Can you spot the mistake?
Moderator: General Moderators
-
richcoleuk
- Forum Newbie
- Posts: 24
- Joined: Fri Nov 05, 2004 1:33 pm
Can you spot the mistake?
Hello, i am writing a login page. The login.html provides the user with the username and password login boxes which they enter there details. This then calls the login.php script which verifies this from a database. I cant seem to get it to work. Any ideas?
Code for html form:
<form action= "login.php" method="post">
<span id="username_p">Username</span>
<input type="text" name="last" size="25" id="username" />
<span id="password_p">Password</span>
<input type ="text" name="email" size="25" id="password" />
<p id="submit_p"><input type="submit" name="Submit" value="Submit" /></p>
</form>
and code for login.php:
<?php
session_start();
// ------------------------ Start Both -----------------------------------------------------
if($_COOKIE['logedin'] == 'yes' || $_SESSION['logedin'] == 'yes') {
header("Location: success.html");
exit();
}
// If the form was submited check if the username and password match
if($_POST['Submit']){
require_once("connect.php");
$username = $_POST['username'];
$password = $_POST['password'];
$search_user_query = "SELECT * FROM " . TABLE_NAME . " WHERE `" . USER_NAME . "`='$username' AND `" . PASS_NAME . "`='$password'";
$search_user_result = @mysql_query($search_user_query);
$search_user_isin = @mysql_num_rows($search_user_result);
if($search_user_isin != 0){
// ------------------------ Start Both -----------------------------------------------------
// If username and password is right , store the session in a cookie
setcookie ('logedin', 'John',time()+30000); // Set the length of the cookie to 30000
//Create the Session id's (as many as you want, can also do the same with cookied)
$_SESSION['logedin'] = 'John';
@mysql_close();
// Redirect to the page
header("Location: success.html");
exit();
} else {
$error = 'Password and/or Username Not Valid, Please Try Again!';
@mysql_close();
}
}
?>
Code for html form:
<form action= "login.php" method="post">
<span id="username_p">Username</span>
<input type="text" name="last" size="25" id="username" />
<span id="password_p">Password</span>
<input type ="text" name="email" size="25" id="password" />
<p id="submit_p"><input type="submit" name="Submit" value="Submit" /></p>
</form>
and code for login.php:
<?php
session_start();
// ------------------------ Start Both -----------------------------------------------------
if($_COOKIE['logedin'] == 'yes' || $_SESSION['logedin'] == 'yes') {
header("Location: success.html");
exit();
}
// If the form was submited check if the username and password match
if($_POST['Submit']){
require_once("connect.php");
$username = $_POST['username'];
$password = $_POST['password'];
$search_user_query = "SELECT * FROM " . TABLE_NAME . " WHERE `" . USER_NAME . "`='$username' AND `" . PASS_NAME . "`='$password'";
$search_user_result = @mysql_query($search_user_query);
$search_user_isin = @mysql_num_rows($search_user_result);
if($search_user_isin != 0){
// ------------------------ Start Both -----------------------------------------------------
// If username and password is right , store the session in a cookie
setcookie ('logedin', 'John',time()+30000); // Set the length of the cookie to 30000
//Create the Session id's (as many as you want, can also do the same with cookied)
$_SESSION['logedin'] = 'John';
@mysql_close();
// Redirect to the page
header("Location: success.html");
exit();
} else {
$error = 'Password and/or Username Not Valid, Please Try Again!';
@mysql_close();
}
}
?>
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Your code requires register globals to be ON. By default it is OFF.
change
to
also change
to
and i recommend changing
to
to catch any errors mysql spits out
also your are checking to see if the session variable is set to YES, but it never will === YES therefor you should change
to
change
Code: Select all
<?php
if($_POST['Submit']){
?>Code: Select all
<?php
if (!empty($_POST['username']) && !empty($_POST['password']))
?>Code: Select all
<span id="username_p">Username</span>
<input type="text" name="last" size="25" id="username" />
<span id="password_p">Password</span>
<input type ="text" name="email" size="25" id="password" />Code: Select all
<span id="username_p">Username</span>
<input type="text" name="username" size="25" id="username" />
<span id="password_p">Password</span>
<input type ="text" name="password" size="25" id="password" />Code: Select all
<?php
$search_user_result = @mysql_query($search_user_query);
$search_user_isin = @mysql_num_rows($search_user_result);
?>Code: Select all
<?php
$search_user_result = mysql_query($search_user_query) or die(mysql)error());
$search_user_isin = mysql_num_rows($search_user_result) or die(mysql_error());
?>also your are checking to see if the session variable is set to YES, but it never will === YES therefor you should change
Code: Select all
<?php
if($_COOKIE['logedin'] == 'yes' || $_SESSION['logedin'] == 'yes') {
?>Code: Select all
<?php
if(!empty($_COOKIE['logedin']) || !empty($_SESSION['logedin'])) {
?>
Last edited by John Cartwright on Sun Nov 21, 2004 10:42 am, edited 1 time in total.
