Page 1 of 1

login form problem

Posted: Thu Mar 04, 2004 3:22 pm
by ramsfield
login form problem
I am new to php, so any help would be appreciated

My user creation page works fine, however when I try and log in, I keep getting directed to the failure page.

Can anyone see any problems? If this is being done completely wrong, can you shed some light on how I might do it different.

Basically I need to create users and allow them to login with secured passwords.


CODE FOR THE USER CREATION PAGE
<?php require_once('../Connections/catering.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}

$editFormAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$editFormAction .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
}

if ((isset($HTTP_POST_VARS["MM_insert"])) && ($HTTP_POST_VARS["MM_insert"] == "register_user")) {
$md5password = md5($HTTP_POST_VARS['txtpassword']);
$insertSQL = sprintf("INSERT INTO Users (User_name, User_Password, Reg_Date, User_Email, Last_Login, First_Name, Last_Name, Address_1, Address_2, City, `State`, Zipcode, Phone, Fax) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($HTTP_POST_VARS['txtname'], "text"),
GetSQLValueString($md5password, "text"),
GetSQLValueString($HTTP_POST_VARS['txtregdate'], "text"),
GetSQLValueString($HTTP_POST_VARS['txtemail'], "text"),
GetSQLValueString($HTTP_POST_VARS['txtlastlogin'],
"text"),
GetSQLValueString($HTTP_POST_VARS['txtfirst'], "text"),
GetSQLValueString($HTTP_POST_VARS['txtlast'], "text"),
GetSQLValueString($HTTP_POST_VARS['txtaddress1'], "text"),
GetSQLValueString($HTTP_POST_VARS['txtaddress2'], "text"),
GetSQLValueString($HTTP_POST_VARS['txtcity'], "text"),
GetSQLValueString($HTTP_POST_VARS['txtstate'], "text"),
GetSQLValueString($HTTP_POST_VARS['txtzipcode'], "text"),
GetSQLValueString($HTTP_POST_VARS['txtphone'], "text"),
GetSQLValueString($HTTP_POST_VARS['txtfax'], "text"));

mysql_select_db($database_catering, $catering);
$Result1 = mysql_query($insertSQL, $catering) or die(mysql_error());

$insertGoTo = "confirm.php";
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $HTTP_SERVER_VARS['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
?>
<?php
$today=date("Y-m-d")

?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="style_sheets/catering.css" type="text/css">
</head>

<body>
<table width="750" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td colspan="3"><?php require_once('nav/top_nav.php'); ?>
</td>
</tr>
<tr>
<td width="200" rowspan="2" valign="top" class="top_nav_background"><?php require_once('nav/left_nav.php'); ?>
</td>
<td width="550" colspan="2" valign="top" class="body_heading">Account Registration</td>
</tr>
<tr>
<td width="550" colspan="2" valign="top" class="body_background"><p class="body_hyperlink">Sign
up for an account now
<form action="<?php echo $editFormAction; ?>" method="POST" name="register_user" id="register_user">
<p>
<input name="txtname" type="text" id="txtname">
User Name </p>
<p>
<input name="txtpassword" type="password" id="txtpassword">
User Password</p>
<p>
<input name="txtregdate" type="hidden" id="txtregdate" value="<?php echo $today?>">
</p>
<p>
<input name="txtemail" type="text" id="txtemail">
Email Address </p>
<p>
<input name="txtlastlogin" type="hidden" id="txtlastlogin" value="<?php echo $today?>">
</p>
<p>
<input name="txtfirst" type="text" id="txtfirst">
First Name</p>
<p>
<input name="txtlast" type="text" id="txtlast">
Last Name</p>
<p>
<input name="txtaddress1" type="text" id="txtaddress1">
Address Line 1</p>
<p>
<input name="txtaddress2" type="text" id="txtaddress2">
Address Line 2</p>
<p>
<input name="txtcity" type="text" id="txtcity">
City</p>
<p>
<input name="txtstate" type="text" id="txtstate">
State</p>
<p>
<input name="txtzipcode" type="text" id="txtzipcode">
Zipcode</p>
<p>
<input name="txtphone" type="text" id="txtphone">
Phone</p>
<p>
<input name="txtfax" type="text" id="txtfax">
Fax</p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
<input type="hidden" name="MM_insert" value="register_user">
</form></td>
</tr>
<tr>
<td colspan="3"><?php require_once('nav/bottom_nav.php'); ?>
</td>
</tr>
</table>
</body>
</html>



CODE FOR THE LOGIN PAGE
<?php require_once('../Connections/catering.php'); ?>
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}

if (isset($_POST['txtusername'])) {
$loginUsername=$_POST['txtusername'];
$password=(md5($_POST['txtpassword']));
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "success.php";
$MM_redirectLoginFailed = "failure.php";
$MM_redirecttoReferrer = false;

