Page 1 of 2
Can you spot the mistake?
Posted: Sun Nov 21, 2004 10:22 am
by richcoleuk
Hello, i am writing a login page. The login.html provides the user with the username and password login boxes which they enter there details. This then calls the login.php script which verifies this from a database. I cant seem to get it to work. Any ideas?
Code for html form:
<form action= "login.php" method="post">
<span id="username_p">Username</span>
<input type="text" name="last" size="25" id="username" />
<span id="password_p">Password</span>
<input type ="text" name="email" size="25" id="password" />
<p id="submit_p"><input type="submit" name="Submit" value="Submit" /></p>
</form>
and code for login.php:
<?php
session_start();
// ------------------------ Start Both -----------------------------------------------------
if($_COOKIE['logedin'] == 'yes' || $_SESSION['logedin'] == 'yes') {
header("Location: success.html");
exit();
}
// If the form was submited check if the username and password match
if($_POST['Submit']){
require_once("connect.php");
$username = $_POST['username'];
$password = $_POST['password'];
$search_user_query = "SELECT * FROM " . TABLE_NAME . " WHERE `" . USER_NAME . "`='$username' AND `" . PASS_NAME . "`='$password'";
$search_user_result = @mysql_query($search_user_query);
$search_user_isin = @mysql_num_rows($search_user_result);
if($search_user_isin != 0){
// ------------------------ Start Both -----------------------------------------------------
// If username and password is right , store the session in a cookie
setcookie ('logedin', 'John',time()+30000); // Set the length of the cookie to 30000
//Create the Session id's (as many as you want, can also do the same with cookied)
$_SESSION['logedin'] = 'John';
@mysql_close();
// Redirect to the page
header("Location: success.html");
exit();
} else {
$error = 'Password and/or Username Not Valid, Please Try Again!';
@mysql_close();
}
}
?>
Posted: Sun Nov 21, 2004 10:32 am
by mudkicker
$username = $_POST['username'];
$password = $_POST['password'];
these should be
$username = $_POST['last'];
$password = $_POST['email'];
Posted: Sun Nov 21, 2004 10:34 am
by John Cartwright
Your code requires register globals to be ON. By default it is OFF.
change
to
Code: Select all
<?php
if (!empty($_POST['username']) && !empty($_POST['password']))
?>
also change
Code: Select all
<span id="username_p">Username</span>
<input type="text" name="last" size="25" id="username" />
<span id="password_p">Password</span>
<input type ="text" name="email" size="25" id="password" />
to
Code: Select all
<span id="username_p">Username</span>
<input type="text" name="username" size="25" id="username" />
<span id="password_p">Password</span>
<input type ="text" name="password" size="25" id="password" />
and i recommend changing
Code: Select all
<?php
$search_user_result = @mysql_query($search_user_query);
$search_user_isin = @mysql_num_rows($search_user_result);
?>
to
Code: Select all
<?php
$search_user_result = mysql_query($search_user_query) or die(mysql)error());
$search_user_isin = mysql_num_rows($search_user_result) or die(mysql_error());
?>
to catch any errors mysql spits out
also your are checking to see if the session variable is set to YES, but it never will === YES therefor you should change
Code: Select all
<?php
if($_COOKIE['logedin'] == 'yes' || $_SESSION['logedin'] == 'yes') {
?>
to
Code: Select all
<?php
if(!empty($_COOKIE['logedin']) || !empty($_SESSION['logedin'])) {
?>
Posted: Sun Nov 21, 2004 10:40 am
by richcoleuk
ive made the changes but still no joy, How to i turn the global variable on?
Posted: Sun Nov 21, 2004 10:45 am
by John Cartwright
I updated my post a few times, double check you've made all the changes. Also reguarding register_globals being ON, you do NOT turn it on as recommend by PHP developers. Can you please provide us as "what is not working", any errors? anyting being ouputteD?
can you please insert this into your page at the bottom and give us the results
Code: Select all
<?php
echo '<pre>';
print_r($_POST);
print_r($_SESSION);
echo '</pre>';
?>
edit -- I owuld like to add that your password box should be set to PASSWORD type instead of text unless you want to send your passwords in plain text

Posted: Sun Nov 21, 2004 10:48 am
by richcoleuk
thats the weird thing, nothing is outputted? Let me make the changes then gat back to you.
