Page 1 of 1

Login form with mysql destroys all php queries in next page

Posted: Mon Jan 19, 2004 10:31 am
by dimitris
I created a login script which authenticates users but after submiting it i get The message "Right Password" on the top and all other data requests are destroyed.The return die errors such as database not selected while that page was working fine before the login form submition!
This the code:

Code: Select all

<?php	
				session_start();
				header("Cache-control: private");
				$_SESSION['logged_in'] = 0; 
				$_SESSION['session_id'] = 0; 
								error_reporting(E_ALL);
				if(isset($HTTP_POST_VARS['submit'])){
				if((strlen($HTTP_POST_VARS['username'])>0) AND (strlen($HTTP_POST_VARS['password'])>0)){ 		
				
				require_once ("../../w/connect.inc");//einai sto music.hxotpon.net/blabla.php
				               
				$query = "SELECT username,password FROM customers";
				$query_result = mysql_query ($query);
				if($query_result)
				{
					$login_status=0
					$a=0;
						
						while($row = @ mysql_fetch_array($query_result))
						{	
		
							if(($row['username']==$username) AND ($row['password']==$password))
							{
								$logged_in = 1;

								$login_status=1;//user authenticated
							}
							if(($row['username']==$username) AND ($row['password']!=$password))
							{	
								$logged_in = 2;//wrong password
							}
							
						}
						
						if($login_status==1)
						{
							
							$rand=rand(1,9);
							
							$session_id=$rand.substr(md5($REMOTE_ADDR), 0, 11+$rand); 
							$session_id.=substr(md5(rand(1,1000000)), rand(1,32-$rand), 21-$rand); 
							session_id($session_id);
							
							echo '<font color="green"> &#931;&#969;&#963;&#964;&#972; password </font>';
							echo $session_id; 
						}
						if($logged_in==2)
						{
							echo '<font color="red"> Wrong password</font>';
						}
						if($logged_in==0)
						{
							echo '<font color="red">Try Again</font>';
						}
					}else{
						echo '<b><font color="red"> Try Again </font></b>';
					}//telos if($query_result)
					mysql_close();
				}else{
					echo '<font color="red"> You left empty one of the fields! </font>';
					
				}//telos if(strlen...
			}
?>
And this is the form code:

Code: Select all

&lt;form action="index.php" method="post" name="login" class="text11" id="login"&gt;
            &lt;p&gt;&lt;strong&gt;            &#917;&#943;&#963;&#959;&#948;&#959;&#962; (email):
                  &lt;input name="username" type="text" class="info2" id="username"&gt;
            &lt;/strong&gt;&lt;strong&gt;Password:
              &lt;input name="password" type="password" class="info2" id="password"&gt;
              &lt;input name="submit" type="submit" class="red" id="submit" value="&#917;&#943;&#963;&#959;&#948;&#959;&#962;"&gt;
            &lt;/strong&gt;&lt;/p&gt;
          &lt;/form&gt;

Posted: Mon Jan 19, 2004 11:14 am
by Meteo
the reason it returns a database not selected error is because you have not selected a database, ironic as that sounds, lol

assuming that require_once ("../../w/connect.inc"); is making the connection, it sounds like you haven't done this...

mysql_select_db($database, $connection);
before executing a mysql_query

Posted: Mon Jan 19, 2004 12:31 pm
by dimitris
Meteo wrote:the reason it returns a database not selected error is because you have not selected a database, ironic as that sounds, lol

assuming that require_once ("../../w/connect.inc"); is making the connection, it sounds like you haven't done this...

mysql_select_db($database, $connection);
before executing a mysql_query
Sorry Meteo but you are not right! If this happened my scripts wouldn't work at the first place!
I guess that some of the dynamic code kills the querries!
A sort of overrun maybe? I don't know!
Plz test my code!

Posted: Mon Jan 19, 2004 3:06 pm
by Meteo
I didn't really test the code because of the database usage, it's not the most convenient right now, but I did go through it, and there seemed to be some little glitches, i thought
you tested in it to see if $logged_in is equal to zero, and it is never set to that value in the code. it's either set to one or two
I went through it and tried to re-write some expressions

Code: Select all

<?php
session_start();
header("Cache-control: private");
$_SESSION['logged_in'] = 0;
$_SESSION['session_id'] = 0;
error_reporting(E_ALL);
if(isset($HTTP_POST_VARS['submit'])){
    if((strlen($HTTP_POST_VARS['username']) > 0) && (strlen($HTTP_POST_VARS['password']) > 0)){
        $username = $HTTP_POST_VARS['username'];
        $password = $HTTP_POST_VARS['password'];
        require_once ("../../w/connect.inc");//einai sto music.hxotpon.net/blabla.php
        $query = "SELECT * FROM customers WHERE username='$username'";
        $query_result = mysql_query ($query);
        $check = mysql_num_rows($query_result);
        if($check > 0)
            {
                $a = 0;
                $row = mysql_fetch_array($query_result);
                  if(($row['username'] == $username) && ($row['password'] == $password))
                    {
                        $logged_in = TRUE;
                        $login_status = TRUE;//user authenticated
                    } else {
                        $logged_in = FALSE;//wrong password
                        $login_status = FALSE;
                    }

                  if($logged_in)
                  {
                      $rand = rand(1,9);
                      $session_id=$rand.substr(md5($REMOTE_ADDR), 0, 11+$rand);
                      $session_id.=substr(md5(rand(1,1000000)), rand(1,32-$rand), 21-$rand);
                      session_id($session_id);
                      echo '<font color="green"> &#931;&#969;&#963;&#964;&#972; password </font>';
                      echo $session_id;
                  } else {
                      echo '<font color="red"> Wrong password</font>';
                  }
               } else {
                  echo '<b><font color="red"> Try Again </font></b>';
               }//telos if($query_result)
               mysql_close();
            } else {
               echo '<font color="red">You left empty one of the fields!</font>';

            }//telos if(strlen...
         }
?>

Posted: Tue Jan 20, 2004 11:02 am
by dimitris
Thank you for your code Meteo but the same results occured again!
I cannot understand why the login script boycotts everything in the page!