$LoginRS__query=sprintf("SELECT User_name, User_Password FROM Users WHERE User_name='%s' AND User_Password='$password'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));

$LoginRS = mysql_query($LoginRS__query) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;

//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");

if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="style_sheets/catering.css" type="text/css">
</head>

<body>
<table width="750" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td colspan="3"><?php require_once('nav/top_nav.php'); ?>
</td>
</tr>
<tr>
<td width="200" rowspan="2" valign="top" class="left_nav_background"><?php require_once('nav/left_nav.php'); ?>
</td>
<td width="550" colspan="2" valign="top" class="body_heading">Login</td>
</tr>
<tr>
<td width="550" colspan="2" valign="top" class="body_background"><form ACTION="<?php echo $loginFormAction; ?>" method="POST" name="login">
<p>
<input name="txtusername" type="text" id="txtusername" size="40">
User Name</p>
<p>
<input name="txtpassword" type="password" id="txtpassword" size="40">
Password </p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</td>
</tr>
<tr>
<td colspan="3"><?php require_once('nav/bottom_nav.php'); ?>
</td>
</tr>
</table>
</body>
</html>

Posted: Thu Mar 04, 2004 3:55 pm
by Crashin
No answer, yet. Just making your code a little more readable. :)

Code: Select all

CODE FOR THE USER CREATION PAGE 
<?php require_once('../Connections/catering.php'); ?> 
<?php 
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{ 
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; 

switch ($theType) { 
case "text": 
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; 
break; 
case "long": 
case "int": 
$theValue = ($theValue != "") ? intval($theValue) : "NULL"; 
break; 
case "double": 
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; 
break; 
case "date": 
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; 
break; 
case "defined": 
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; 
break; 
} 
return $theValue; 
} 

$editFormAction = $HTTP_SERVER_VARS['PHP_SELF']; 
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) { 
$editFormAction .= "?" . $HTTP_SERVER_VARS['QUERY_STRING']; 
} 

if ((isset($HTTP_POST_VARS["MM_insert"])) && ($HTTP_POST_VARS["MM_insert"] == "register_user")) { 
$md5password = md5($HTTP_POST_VARS['txtpassword']); 
$insertSQL = sprintf("INSERT INTO Users (User_name, User_Password, Reg_Date, User_Email, Last_Login, First_Name, Last_Name, Address_1, Address_2, City, `State`, Zipcode, Phone, Fax) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", 
GetSQLValueString($HTTP_POST_VARS['txtname'], "text"), 
GetSQLValueString($md5password, "text"), 
GetSQLValueString($HTTP_POST_VARS['txtregdate'], "text"), 
GetSQLValueString($HTTP_POST_VARS['txtemail'], "text"), 
GetSQLValueString($HTTP_POST_VARS['txtlastlogin'], 
"text"), 
GetSQLValueString($HTTP_POST_VARS['txtfirst'], "text"), 
GetSQLValueString($HTTP_POST_VARS['txtlast'], "text"), 
GetSQLValueString($HTTP_POST_VARS['txtaddress1'], "text"), 
GetSQLValueString($HTTP_POST_VARS['txtaddress2'], "text"), 
GetSQLValueString($HTTP_POST_VARS['txtcity'], "text"), 
GetSQLValueString($HTTP_POST_VARS['txtstate'], "text"), 
GetSQLValueString($HTTP_POST_VARS['txtzipcode'], "text"), 
GetSQLValueString($HTTP_POST_VARS['txtphone'], "text"), 
GetSQLValueString($HTTP_POST_VARS['txtfax'], "text")); 

mysql_select_db($database_catering, $catering); 
$Result1 = mysql_query($insertSQL, $catering) or die(mysql_error()); 

$insertGoTo = "confirm.php"; 
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) { 
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; 
$insertGoTo .= $HTTP_SERVER_VARS['QUERY_STRING']; 
} 
header(sprintf("Location: %s", $insertGoTo)); 
} 
?> 
<?php 
$today=date("Y-m-d") 

?> 
<html> 
<head> 
<title>Untitled Document</title> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
<link rel="stylesheet" href="style_sheets/catering.css" type="text/css"> 
</head> 