Posted: Sun Nov 21, 2004 10:53 am
by richcoleuk
okay made the changes:
Code: Select all
[/b]
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//Dtd XHTML 1.0 Strict//EN" "http://www.w3.org/tr/xhtml1/Dtd/xhtml1-strict.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title> Online Employment Agency v1.65 </title>
<meta name="Generator" content="EditPlus"/>
<meta name="Author" content="Richard Cole, richcoleuk@hotmail.com"/>
<meta name="Keywords" content="employment agency, WAT"/>
<meta name="Description" content="Online Employment Agency"/>
<link rel="stylesheet" type="text/css" href="empstyle.css"/>
</head>
<body>
<table class="main">
<tr class="header1">
<th valign="top" class="centre" colspan="6"> </th>
</tr>
<tr class="menu1">
<th width="4%" valign="top" class="centre"> </th>
<th width="23%" valign="top" class="centre"><a href="http://stuweb.cms.gre.ac.uk/~cr202/join.html">Join</th>
<th width="23%" valign="top" class="centre">Log In</th>
<th width="23%" valign="top" class="centre">Contact</th>
<th width="23%" valign="top" class="centre">Log In</th>
<th width="4%" valign="top" class="centre"> </th>
</tr>
<tr class="main1">
<th width="4%" valign="top" class="centre"> </th>
<th width="92%" valign="top" colspan="4">
<form action= "login.php" method="post">
<span id="username_p">Username</span>
<input type="text" name="username" size="25" id="username" />
<span id="password_p">Password</span>
<input type ="text" name="password" size="25" id="password" />
<p id="submit_p"><input type="submit" name="Submit" value="Submit" /></p>
</form>
</th>
<th width="4%" valign="top" class="centre"> </th>
</tr>
<tr class="menu1">
<th width="4%" valign="top" class="centre"> </th>
<th width="23%" valign="top" class="centre">Join</th>
<th width="23%" valign="top" class="centre">Login</th>
<th width="23%" valign="top" class="centre">Contact</th>
<th width="23%" valign="top" class="centre">Log In</th>
<th width="4%" valign="top" class="centre"> </th>
</tr>
</table>
</body>
</html>
[b]
[/b]
and the php:
Code: Select all
ї/b]
<?php
session_start();
// ------------------------ Start Both -----------------------------------------------------
if(!empty($_COOKIEї'logedin']) || !empty($_SESSIONї'logedin'])) {
header("Location: success.html");
exit();
}
// If the form was submited check if the username and password match
if (!empty($_POSTї'username']) && !empty($_POSTї'password'])){
require_once("connect.php");
$username = $_POSTї'username'];
$password = $_POSTї'password'];
$search_user_query = "SELECT * FROM " . TABLE_NAME . " WHERE `" . USER_NAME . "`='$username' AND `" . PASS_NAME . "`='$password'";
$search_user_result = mysql_query($search_user_query) or die(mysql_error());
$search_user_isin = mysql_num_rows($search_user_result) or die(mysql_error());
if($search_user_isin != 0){
// ------------------------ Start Both -----------------------------------------------------
// If username and password is right , store the session in a cookie
setcookie ('logedin', 'John',time()+30000); // Set the length of the cookie to 30000
//Create the Session id's (as many as you want, can also do the same with cookied)
$_SESSIONї'logedin'] = 'John';
@mysql_close();
// Redirect to the page
header("Location: success.html");
exit();
} else {
$error = 'Password and/or Username Not Valid, Please Try Again!';
@mysql_close();
}
}
?>
їb]
[/b]
Posted: Sun Nov 21, 2004 10:56 am
by richcoleuk
still wont work?
the original code i used had the php and the html in the same file but i changed this to make them seperate. Would this stop it from working?
Posted: Sun Nov 21, 2004 10:57 am
by John Cartwright
USE Code: Select all
TAGS [/size][/color]
im not looking into your code any more until you add the tags
Posted: Sun Nov 21, 2004 11:01 am
by richcoleuk
sorry didn't realise thats how your supposed to do it. Have edited the code above.
Posted: Sun Nov 21, 2004 11:02 am
by John Cartwright
I forgot to ask, why is your query like it is, is the TABLE_NAME defined as something?
why not just do
Code: Select all
<?php
$search_user_query = "SELECT * FROM `TABLE_NAME` WHERE `USER_NAME`='$username' AND `PASS_NAME`='$password'";
?>
Posted: Sun Nov 21, 2004 11:03 am
by richcoleuk
because i have a seperate connect.php which contains all my login details for the db (username etc)
Posted: Sun Nov 21, 2004 11:03 am
by John Cartwright
are you outputted the error anywhere? And also please refer to a few posts back where I asked for you to provide some information
Posted: Sun Nov 21, 2004 11:06 am
by richcoleuk
what do you mean by 'outputted the error'?
The table name is defined in the connect.php file
Posted: Sun Nov 21, 2004 11:07 am
by John Cartwright
can you please insert this into your page at the bottom and give us the results
Code: Select all
<?php
echo '<pre>';
print_r($_POST);
print_r($_SESSION);
echo '</pre>';
?>
edit -- I owuld like to add that your password box should be set to PASSWORD type instead of text unless you want to send your passwords in plain text

you set $error but you never output it