has filled out the login form... 
if(isset($_POST['login'])) 
{ 
$username = addslashes(trim($_POST['username'])); 
$password = md5($_POST['password']); 
$query = mysql_query("select session_id from login where username = '$username' AND password = '$password' limit 1"); 
$check = mysql_num_rows($query); 
if($check == 1) 
{ 
// user is in the database and was found.. 
session_start(); 
$row = mysql_fetch_array($query); 
$_SESSION['user_id'] = $row['session_id']; 
$_SESSION['username'] = $username; 
// send the authenticicated user to specical members area 
header("location: logged_in\index.php"); 
exit; 
} 
else 
{ 
// User was not found in the database
echo "<br>incorrect username and password!"; 
}
} 
?>
and now the HTML for the form

Code: Select all

&amp;lt;form name="login" autocomplete="off" id="login" method="POST"&amp;gt;
&amp;lt;table width="100%" border="0"&amp;gt;
&amp;lt;tr&amp;gt; 
&amp;lt;td&amp;gt;Username&amp;lt;/td&amp;gt;
&amp;lt;td&amp;gt;&amp;lt;input name="username" type="text" id="username" maxlength="20" /&amp;gt;&amp;lt;/td&amp;gt;
&amp;lt;/tr&amp;gt;
&amp;lt;tr&amp;gt; 
&amp;lt;td&amp;gt;Password&amp;lt;/td&amp;gt;
&amp;lt;td&amp;gt;&amp;lt;input name="password" type="password" id="password" maxlength="15" /&amp;gt;&amp;lt;/td&amp;gt;
&amp;lt;/tr&amp;gt;
&amp;lt;tr&amp;gt; 
&amp;lt;td&amp;gt;&amp;amp;nbsp;&amp;lt;/td&amp;gt;
&amp;lt;td&amp;gt;&amp;lt;input name="login" type="submit" id="login" value="login" /&amp;gt; 
&amp;lt;/td&amp;gt;
&amp;lt;/tr&amp;gt;
&amp;lt;/table&amp;gt;
&amp;lt;/form&amp;gt;
Ok now basically what is happening is it is checking username and password from the database i defined in the 1st bit of PHP coding, the second part is used for handling the actual login, now no matter what happens my login always failed even though i am using correct usernames and passwords

My thoughts on why this is happening
  • The MD5 password, i know what MD5 is, im just wondering i my field in mysql needs to be "md5'd" as well?
  • Possibly the login program is requiring the session_ID is already in its field, which obviously it is'nt, if that is the problem how do i write this in because the session is only started if the person logs in sucessfully (this cannot surely be the problem can it?)
any idea's anyone?

Please Note : All of the defined tables in the PHP coding are present on my MySQL server (username, password and session_id and a lot more)

Posted: Thu Nov 27, 2003 3:29 am
by microthick
The password should be stored in the database already md5'ed.

Posted: Thu Nov 27, 2003 3:32 am
by malcolmboston
well it aint :?

do i have to do this manually and if so how?

is that the only problem then?

lol 2 many questions, answer whichever ones you can be arsed answering

Posted: Thu Nov 27, 2003 3:57 am
by infolock
have you ensured the query is being processed by putting an error control at the end of it? like this :

$query = mysql_query("select session_id from login where username = '$username' AND password = '$password' limit 1") or die(MySQL_Error());


i'm not saying this is the problem as I'm still looking through it, but could try that for now at least to get it out the problem equation.

Posted: Thu Nov 27, 2003 4:01 am
by malcolmboston
lol well i could try it now but at the moment my web is down at home so im @ uni trying to find out the answer to this,

the error has me stumped completely, i created the 1st PHP chunk (database) to make sure it was connecting properly and give me feedback, hehe thats my first ever handwritten PHP!!!!! :lol: , so its working, not sure if the query is being run though, i have checked all the syntax, it appears correct and am not getting any PHP errors when using the site, it just refuses to accept my login

also this MD5 thing, maybe that is the problem, the password fields in my table are 'plain text' is this ok?

