need help with this php login form

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
dmkap
Forum Newbie
Posts: 5
Joined: Fri Jan 14, 2005 4:02 pm

need help with this php login form

Post by dmkap »

this is what i have..

----------
form.php
----------

Code: Select all

<form method="post" name="login" action="process.php">
<p> Username : 
<input type="text" name="username" />
</p>
<p>Password : <input type="password" name="password" /></p>
<p><input type="submit" name="submit" value="Submit" /></p>
</form>
<?php
if (isset($_GET&#1111;'error'])) &#123;
echo 'Invalid login data supplied. Please try again.';
&#125;
?>
----------
process.php
----------

Code: Select all

<?php
session_start();

$dbHost = "not telling";
$dbUser = "not telling";
$dbPass = "not telling";
$dbname = "not telling";

$username = $_POST&#1111;'username'];
$password = $_POST&#1111;'password'];

$db = mysql_connect($dbHost,$dbUser,$dbPass);
mysql_select_db($dbname,$db);

$query = "SELECT * FROM login WHERE user = '$username' AND pass = '$password'";
$results = mysql_query($query, $db);
if(mysql_num_rows($results)) &#123;
  $_SESSION&#1111;'loggedin'] = 1;
  header('Location: http://kurbot.com/login/admin.php');
  exit();
&#125; else &#123;
  header('Location: http://kurbot.com/login/form.php?error=1');
  exit();
&#125; 
?>
----------
admin.php
----------

Code: Select all

<?php
session_start();

if(!isset($_SESSION&#1111;'loggedin'])) &#123;
header('Location: http://kurbot.com/login/form.php?error=1');
exit();
&#125;
?>
Welcome to the admin section. <a href="logout.php">Log out</a>.

----------
logout.php
----------

Code: Select all

<?php
session_start();
session_unset();
session_destroy();
header('Location: http://kurbot.com/login/form.php');
exit();
?>
-------

this section seems to be the problem
under the admin.php

Code: Select all

<?php
session_start();

if(!isset($_SESSION&#1111;'loggedin'])) &#123;
header('Location: http://kurbot.com/login/form.php?error=1');
exit();
&#125;
?>
Welcome to the admin section. <a href="logout.php">Log out</a>.
i found out that all the files work besides this one..

if i remove the "!" before isset everything works fine.. however i can directly type in http://www.kurbot.com/login/admin.php.. it doesnt verify a session/user

but when i put this

Code: Select all

if(!isset($_SESSION&#1111;'loggedin'])) &#123;
header('Location: http://kurbot.com/login/form.php?error=1');
exit();
&#125;
back in it just keeps redireccting me to the login page saying i provided a false username / password..

please help


feyd | please use some formatting.
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

Code: Select all

$anything = mysql_num_rows($results) ;

if ($anything > 0)&#123;
   //activate session
&#125;else&#123;
header("location: bad username/password .php");
&#125;
i dont think ur session is being properly started. i could be wrong of couse but try that anyway
Last edited by shiznatix on Fri Jan 14, 2005 4:29 pm, edited 1 time in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

so when you attempt to login through form.php with the correct user and password, you are redirected to admin.php correct? Admin.php then redirects you back to form.php with the error statement?

Do you have a live version of this we can look at?
dmkap
Forum Newbie
Posts: 5
Joined: Fri Jan 14, 2005 4:02 pm

yea

Post by dmkap »

yea i have an example site.. http://kurbot.com/login/form.php

i just cant get it to go to the admins page and when i re code it to go there it doesnt check usernames/passwords..


feyd | fixed url
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

can we get a username/password to use to try it?
dmkap
Forum Newbie
Posts: 5
Joined: Fri Jan 14, 2005 4:02 pm

yes

Post by dmkap »

username = test
password = test
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

out of curiosity, how is `pass` stored in the table?
dmkap
Forum Newbie
Posts: 5
Joined: Fri Jan 14, 2005 4:02 pm

Post by dmkap »

Field Type Null Default Extra Action
ID int(11) No auto_increment
user varchar(30) Yes
pass varchar(30) Yes
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

and you're sure that the query you are using returns a row? have you echo'd out the query? maybe you are failing the query, try augmenting the query call like so:

Code: Select all

$results = mysql_query($query, $db) or die(mysql_error());
dmkap
Forum Newbie
Posts: 5
Joined: Fri Jan 14, 2005 4:02 pm

Post by dmkap »

if you read up at the top, you can see the exact codeing im using
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I asked if you have tried those. Not that you are doing them now... clearly you aren't doing any of those as of the code posting.
squatchimo
Forum Commoner
Posts: 28
Joined: Thu Feb 03, 2005 3:36 pm

Post by squatchimo »

Was this ever resolved? I'm having a similar problem and would be interested in the solution.
Post Reply