Login script doesnt work... can someone look this over?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

here are some improvements and comments

Code: Select all

<?php

// Don't rely on submit button to be pressed since pressing enter will submit the form
// without the submit button
if(!empty($_POST['username']) && !empty($_POST['password'])){
  $username = $_POST['username'];
  $password = $_POST['password']; 

  // Only connect to db if we need to do a lookup
  mysql_connect ("localhost", "xxx", "xxx") or die ('I cannot connect to the database because: ' . mysql_error());
  mysql_select_db ("xxx");

  // We use mysql_real_escape_string to avoid anything malicious being injected into the query string
  $sql = 'SELECT * FROM `accounts` WHERE `name` = \''.mysql_real_escape_string($username).'\' '.
         'AND `passworddb` = \''.mysql_real_escape_string($password).'\' LIMIT 1';
  $result = mysql_query($sql) or die(mysql_error());
  
  // mysql_num_rows() returns an int, so we check for an int by not using a quote (which parses as a string)
  if (mysql_num_rows($result) == 1) {
     $_SESSION['username'] = $username;
     $_SESSION['loggedin'] = true;
  }
}

?>
Something like that for the first page, and on secure pages where a user is required to be logged in, you can simply do

Code: Select all

if ($_SESSION['loggedin']) {
  // user is logged in show some secure stuff
}
or at the top of a page

Code: Select all

if (!$_SESSION['loggedin']) {
   exit('User is not logged in!');
}
and if $_SESSION['loggedin'] anything below this if statement will not be parsed. It is much safer to have a flag 'loggedin' instead of storing the password in a session.
Citizen
Forum Contributor
Posts: 300
Joined: Wed Jul 20, 2005 10:23 am

Post by Citizen »

Thanks a ton! I'll get to modifying that code now. Also, I need to pull the variable "username" from the session and make changes to the user's row on subsequent pages. How do I do that?

Edit:

Do I need to change anything on this line?

Code: Select all

<?php session_start(); ?>
Citizen
Forum Contributor
Posts: 300
Joined: Wed Jul 20, 2005 10:23 am

Post by Citizen »

I narrowed down my session problem to my framed page:

Any idea why its not continuing the session?

Edit: Figured it out
Last edited by Citizen on Sat Mar 18, 2006 1:53 am, edited 1 time in total.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

How is it framed? Can you describe how the "framed page" is differently framed than your login page?
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Citizen
Forum Contributor
Posts: 300
Joined: Wed Jul 20, 2005 10:23 am

Post by Citizen »

login.php is a seperate page, no frames, and links to start.php once the user logs in

start.php is the above code. The first frame on that page loads source.php, the lower frame loads the website as chosen by the php script run on start.php

http://www.visitshark.com/login.php

UN: test1
PW: test1

If you login and click the link that directs you to start.php, the session doesnt work.

If you login and manually type in http://www.visitshark.com/source.php, the session works.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Have you shown us the relevant code on source.php?

Also, your pages don't load up for me.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Citizen
Forum Contributor
Posts: 300
Joined: Wed Jul 20, 2005 10:23 am

Post by Citizen »

Edit: Figured it out
Last edited by Citizen on Sat Mar 18, 2006 1:53 am, edited 1 time in total.
Citizen
Forum Contributor
Posts: 300
Joined: Wed Jul 20, 2005 10:23 am

Post by Citizen »

Get this.... my script works perfectly in Internet Explorer.

I did a bunch of research on this, and here's what I found:

It seems to be a problem with FireFox and using frames. The sessions ends (aparently) when using a frame. This problem does not exist in IE. I'll look for a solution and I'll post it here if/when I find it. If anyone knows of a solution already, please let me know :)
Post Reply