Can you spot the mistake?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

richcoleuk
Forum Newbie
Posts: 24
Joined: Fri Nov 05, 2004 1:33 pm

Can you spot the mistake?

Post by richcoleuk »

Hello, i am writing a login page. The login.html provides the user with the username and password login boxes which they enter there details. This then calls the login.php script which verifies this from a database. I cant seem to get it to work. Any ideas?

Code for html form:

<form action= "login.php" method="post">

<span id="username_p">Username</span>
<input type="text" name="last" size="25" id="username" />

<span id="password_p">Password</span>
<input type ="text" name="email" size="25" id="password" />

<p id="submit_p"><input type="submit" name="Submit" value="Submit" /></p>

</form>

and code for login.php:

<?php

session_start();
// ------------------------ Start Both -----------------------------------------------------
if($_COOKIE['logedin'] == 'yes' || $_SESSION['logedin'] == 'yes') {
header("Location: success.html");
exit();
}

// If the form was submited check if the username and password match
if($_POST['Submit']){

require_once("connect.php");
$username = $_POST['username'];
$password = $_POST['password'];
$search_user_query = "SELECT * FROM " . TABLE_NAME . " WHERE `" . USER_NAME . "`='$username' AND `" . PASS_NAME . "`='$password'";
$search_user_result = @mysql_query($search_user_query);
$search_user_isin = @mysql_num_rows($search_user_result);


if($search_user_isin != 0){

// ------------------------ Start Both -----------------------------------------------------
// If username and password is right , store the session in a cookie
setcookie ('logedin', 'John',time()+30000); // Set the length of the cookie to 30000
//Create the Session id's (as many as you want, can also do the same with cookied)
$_SESSION['logedin'] = 'John';
@mysql_close();
// Redirect to the page
header("Location: success.html");
exit();
} else {
$error = 'Password and/or Username Not Valid, Please Try Again!';
@mysql_close();
}
}
?>
User avatar
mudkicker
Forum Contributor
Posts: 479
Joined: Wed Jul 09, 2003 6:11 pm
Location: Istanbul, TR
Contact:

Post by mudkicker »

$username = $_POST['username'];
$password = $_POST['password'];

these should be

$username = $_POST['last'];
$password = $_POST['email'];
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Your code requires register globals to be ON. By default it is OFF.

change

Code: Select all

<?php
if($_POST['Submit']){ 
?>
to

Code: Select all

<?php
if (!empty($_POST['username']) && !empty($_POST['password']))
?>
also change

Code: Select all

&lt;span id="username_p"&gt;Username&lt;/span&gt; 
&lt;input type="text" name="last" size="25" id="username" /&gt; 

&lt;span id="password_p"&gt;Password&lt;/span&gt; 
&lt;input type ="text" name="email" size="25" id="password" /&gt;
to

Code: Select all

&lt;span id="username_p"&gt;Username&lt;/span&gt; 
&lt;input type="text" name="username" size="25" id="username" /&gt; 

&lt;span id="password_p"&gt;Password&lt;/span&gt; 
&lt;input type ="text" name="password" size="25" id="password" /&gt;
and i recommend changing

Code: Select all

<?php
$search_user_result = @mysql_query($search_user_query); 
$search_user_isin = @mysql_num_rows($search_user_result); 
?>
to

Code: Select all

<?php
$search_user_result = mysql_query($search_user_query) or die(mysql)error()); 
$search_user_isin = mysql_num_rows($search_user_result) or die(mysql_error()); 
?>
to catch any errors mysql spits out

also your are checking to see if the session variable is set to YES, but it never will === YES therefor you should change

Code: Select all

<?php
if($_COOKIE['logedin'] == 'yes' || $_SESSION['logedin'] == 'yes') { 

?>
to

Code: Select all

<?php
if(!empty($_COOKIE['logedin']) || !empty($_SESSION['logedin'])) { 


?>
Last edited by John Cartwright on Sun Nov 21, 2004 10:42 am, edited 1 time in total.
richcoleuk
Forum Newbie
Posts: 24
Joined: Fri Nov 05, 2004 1:33 pm

Post by richcoleuk »

ive made the changes but still no joy, How to i turn the global variable on?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

I updated my post a few times, double check you've made all the changes. Also reguarding register_globals being ON, you do NOT turn it on as recommend by PHP developers. Can you please provide us as "what is not working", any errors? anyting being ouputteD?

can you please insert this into your page at the bottom and give us the results

Code: Select all

<?php

echo '<pre>';
print_r($_POST);
print_r($_SESSION);
echo '</pre>';
?>
edit -- I owuld like to add that your password box should be set to PASSWORD type instead of text unless you want to send your passwords in plain text :!:
richcoleuk
Forum Newbie
Posts: 24
Joined: Fri Nov 05, 2004 1:33 pm

Post by richcoleuk »

thats the weird thing, nothing is outputted? Let me make the changes then gat back to you.
richcoleuk
Forum Newbie
Posts: 24
Joined: Fri Nov 05, 2004 1:33 pm

Post by richcoleuk »

okay made the changes:

Code: Select all

[/b]
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-strict.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

<title> Online Employment Agency v1.65 </title>
   <meta name="Generator" content="EditPlus"/>
   <meta name="Author" content="Richard Cole, richcoleuk@hotmail.com"/>
   <meta name="Keywords" content="employment agency, WAT"/>
   <meta name="Description" content="Online Employment Agency"/>
   <link rel="stylesheet" type="text/css" href="empstyle.css"/>
</head>

