PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
dimitris
Forum Contributor
Posts: 110 Joined: Wed Jan 14, 2004 3:47 am
Location: Athens, Greece
Post
by dimitris » Mon Jan 19, 2004 10:31 am
I created a login script which authenticates users but after submiting it i get The message "Right Password" on the top and all other data requests are destroyed.The return die errors such as database not selected while that page was working fine before the login form submition!
This the code:
Code: Select all
<?php
session_start();
header("Cache-control: private");
$_SESSION['logged_in'] = 0;
$_SESSION['session_id'] = 0;
error_reporting(E_ALL);
if(isset($HTTP_POST_VARS['submit'])){
if((strlen($HTTP_POST_VARS['username'])>0) AND (strlen($HTTP_POST_VARS['password'])>0)){
require_once ("../../w/connect.inc");//einai sto music.hxotpon.net/blabla.php
$query = "SELECT username,password FROM customers";
$query_result = mysql_query ($query);
if($query_result)
{
$login_status=0
$a=0;
while($row = @ mysql_fetch_array($query_result))
{
if(($row['username']==$username) AND ($row['password']==$password))
{
$logged_in = 1;
$login_status=1;//user authenticated
}
if(($row['username']==$username) AND ($row['password']!=$password))
{
$logged_in = 2;//wrong password
}
}
if($login_status==1)
{
$rand=rand(1,9);
$session_id=$rand.substr(md5($REMOTE_ADDR), 0, 11+$rand);
$session_id.=substr(md5(rand(1,1000000)), rand(1,32-$rand), 21-$rand);
session_id($session_id);
echo '<font color="green"> Σωστό password </font>';
echo $session_id;
}
if($logged_in==2)
{
echo '<font color="red"> Wrong password</font>';
}
if($logged_in==0)
{
echo '<font color="red">Try Again</font>';
}
}else{
echo '<b><font color="red"> Try Again </font></b>';
}//telos if($query_result)
mysql_close();
}else{
echo '<font color="red"> You left empty one of the fields! </font>';
}//telos if(strlen...
}
?>
And this is the form code:
Code: Select all
<form action="index.php" method="post" name="login" class="text11" id="login">
<p><strong> Είσοδος (email):
<input name="username" type="text" class="info2" id="username">
</strong><strong>Password:
<input name="password" type="password" class="info2" id="password">
<input name="submit" type="submit" class="red" id="submit" value="Είσοδος">
</strong></p>
</form>
Meteo
Forum Newbie
Posts: 24 Joined: Sun Jan 18, 2004 10:19 am
Contact:
Post
by Meteo » Mon Jan 19, 2004 11:14 am
the reason it returns a database not selected error is because you have not selected a database, ironic as that sounds, lol
assuming that require_once ("../../w/connect.inc"); is making the connection, it sounds like you haven't done this...
mysql_select_db($database, $connection);
before executing a mysql_query
dimitris
Forum Contributor
Posts: 110 Joined: Wed Jan 14, 2004 3:47 am
Location: Athens, Greece
Post
by dimitris » Mon Jan 19, 2004 12:31 pm
Meteo wrote: the reason it returns a database not selected error is because you have not selected a database, ironic as that sounds, lol
assuming that require_once ("../../w/connect.inc"); is making the connection, it sounds like you haven't done this...
mysql_select_db($database, $connection);
before executing a mysql_query
Sorry Meteo but you are not right! If this happened my scripts wouldn't work at the first place!
I guess that some of the dynamic code kills the querries!
A sort of overrun maybe? I don't know!
Plz test my code!
Meteo
Forum Newbie
Posts: 24 Joined: Sun Jan 18, 2004 10:19 am
Contact:
Post
by Meteo » Mon Jan 19, 2004 3:06 pm
I didn't really test the code because of the database usage, it's not the most convenient right now, but I did go through it, and there seemed to be some little glitches, i thought
you tested in it to see if $logged_in is equal to zero, and it is never set to that value in the code. it's either set to one or two
I went through it and tried to re-write some expressions
Code: Select all
<?php
session_start();
header("Cache-control: private");
$_SESSION['logged_in'] = 0;
$_SESSION['session_id'] = 0;
error_reporting(E_ALL);
if(isset($HTTP_POST_VARS['submit'])){
if((strlen($HTTP_POST_VARS['username']) > 0) && (strlen($HTTP_POST_VARS['password']) > 0)){
$username = $HTTP_POST_VARS['username'];
$password = $HTTP_POST_VARS['password'];
require_once ("../../w/connect.inc");//einai sto music.hxotpon.net/blabla.php
$query = "SELECT * FROM customers WHERE username='$username'";
$query_result = mysql_query ($query);
$check = mysql_num_rows($query_result);
if($check > 0)
{
$a = 0;
$row = mysql_fetch_array($query_result);
if(($row['username'] == $username) && ($row['password'] == $password))
{
$logged_in = TRUE;
$login_status = TRUE;//user authenticated
} else {
$logged_in = FALSE;//wrong password
$login_status = FALSE;
}
if($logged_in)
{
$rand = rand(1,9);
$session_id=$rand.substr(md5($REMOTE_ADDR), 0, 11+$rand);
$session_id.=substr(md5(rand(1,1000000)), rand(1,32-$rand), 21-$rand);
session_id($session_id);
echo '<font color="green"> Σωστό password </font>';
echo $session_id;
} else {
echo '<font color="red"> Wrong password</font>';
}
} else {
echo '<b><font color="red"> Try Again </font></b>';
}//telos if($query_result)
mysql_close();
} else {
echo '<font color="red">You left empty one of the fields!</font>';
}//telos if(strlen...
}
?>
dimitris
Forum Contributor
Posts: 110 Joined: Wed Jan 14, 2004 3:47 am
Location: Athens, Greece
Post
by dimitris » Tue Jan 20, 2004 11:02 am
Thank you for your code Meteo but the same results occured again!
I cannot understand why the login script boycotts everything in the page!