-
richcoleuk
- Forum Newbie
- Posts: 24
- Joined: Fri Nov 05, 2004 1:33 pm
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
I updated my post a few times, double check you've made all the changes. Also reguarding register_globals being ON, you do NOT turn it on as recommend by PHP developers. Can you please provide us as "what is not working", any errors? anyting being ouputteD?
can you please insert this into your page at the bottom and give us the results
edit -- I owuld like to add that your password box should be set to PASSWORD type instead of text unless you want to send your passwords in plain text 
can you please insert this into your page at the bottom and give us the results
Code: Select all
<?php
echo '<pre>';
print_r($_POST);
print_r($_SESSION);
echo '</pre>';
?>-
richcoleuk
- Forum Newbie
- Posts: 24
- Joined: Fri Nov 05, 2004 1:33 pm
-
richcoleuk
- Forum Newbie
- Posts: 24
- Joined: Fri Nov 05, 2004 1:33 pm
okay made the changes:
[/b]
and the php:
[/b]
Code: Select all
[/b]
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-strict.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title> Online Employment Agency v1.65 </title>
<meta name="Generator" content="EditPlus"/>
<meta name="Author" content="Richard Cole, richcoleuk@hotmail.com"/>
<meta name="Keywords" content="employment agency, WAT"/>
<meta name="Description" content="Online Employment Agency"/>
<link rel="stylesheet" type="text/css" href="empstyle.css"/>
</head>
<body>
<table class="main">
<tr class="header1">
<th valign="top" class="centre" colspan="6"> </th>
</tr>
<tr class="menu1">
<th width="4%" valign="top" class="centre"> </th>
<th width="23%" valign="top" class="centre"><a href="http://stuweb.cms.gre.ac.uk/~cr202/join.html">Join</th>
<th width="23%" valign="top" class="centre">Log In</th>
<th width="23%" valign="top" class="centre">Contact</th>
<th width="23%" valign="top" class="centre">Log In</th>
<th width="4%" valign="top" class="centre"> </th>
</tr>
<tr class="main1">
<th width="4%" valign="top" class="centre"> </th>
<th width="92%" valign="top" colspan="4">
<form action= "login.php" method="post">
<span id="username_p">Username</span>
<input type="text" name="username" size="25" id="username" />
<span id="password_p">Password</span>
<input type ="text" name="password" size="25" id="password" />
<p id="submit_p"><input type="submit" name="Submit" value="Submit" /></p>
</form>
</th>
<th width="4%" valign="top" class="centre"> </th>
</tr>
<tr class="menu1">
<th width="4%" valign="top" class="centre"> </th>
<th width="23%" valign="top" class="centre">Join</th>
<th width="23%" valign="top" class="centre">Login</th>
<th width="23%" valign="top" class="centre">Contact</th>
<th width="23%" valign="top" class="centre">Log In</th>
<th width="4%" valign="top" class="centre"> </th>
</tr>
</table>
</body>
</html>
[b]and the php:
Code: Select all
ї/b]
<?php
session_start();
// ------------------------ Start Both -----------------------------------------------------
if(!empty($_COOKIEї'logedin']) || !empty($_SESSIONї'logedin'])) {
header("Location: success.html");
exit();
}
// If the form was submited check if the username and password match
if (!empty($_POSTї'username']) && !empty($_POSTї'password'])){
require_once("connect.php");
$username = $_POSTї'username'];
$password = $_POSTї'password'];
$search_user_query = "SELECT * FROM " . TABLE_NAME . " WHERE `" . USER_NAME . "`='$username' AND `" . PASS_NAME . "`='$password'";
$search_user_result = mysql_query($search_user_query) or die(mysql_error());
$search_user_isin = mysql_num_rows($search_user_result) or die(mysql_error());
if($search_user_isin != 0){
// ------------------------ Start Both -----------------------------------------------------
// If username and password is right , store the session in a cookie
setcookie ('logedin', 'John',time()+30000); // Set the length of the cookie to 30000
//Create the Session id's (as many as you want, can also do the same with cookied)
$_SESSIONї'logedin'] = 'John';
@mysql_close();
// Redirect to the page
header("Location: success.html");
exit();
} else {
$error = 'Password and/or Username Not Valid, Please Try Again!';
@mysql_close();
}
}
?>
їb]
Last edited by richcoleuk on Sun Nov 21, 2004 11:01 am, edited 1 time in total.
-
richcoleuk
- Forum Newbie
- Posts: 24
- Joined: Fri Nov 05, 2004 1:33 pm
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
USE
Code: Select all
orCode: Select all
TAGS [/size][/color]
im not looking into your code any more until you add the tags-
richcoleuk
- Forum Newbie
- Posts: 24
- Joined: Fri Nov 05, 2004 1:33 pm
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
I forgot to ask, why is your query like it is, is the TABLE_NAME defined as something?
why not just do
why not just do
Code: Select all
<?php
$search_user_query = "SELECT * FROM `TABLE_NAME` WHERE `USER_NAME`='$username' AND `PASS_NAME`='$password'";
?>-
richcoleuk
- Forum Newbie
- Posts: 24
- Joined: Fri Nov 05, 2004 1:33 pm
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
-
richcoleuk
- Forum Newbie
- Posts: 24
- Joined: Fri Nov 05, 2004 1:33 pm
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
you set $error but you never output itcan you please insert this into your page at the bottom and give us the results
edit -- I owuld like to add that your password box should be set to PASSWORD type instead of text unless you want to send your passwords in plain textCode: Select all
<?php echo '<pre>'; print_r($_POST); print_r($_SESSION); echo '</pre>'; ?>