<body>
  <table class="main">
    <tr class="header1"> 
      <th valign="top" class="centre" colspan="6">&nbsp;</th>
    </tr>
    <tr class="menu1"> 
      <th width="4%" valign="top" class="centre">&nbsp;</th>
      <th width="23%" valign="top" class="centre"><a href="http://stuweb.cms.gre.ac.uk/~cr202/join.html">Join</th>
      <th width="23%" valign="top" class="centre">Log In</th>
      <th width="23%" valign="top" class="centre">Contact</th>
	  <th width="23%" valign="top" class="centre">Log In</th>
      <th width="4%" valign="top" class="centre">&nbsp;</th>
    </tr>
    <tr class="main1">
	  <th width="4%" valign="top" class="centre">&nbsp;</th>
      <th width="92%" valign="top" colspan="4">
		<form action= "login.php" method="post">
					
			<span id="username_p">Username</span>
			<input type="text" name="username" size="25" id="username" />
			
			<span id="password_p">Password</span>
			<input type ="text" name="password" size="25" id="password" />

			<p id="submit_p"><input type="submit" name="Submit" value="Submit" /></p>
						
		</form>
	  </th>
      <th width="4%" valign="top" class="centre">&nbsp;</th>
    </tr>
    <tr class="menu1"> 
      <th width="4%" valign="top" class="centre">&nbsp;</th>
      <th width="23%" valign="top" class="centre">Join</th>
      <th width="23%" valign="top" class="centre">Login</th>
      <th width="23%" valign="top" class="centre">Contact</th>
	  <th width="23%" valign="top" class="centre">Log In</th>
      <th width="4%" valign="top" class="centre">&nbsp;</th>
    </tr>
  </table>
</body>
</html>

[b]
[/b]



and the php:


Code: Select all

&#1111;/b]

&lt;?php

session_start();
// ------------------------ Start Both -----------------------------------------------------
if(!empty($_COOKIE&#1111;'logedin']) || !empty($_SESSION&#1111;'logedin'])) { 
	header("Location: success.html");
	exit();
}

// If the form was submited check if the username and password match
if (!empty($_POST&#1111;'username']) &amp;&amp; !empty($_POST&#1111;'password'])){

	require_once("connect.php");
	$username = $_POST&#1111;'username'];
	$password = $_POST&#1111;'password'];
	$search_user_query = "SELECT * FROM " . TABLE_NAME . " WHERE `" . USER_NAME . "`='$username' AND `" . PASS_NAME . "`='$password'";
	
	$search_user_result = mysql_query($search_user_query) or die(mysql_error());
	$search_user_isin = mysql_num_rows($search_user_result) or die(mysql_error());

	

	if($search_user_isin != 0){
	
// ------------------------ Start Both -----------------------------------------------------
		// If username and password is right , store the session in a cookie
		setcookie ('logedin', 'John',time()+30000); // Set the length of the cookie to 30000
		//Create the Session id's (as many as you want, can also do the same with cookied)
		$_SESSION&#1111;'logedin'] = 'John';
		@mysql_close();
		// Redirect to the page
		header("Location: success.html");
		exit();
	} else {
		$error = 'Password and/or Username Not Valid, Please Try Again!';
		@mysql_close();
	}
}
?&gt;
&#1111;b]
[/b]
Last edited by richcoleuk on Sun Nov 21, 2004 11:01 am, edited 1 time in total.
richcoleuk
Forum Newbie
Posts: 24
Joined: Fri Nov 05, 2004 1:33 pm

Post by richcoleuk »

still wont work?

the original code i used had the php and the html in the same file but i changed this to make them seperate. Would this stop it from working?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

USE

Code: Select all

or

Code: Select all

TAGS [/size][/color]

im not looking into your code any more until you add the tags
richcoleuk
Forum Newbie
Posts: 24
Joined: Fri Nov 05, 2004 1:33 pm

Post by richcoleuk »

sorry didn't realise thats how your supposed to do it. Have edited the code above.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

I forgot to ask, why is your query like it is, is the TABLE_NAME defined as something?

why not just do

Code: Select all

<?php

 $search_user_query = "SELECT * FROM `TABLE_NAME` WHERE `USER_NAME`='$username' AND `PASS_NAME`='$password'"; 
?>
richcoleuk
Forum Newbie
Posts: 24
Joined: Fri Nov 05, 2004 1:33 pm

Post by richcoleuk »

because i have a seperate connect.php which contains all my login details for the db (username etc)
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

are you outputted the error anywhere? And also please refer to a few posts back where I asked for you to provide some information
richcoleuk
Forum Newbie
Posts: 24
Joined: Fri Nov 05, 2004 1:33 pm

Post by richcoleuk »

what do you mean by 'outputted the error'?

The table name is defined in the connect.php file
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

can you please insert this into your page at the bottom and give us the results

Code: Select all

<?php

echo '<pre>';
print_r($_POST);
print_r($_SESSION);
echo '</pre>';
?>
edit -- I owuld like to add that your password box should be set to PASSWORD type instead of text unless you want to send your passwords in plain text :!:
you set $error but you never output it
Post Reply