Login form with mysql destroys all php queries in next page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
dimitris
Forum Contributor
Posts: 110
Joined: Wed Jan 14, 2004 3:47 am
Location: Athens, Greece

Login form with mysql destroys all php queries in next page

Post by dimitris »

I created a login script which authenticates users but after submiting it i get The message "Right Password" on the top and all other data requests are destroyed.The return die errors such as database not selected while that page was working fine before the login form submition!
This the code:

Code: Select all

<?php	
				session_start();
				header("Cache-control: private");
				$_SESSION['logged_in'] = 0; 
				$_SESSION['session_id'] = 0; 
								error_reporting(E_ALL);
				if(isset($HTTP_POST_VARS['submit'])){
				if((strlen($HTTP_POST_VARS['username'])>0) AND (strlen($HTTP_POST_VARS['password'])>0)){ 		
				
				require_once ("../../w/connect.inc");//einai sto music.hxotpon.net/blabla.php
				               
				$query = "SELECT username,password FROM customers";
				$query_result = mysql_query ($query);
				if($query_result)
				{
					$login_status=0
					$a=0;
						
						while($row = @ mysql_fetch_array($query_result))
						{	
		
							if(($row['username']==$username) AND ($row['password']==$password))
							{
								$logged_in = 1;

								$login_status=1;//user authenticated
							}
							if(($row['username']==$username) AND ($row['password']!=$password))
							{	
								$logged_in = 2;//wrong password
							}
							
						}
						
						if($login_status==1)
						{
							
							$rand=rand(1,9);
							
							$session_id=$rand.substr(md5($REMOTE_ADDR), 0, 11+$rand); 
							$session_id.=substr(md5(rand(1,1000000)), rand(1,32-$rand), 21-$rand); 
							session_id($session_id);
							
							echo '<font color="green"> &#931;&#969;&#963;&#964;&#972; password </font>';
							echo $session_id; 
						}
						if($logged_in==2)
						{
							echo '<font color="red"> Wrong password</font>';
						}
						if($logged_in==0)
						{
							echo '<font color="red">Try Again</font>';
						}
					}else{
						echo '<b><font color="red"> Try Again </font></b>';
					}//telos if($query_result)
					mysql_close();
				}else{
					echo '<font color="red"> You left empty one of the fields! </font>';
					
				}//telos if(strlen...
			}
?>
And this is the form code:

Code: Select all

&lt;form action="index.php" method="post" name="login" class="text11" id="login"&gt;
            &lt;p&gt;&lt;strong&gt;            &#917;&#943;&#963;&#959;&#948;&#959;&#962; (email):
                  &lt;input name="username" type="text" class="info2" id="username"&gt;
            &lt;/strong&gt;&lt;strong&gt;Password:
              &lt;input name="password" type="password" class="info2" id="password"&gt;
              &lt;input name="submit" type="submit" class="red" id="submit" value="&#917;&#943;&#963;&#959;&#948;&#959;&#962;"&gt;
            &lt;/strong&gt;&lt;/p&gt;
          &lt;/form&gt;
User avatar
Meteo
Forum Newbie
Posts: 24
Joined: Sun Jan 18, 2004 10:19 am
Contact:

Post by Meteo »

the reason it returns a database not selected error is because you have not selected a database, ironic as that sounds, lol

assuming that require_once ("../../w/connect.inc"); is making the connection, it sounds like you haven't done this...

mysql_select_db($database, $connection);
before executing a mysql_query
User avatar
dimitris
Forum Contributor
Posts: 110
Joined: Wed Jan 14, 2004 3:47 am
Location: Athens, Greece

Post by dimitris »

Meteo wrote:the reason it returns a database not selected error is because you have not selected a database, ironic as that sounds, lol

assuming that require_once ("../../w/connect.inc"); is making the connection, it sounds like you haven't done this...

mysql_select_db($database, $connection);
before executing a mysql_query
Sorry Meteo but you are not right! If this happened my scripts wouldn't work at the first place!
I guess that some of the dynamic code kills the querries!
A sort of overrun maybe? I don't know!
Plz test my code!
User avatar
Meteo
Forum Newbie
Posts: 24
Joined: Sun Jan 18, 2004 10:19 am
Contact:

Post by Meteo »

I didn't really test the code because of the database usage, it's not the most convenient right now, but I did go through it, and there seemed to be some little glitches, i thought
you tested in it to see if $logged_in is equal to zero, and it is never set to that value in the code. it's either set to one or two
I went through it and tried to re-write some expressions

Code: Select all

<?php
session_start();
header("Cache-control: private");
$_SESSION['logged_in'] = 0;
$_SESSION['session_id'] = 0;
error_reporting(E_ALL);
if(isset($HTTP_POST_VARS['submit'])){
    if((strlen($HTTP_POST_VARS['username']) > 0) && (strlen($HTTP_POST_VARS['password']) > 0)){
        $username = $HTTP_POST_VARS['username'];
        $password = $HTTP_POST_VARS['password'];
        require_once ("../../w/connect.inc");//einai sto music.hxotpon.net/blabla.php
        $query = "SELECT * FROM customers WHERE username='$username'";
        $query_result = mysql_query ($query);
        $check = mysql_num_rows($query_result);
        if($check > 0)
            {
                $a = 0;
                $row = mysql_fetch_array($query_result);
                  if(($row['username'] == $username) && ($row['password'] == $password))
                    {
                        $logged_in = TRUE;
                        $login_status = TRUE;//user authenticated
                    } else {
                        $logged_in = FALSE;//wrong password
                        $login_status = FALSE;
                    }

                  if($logged_in)
                  {
                      $rand = rand(1,9);
                      $session_id=$rand.substr(md5($REMOTE_ADDR), 0, 11+$rand);
                      $session_id.=substr(md5(rand(1,1000000)), rand(1,32-$rand), 21-$rand);
                      session_id($session_id);
                      echo '<font color="green"> &#931;&#969;&#963;&#964;&#972; password </font>';
                      echo $session_id;
                  } else {
                      echo '<font color="red"> Wrong password</font>';
                  }
               } else {
                  echo '<b><font color="red"> Try Again </font></b>';
               }//telos if($query_result)
               mysql_close();
            } else {
               echo '<font color="red">You left empty one of the fields!</font>';

            }//telos if(strlen...
         }
?>
User avatar
dimitris
Forum Contributor
Posts: 110
Joined: Wed Jan 14, 2004 3:47 am
Location: Athens, Greece

Post by dimitris »

Thank you for your code Meteo but the same results occured again!
I cannot understand why the login script boycotts everything in the page!
Post Reply