Posted: Thu Nov 27, 2003 4:11 am
by infolock
have you checked to ensure that anything at all has been written to your passwords field? If so, then don't worry about MD5 because it's doing it's job.

however, the reason i asked about the query is because of this : even if you get no error codes, it doesn't mean the query succeeded.

Because if you throw variables at it, mysql doesn't care if you put it in the correct syntax or not,a nd will just search the database for it. So if your $variables arne't getting processed, you'll never know because mysql will just return 0 rows found.

so, that's why i was asking if you could put that error code in it. mainly, i'd suggest exiting out of the sql query when i wanted to input variables in it just to make double sure it's not something in the query. ie, doing this :

Code: Select all

<?php

$query = mysql_query("select session_id from login where username = '".$username."' AND password = '".$password."' limit 1");

?>
this way, you know for a fact your variables are being processed inside your query.. this may actually correct your problem..

Posted: Thu Nov 27, 2003 4:17 am
by malcolmboston
ok i will try that when i get home later

just one thing infolock, could you clear this up for me

in this bit of code here

Code: Select all

$username = addslashes(trim($_POST['username'])); 
$password = md5($_POST['password']); 
$query = mysql_query("select session_id from login where username = '$username' AND password = '$password' limit 1"); 
$check = mysql_num_rows($query); 
if($check == 1) 
{ 
// user is in the database and was found.. 
session_start(); 
$row = mysql_fetch_array($query); 
$_SESSION['user_id'] = $row['session_id']; 
$_SESSION['username'] = $username; 
// send the authenticicated user to specical members area 
header("location: logged_in\index.php"); 
exit; 
} 
else 
{ 
// User was not found in the database 
echo "<br>incorrect username and password!"; 
} 
}
it is not already requiring that a session_ID already be in the table is it? i never written this code so only understand approx 80% of it, also how do i go about adding the session that is created into the database, allowing it to be overwritten everytime a user logs in again

sorry about bothering you, just cant find anything about this on the net, so thought id come and ask the experts 8)

Posted: Thu Nov 27, 2003 4:21 am
by infolock
malcolmboston wrote:

Code: Select all

$username = addslashes(trim($_POST['username'])); 
$password = md5($_POST['password']); 
$query = mysql_query("select session_id from login where username = '$username' AND password = '$password' limit 1"); 
$check = mysql_num_rows($query); 
if($check == 1)
it is not already requiring that a session_ID already be in the table is it?

you aren't bothering me, that's why i'm here :P to help ya out when/if i can.

anyways, no the session is not being processed before the query, but actually after the query when it checks to see if it found a row containg the data that's in the query.

so, that's why i believe it's something in the query itself. because if the session isn't being started, that means that this line is reporting that no user was found, which in turn means either the user doesn't exist ( when we know it does ), or the problem lies in how we are checking the db for the user.

edit : one more question. is session_id a row in your database?? if so, cool just making sure... otherwise, you need to take it out and maybe put username in it's place.

Posted: Thu Nov 27, 2003 4:31 am
by malcolmboston
ok thanks lol

so my first PHP code is correct? the database connection thing? so it is definitely able to access my MySQL database?

by the way for ur information if it help heres my mysql info

site is running on apache w/ PHP (both latest versions)
connection/host = localhost
username = malcolmboston
password = ******** < sorry cant tell but its correct

databases on MySQL
mysql
TDN

tables in TDN
login = users added to memers login
login_stage = users to be added to members login DONE
feedback = data for extraction into dynamic page DONE
poll = data for extraction into dynamic page DONE
newsletter = e-mail addresses of contacts DONE
org = Dynamic page for listings of affiliate drug groups

rows/columns in login
username
password
full name
gender
e-mail
session_id <--- this has no data and dont know how to write to it if it is not defined in hte code already given

just to make sure the syntax is correct and none of it is designed for older versions of PHP

Thanks Again, Very helpful

Posted: Thu Nov 27, 2003 4:35 am
by infolock
mac just pointed out another possibility of it maybe being a problem with register_global's
viewtopic.php?t=511

also, i wasn't meaning that you weren't selecting the correct table, but asking if session_id was a field within the login table?

but i'm not sure if your query is correct or not. check the things i mentioned, and also check the link above.

one of them is bound to solve your issue.

