Page 1 of 1

need help with this php login form

Posted: Fri Jan 14, 2005 4:05 pm
by dmkap
this is what i have..

----------
form.php
----------

Code: Select all

<form method="post" name="login" action="process.php">
<p> Username : 
<input type="text" name="username" />
</p>
<p>Password : <input type="password" name="password" /></p>
<p><input type="submit" name="submit" value="Submit" /></p>
</form>
<?php
if (isset($_GET&#1111;'error'])) &#123;
echo 'Invalid login data supplied. Please try again.';
&#125;
?>
----------
process.php
----------

Code: Select all

<?php
session_start();

$dbHost = "not telling";
$dbUser = "not telling";
$dbPass = "not telling";
$dbname = "not telling";

$username = $_POST&#1111;'username'];
$password = $_POST&#1111;'password'];

$db = mysql_connect($dbHost,$dbUser,$dbPass);
mysql_select_db($dbname,$db);

$query = "SELECT * FROM login WHERE user = '$username' AND pass = '$password'";
$results = mysql_query($query, $db);
if(mysql_num_rows($results)) &#123;
  $_SESSION&#1111;'loggedin'] = 1;
  header('Location: http://kurbot.com/login/admin.php');
  exit();
&#125; else &#123;
  header('Location: http://kurbot.com/login/form.php?error=1');
  exit();
&#125; 
?>
----------
admin.php
----------

Code: Select all

<?php
session_start();

if(!isset($_SESSION&#1111;'loggedin'])) &#123;
header('Location: http://kurbot.com/login/form.php?error=1');
exit();
&#125;
?>
Welcome to the admin section. <a href="logout.php">Log out</a>.

----------
logout.php
----------

Code: Select all

<?php
session_start();
session_unset();
session_destroy();
header('Location: http://kurbot.com/login/form.php');
exit();
?>
-------

this section seems to be the problem
under the admin.php

Code: Select all

<?php
session_start();

if(!isset($_SESSION&#1111;'loggedin'])) &#123;
header('Location: http://kurbot.com/login/form.php?error=1');
exit();
&#125;
?>
Welcome to the admin section. <a href="logout.php">Log out</a>.
i found out that all the files work besides this one..

if i remove the "!" before isset everything works fine.. however i can directly type in http://www.kurbot.com/login/admin.php.. it doesnt verify a session/user

but when i put this

Code: Select all

if(!isset($_SESSION&#1111;'loggedin'])) &#123;
header('Location: http://kurbot.com/login/form.php?error=1');
exit();
&#125;
back in it just keeps redireccting me to the login page saying i provided a false username / password..

please help


feyd | please use some formatting.

Posted: Fri Jan 14, 2005 4:26 pm
by shiznatix

Code: Select all

$anything = mysql_num_rows($results) ;

if ($anything > 0)&#123;
   //activate session
&#125;else&#123;
header("location: bad username/password .php");
&#125;
i dont think ur session is being properly started. i could be wrong of couse but try that anyway

Posted: Fri Jan 14, 2005 4:26 pm
by feyd
so when you attempt to login through form.php with the correct user and password, you are redirected to admin.php correct? Admin.php then redirects you back to form.php with the error statement?

Do you have a live version of this we can look at?

yea

Posted: Sat Jan 15, 2005 1:00 pm
by dmkap
yea i have an example site.. http://kurbot.com/login/form.php

i just cant get it to go to the admins page and when i re code it to go there it doesnt check usernames/passwords..


feyd | fixed url

Posted: Sat Jan 15, 2005 1:20 pm
by feyd
can we get a username/password to use to try it?

yes

Posted: Sat Jan 15, 2005 1:22 pm
by dmkap
username = test
password = test

Posted: Sat Jan 15, 2005 1:36 pm
by feyd
out of curiosity, how is `pass` stored in the table?

Posted: Sat Jan 15, 2005 1:43 pm
by dmkap
Field Type Null Default Extra Action
ID int(11) No auto_increment
user varchar(30) Yes
pass varchar(30) Yes

Posted: Sat Jan 15, 2005 1:47 pm
by feyd
and you're sure that the query you are using returns a row? have you echo'd out the query? maybe you are failing the query, try augmenting the query call like so:

Code: Select all

$results = mysql_query($query, $db) or die(mysql_error());

Posted: Sat Jan 15, 2005 5:14 pm
by dmkap
if you read up at the top, you can see the exact codeing im using

Posted: Sat Jan 15, 2005 5:21 pm
by feyd
I asked if you have tried those. Not that you are doing them now... clearly you aren't doing any of those as of the code posting.

Posted: Thu Feb 10, 2005 3:33 pm
by squatchimo
Was this ever resolved? I'm having a similar problem and would be interested in the solution.