<body> 
<table width="750" border="0" align="center" cellpadding="0" cellspacing="0"> 
<tr> 
<td colspan="3"><?php require_once('nav/top_nav.php'); ?> 
</td> 
</tr> 
<tr> 
<td width="200" rowspan="2" valign="top" class="top_nav_background"><?php require_once('nav/left_nav.php'); ?> 
</td> 
<td width="550" colspan="2" valign="top" class="body_heading">Account Registration</td> 
</tr> 
<tr> 
<td width="550" colspan="2" valign="top" class="body_background"><p class="body_hyperlink">Sign 
up for an account now 
<form action="<?php echo $editFormAction; ?>" method="POST" name="register_user" id="register_user"> 
<p> 
<input name="txtname" type="text" id="txtname"> 
User Name </p> 
<p> 
<input name="txtpassword" type="password" id="txtpassword"> 
User Password</p> 
<p> 
<input name="txtregdate" type="hidden" id="txtregdate" value="<?php echo $today?>"> 
</p> 
<p> 
<input name="txtemail" type="text" id="txtemail"> 
Email Address </p> 
<p> 
<input name="txtlastlogin" type="hidden" id="txtlastlogin" value="<?php echo $today?>"> 
</p> 
<p> 
<input name="txtfirst" type="text" id="txtfirst"> 
First Name</p> 
<p> 
<input name="txtlast" type="text" id="txtlast"> 
Last Name</p> 
<p> 
<input name="txtaddress1" type="text" id="txtaddress1"> 
Address Line 1</p> 
<p> 
<input name="txtaddress2" type="text" id="txtaddress2"> 
Address Line 2</p> 
<p> 
<input name="txtcity" type="text" id="txtcity"> 
City</p> 
<p> 
<input name="txtstate" type="text" id="txtstate"> 
State</p> 
<p> 
<input name="txtzipcode" type="text" id="txtzipcode"> 
Zipcode</p> 
<p> 
<input name="txtphone" type="text" id="txtphone"> 
Phone</p> 
<p> 
<input name="txtfax" type="text" id="txtfax"> 
Fax</p> 
<p> 
<input type="submit" name="Submit" value="Submit"> 
</p> 
<input type="hidden" name="MM_insert" value="register_user"> 
</form></td> 
</tr> 
<tr> 
<td colspan="3"><?php require_once('nav/bottom_nav.php'); ?> 
</td> 
</tr> 
</table> 
</body> 
</html> 



CODE FOR THE LOGIN PAGE 
<?php require_once('../Connections/catering.php'); ?> 
<?php 
// *** Validate request to login to this site. 
session_start(); 

$loginFormAction = $_SERVER['PHP_SELF']; 
if (isset($accesscheck)) { 
$GLOBALS['PrevUrl'] = $accesscheck; 
session_register('PrevUrl'); 
} 

if (isset($_POST['txtusername'])) { 
$loginUsername=$_POST['txtusername']; 
$password=(md5($_POST['txtpassword'])); 
$MM_fldUserAuthorization = ""; 
$MM_redirectLoginSuccess = "success.php"; 
$MM_redirectLoginFailed = "failure.php"; 
$MM_redirecttoReferrer = false; 

$LoginRS__query=sprintf("SELECT User_name, User_Password FROM Users WHERE User_name='%s' AND User_Password='$password'", 
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 

$LoginRS = mysql_query($LoginRS__query) or die(mysql_error()); 
$loginFoundUser = mysql_num_rows($LoginRS); 
if ($loginFoundUser) { 
$loginStrGroup = ""; 

//declare two session variables and assign them 
$GLOBALS['MM_Username'] = $loginUsername; 
$GLOBALS['MM_UserGroup'] = $loginStrGroup; 

//register the session variables 
session_register("MM_Username"); 
session_register("MM_UserGroup"); 

if (isset($_SESSION['PrevUrl']) && false) { 
$MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 
} 
header("Location: " . $MM_redirectLoginSuccess ); 
} 
else { 
header("Location: ". $MM_redirectLoginFailed ); 
} 
} 
?> 
<html> 
<head> 
<title>Untitled Document</title> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
<link rel="stylesheet" href="style_sheets/catering.css" type="text/css"> 
</head> 

<body> 
<table width="750" border="0" align="center" cellpadding="0" cellspacing="0"> 
<tr> 
<td colspan="3"><?php require_once('nav/top_nav.php'); ?> 
</td> 
</tr> 
<tr> 
<td width="200" rowspan="2" valign="top" class="left_nav_background"><?php require_once('nav/left_nav.php'); ?> 
</td> 
<td width="550" colspan="2" valign="top" class="body_heading">Login</td> 
</tr> 
<tr> 
<td width="550" colspan="2" valign="top" class="body_background"><form ACTION="<?php echo $loginFormAction; ?>" method="POST" name="login"> 
<p> 
<input name="txtusername" type="text" id="txtusername" size="40"> 
User Name</p> 
<p> 
<input name="txtpassword" type="password" id="txtpassword" size="40"> 
Password </p> 
<p> 
<input type="submit" name="Submit" value="Submit"> 
</p> 
</form> 
</td> 
</tr> 
<tr> 
<td colspan="3"><?php require_once('nav/bottom_nav.php'); ?> 
</td> 
</tr> 
</table> 
</body> 
</html>