Page 1 of 2

Can't get my login script to work

Posted: Fri Jul 23, 2004 10:38 pm
by fresh
ok I'm posting the whole code so you can see the full routine, the problem I'm having is that when you go to login and enter the correct password and such, after you submit the form it is not going including the loggedin.php but is defaulting to the notloggedin.php, here's my script:

Code: Select all

<?php
// database connect script.
require_once 'db_connect.php';

include("header.html");

if (isset($_POST['submit'])) { // if form has been submitted


  /* check they filled in what they were supposed to and authenticate */
  if(!$_POST['uname'] | !$_POST['passwd']) {
    die('<center><font color=white>You did not fill in a required field(s).</font></center>');
  }

  // authenticate.

  if (!get_magic_quotes_gpc()) {
    $_POST['uname'] = addslashes($_POST['uname']);
  }

  $check = $db_object->query("SELECT username, password FROM users WHERE username = '".$_POST['uname']."'");

  if (DB::isError($check) || $check->numRows() == 0) {
    die('<center><font color=white>That username does not exist in our database.</font></center>');
  }

  $info = $check->fetchRow();

  // check passwords match

  $_POST['passwd'] = stripslashes($_POST['passwd']);
  $info['password'] = stripslashes($info['password']);
  $_POST['passwd'] = md5($_POST['passwd']);

  if ($_POST['passwd'] != $info['password']) {
    die('<center><font color=white>Incorrect password, please try again.</font></center>');
  }

  // if we get here username and password are correct, 
  //register session variables and set last login time.

  $date = date('m d, Y');

  $update_login = $db_object->query("UPDATE users SET last_login = '$date' WHERE username = '".$_POST['uname']."'");

  $_POST['uname'] = stripslashes($_POST['uname']);
  $_SESSION['username'] = $_POST['uname'];
  $_SESSION['password'] = $_POST['passwd'];
  $db_object->disconnect();

include("loggedin.php");

} else {  // if form hasn't been submitted

include("notloggedin.php");

echo "<br>";

include("footer.html");

}
?>

I have no idea why this isn't working, any ideas, thanks guys :)

Posted: Fri Jul 23, 2004 10:54 pm
by lolpix
Did you remember to set submit to something?

Posted: Fri Jul 23, 2004 11:04 pm
by lolpix
Make sure your submit button's name="submit"....

Code: Select all

<?php

if (isset($_POST&#1111;'submit'])) 
&#123;

    echo 'Form was submitted!<br />';
	
&#125; else &#123;

    echo 'Error: Form was NOT submitted!<br />';
	
&#125;

?>
	
<form method="post" name="FormName">
    <input type="submit" name="submit" value="This Works" border="0">
    <input type="submit" value="This Does Not Work" border="0">
</form>

hey

Posted: Fri Jul 23, 2004 11:27 pm
by fresh
man that's an awesome example, thanks alot!! :)

Posted: Sat Jul 24, 2004 1:44 am
by PrObLeM
um if(!$_POST['uname'] | !$_POST['passwd']) { should be if(!$_POST['uname'] || !$_POST['passwd']) {

this is "||" this isnt or "|" i just looked over it real quick and stoped at the 1st mistake i found

Posted: Sat Jul 24, 2004 3:07 am
by feyd
Just a heads up: it's generally not a good idea to look for the submit button in the post unless that's the only way the page could be submitted. For instance, say you have some text fields. I could hit enter to submit the form, this would not pass the submit button, yet the form would be properly formatted. I would get annoyed that I have to click submit for it to work and would consider it broken functionality as well if I were a tester...

I personally use $_SERVER['REQUEST_METHOD'] to tell me if the page is being posted to. If there are multiple forms that could submit to this page, I look for something unique within each of them (if differing processing is needed.) Additionally, to make sure the page doesn't break badly, I check for the existance of each variable I'm expecting for the given form I'm processing using something similar to:

Code: Select all

<?php

$something = (!empty($_POST['something']) ? sanitize($_POST['someting']) : '';

?>
sanitize() would be some function to determine if $_POST['something'] is in the proper format, maybe do some conversions or something..

my $0.02

Posted: Sat Jul 24, 2004 8:22 am
by fresh
ohh, so just add a hidden link that identifys which form it comes from and check for that instead??? hmm... good idea, I never thought about that... thanks...

oh yeah that maybe the problem, it must have gotten edited out on accident, when I was integrating it into another project, thanks I'll try that :)

Re: Can't get my login script to work

Posted: Sat Jul 24, 2004 10:13 am
by oscbosser

Code: Select all

<?php
  $_POST['passwd'] = stripslashes($_POST['passwd']);
  $info['password'] = stripslashes($info['password']);
  $_POST['passwd'] = md5($_POST['passwd']);

  if ($_POST['passwd'] != $info['password']) {
    die('<center><font color=white>Incorrect password, please try again.</font></center>');
  }
I dont think ur supposed to stripslashes on a md5 encrypted password. Because if there was something inthere that gets stripped ur passes would not match.

Posted: Sat Jul 24, 2004 11:17 am
by feyd
an md5'd string (not binary) is 32 hex characters, there's nothing to strip slashes from.. However, it is a good idea to check [php_man]get_magic_quotes_gpc[/php_man]() to see if you need to run a stripslashes or not..

hey

Posted: Sat Jul 24, 2004 7:18 pm
by fresh
feyd Im trying to do what you said but it isn't working for me:

I tried making a hidden tag with the name submit and it doesn't work, so I made a submit button and named it submit and it worked then.... but I don't want to use that horrid looking html button, so is there some way of doing this with a link:

Code: Select all

<a href='#' onclick='javascript:submit();'><input type="image" src="../images/a120.jpg" border="0" width="46" height="23"></a></td>
I tried naming the a href tag submit but that doesn't work either, I tried naming the image tag and it didn't work either... is there any other way :)

Posted: Sat Jul 24, 2004 7:25 pm
by brandan
you could try the magic submit button, but it only works in internet explorer and costs 5 soul points per use.

Posted: Sat Jul 24, 2004 7:31 pm
by fresh
the what??? and it takes what??? :roll:

Posted: Sat Jul 24, 2004 7:39 pm
by brandan
the magic submit button. it does whatever you want by reading your mind and applying itself accordingly. it costs soul points, just like any powerful tool, because using it can give you the upperhand over other developers who actually work for what they want. but don't worry, your soul points can be rejuvinated by drinking hawaiian punch.

no...

Posted: Sat Jul 24, 2004 10:24 pm
by fresh
no.. you don't huff gas 8O

Posted: Sat Jul 24, 2004 10:59 pm
by feyd
trying to call the submit function inside a form which has a field or button named submit will fail, as it resolves the name first, before the method..