Posted: Thu Nov 27, 2003 4:44 am
by malcolmboston
yep i think that is my best best tbh, the register globals is turned off by default and i havent chancged my php.ini to tell it otherwise, when i manage to fix this problem il be sure to post how it was done[/b]

Posted: Thu Nov 27, 2003 4:58 am
by malcolmboston
out of interest

do hosting companies have globals turned on or off?

Posted: Thu Nov 27, 2003 5:02 am
by twigletmac
malcolmboston wrote:out of interest

do hosting companies have globals turned on or off?
You should always code as though register_globals is off - the default is now off but some hosts do turn it on, however, since it's deprecated that won't be an option forever.

Mac

Posted: Thu Nov 27, 2003 5:04 am
by malcolmboston
thanks

going home now to try all this out

*fingers crossed*

will post outcome and hopefully fix tonight

Posted: Thu Nov 27, 2003 7:40 am
by malcolmboston
ok, one problem fixed another created :twisted: :twisted:

Code: Select all

line 1     &lt;?php require_once('Connections/loginSQL.php'); ?&gt;

Code: Select all

&lt;html&gt;
                    &lt;head&gt;
                    &lt;/head&gt;
                     &lt;body&gt;
&#1111;php]
line 68    &lt; ?php 
line 69    // user has filled out the login form... 
line 70    if(isset($_POST&#1111;'login'])) 
line 71    { 
line 72    $username = addslashes(trim($_POST&#1111;'username'])); 
line 73    $password = addslashes(trim($_POST&#1111;'password'])); 
line 74    $query = mysql_query("select session_id from login where username = '$username' AND password = '$password' line 75    limit 1") or die(MySQL_Error());
line 76    $check = mysql_num_rows($query); 
line 77    if($check == 1) 
line 78    { 
line 79    // user is in the database and was found.. 
line 80    session_start();
line 81    $row = mysql_fetch_array($query); 
line 82    $_SESSION&#1111;'user_id'] = $row&#1111;'session_id']; 
line 83    $_SESSION&#1111;'username'] = $username; 
line 84    header("location: logged_in\index.php");
line 85    exit; 
line 86    } 
line 87    else 
line 88    { 
line 99    // User was not found in the database
line 100   echo "&lt;br&gt;incorrect username and password!"; 
line 101   }
} 
?&gt;&#1111;/php]
&#1111;code]     &lt;/body&gt;
               &lt;/html&gt;
ok, i fixed the login area (in a sense) i now know the query is executing because i removed the MD5 (what i thought was the error) and redid that line of code, now i get the following error messages
Warning: Cannot send session cookie - headers already sent by (output started at C:\FoxServ\www\TMP2htclp0hef.php:8) in C:\FoxServ\www\TMP2htclp0hef.php on line 80

Warning: Cannot send session cache limiter - headers already sent (output started at C:\FoxServ\www\TMP2htclp0hef.php:8) in C:\FoxServ\www\TMP2htclp0hef.php on line 80

Warning: Cannot add header information - headers already sent by (output started at C:\FoxServ\www\TMP2htclp0hef.php:8) in C:\FoxServ\www\TMP2htclp0hef.php on line 84
now i know whythis is caused, it need to be called before any HTML, so i thought id move it to the very top, error still keeps coming, i dont know how to use the code basically, at least not in a way that i will sto getting any error messages and the code will still do what im telling it to do!!!

any help?