Page 1 of 1

PHP Login Script Help

Posted: Mon Nov 28, 2005 1:50 pm
by jefferado
Hi

Im wondering if any1 can help me, ive tried everywhere with no luck

Im creating a site that the user can log into and access a members area

This is my login script:

Code: Select all

<?php
session_start();
// dBase file
include "dbConfig.php";

if ($_GET["op"] == "login")
{
if (!$_POST["username"] || !$_POST["password"])
{
die("You need to provide a username and password.");
}

// Create query
$q = "SELECT * FROM `dbUsers` "
."WHERE `username`='".$_POST["username"]."' "
."AND `password`=PASSWORD('".$_POST["password"]."') "
."LIMIT 1";
// Run query
$r = mysql_query($q);

if ( $obj = @mysql_fetch_object($r) )
{
// Login good, create session variables
$_SESSION["valid_id"] = $obj->id;
$_SESSION["valid_user"] = $_POST["username"];
$_SESSION["valid_time"] = time();

// Redirect to member page
Header("Location: members.php");
}
else
{
// Login not successful
die("Sorry, could not log you in. Wrong login information.");
}
}
else
{
//If all went right the Web form appears and users can log in
echo "<form action=\"?op=login\" method=\"POST\">";
echo "Username: <input name=\"username\" size=\"15\"><br />";
echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
echo "<input type=\"submit\" value=\"Login\">";
echo "</form>";
}
?>

If I enter a username and password that I know is correct it returns "You need to provide a username and password." It never takes me to the members page

Im completely stuck and would appreciate any help

Thanks

Burrito: Please use

Code: Select all

tags when [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting PHP Code In The Forums[/url][/size]

Posted: Mon Nov 28, 2005 1:54 pm
by foobar
Please put that in [ php ] tags.

Posted: Mon Nov 28, 2005 2:30 pm
by Burrito
try using the empty() or isset() function to determine if the post vars are set. Also, using the scenario you are, you will need to make sure you're passing along the get param that you have listed in your code (op).

Posted: Mon Nov 28, 2005 3:43 pm
by jefferado
what do u mean by "make sure you're passing along the get param that you have listed in your code (op)"

im very new to php and still trying to get my head round it

thanks

Posted: Mon Nov 28, 2005 3:50 pm
by Burrito
your first condition:

Code: Select all

if ($_GET["op"] == "login")
is checking to see if the "op" parameter in the GET[] array is eqivalent to "login". What I mean is you need to make sure that you're sending GET information with your POST information otherwise that condition will never be met and the rest of your code is pointless.

you can certainly do this (although I wouldn't recommend it) by doing this:

Code: Select all

<form method="post" action="youractionpage.php?op=login">
personally I think it's better practice to just check if a post param exists....

Posted: Mon Nov 28, 2005 4:41 pm
by jefferado
Thanks for your help, ive changed it to my members.php page and it seems to be going there but then its re-directing back to the login page

heres the code for the members page


<?php
ob_start();
session_start();
if (!$_SESSION["valid_user"])
{
// User not logged in, redirect to login page
Header("Location: index.php");
}
// Display Member information
echo "<p>User ID: " . $_SESSION["valid_id"];
echo "<p>Username: " . $_SESSION["valid_user"];
echo "<p>Logged in: " . date("m/d/Y", $_SESSION["valid_time"]);

// Display logout link
echo "<p><a href=\"logout.php\">Click here to logout!</a></p>";
?>


Any ideas?

Posted: Mon Nov 28, 2005 4:44 pm
by Burrito
look at my first response....hint: isset().

and please use php tags when posting code in the forum