Login Help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
AndyFielder
Forum Newbie
Posts: 5
Joined: Wed Mar 22, 2006 4:55 am

Login Help

Post by AndyFielder »

Hello all,

I am designing a login system, and am having troubles letting people login. I will post the code below, any questions feel free to ask, hopefully you can see where i am going wrong.

Andy

Code: Select all

<?php

//reset output variables
$pageoutput = "";

$timeout = 1800;

if(isset($_POST['username']) AND isset($_POST['password'])) {
	$user = $_POST['username'];
	$pass = crypt($_POST['password'], 'ln');

	$row = mysql_fetch_assoc(mysql_query("SELECT * FROM bb_users WHERE UserName = '$user'"));

	if($pass == $row['UserPass']) {
		//woo logged in
		$userid = $row['UserID'];
		mysql_query("DELETE FROM bb_sessions WHERE UserID = '$userid'");

		while($countr['thenumber'] = 0){
		
		//make me a session
		$sid = rand();

		$count = mysql_query("SELECT COUNT(*) as thenumber FROM bb_sessions WHERE SessionID = '$sid'");
		$countr = mysql_fetch_array($count);

		mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'"); 
			
		//set session cookie
		setcookie("SID", $sid, time()+$timeout);
		
		$me = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
		header("Refresh: 0; URL = $me");
		
		$errormessage = "Logged in S=".$s."sid=".$sid;

		}
		
	} else {

		$errormessage = "Error: Password or Username invalid";

	}
	
}

$pageoutput.=<<<POUT

Members, login by filling in the form below:<br>
If you are not a member, click <a href="index.php?pid=3">here</a> to sign up.<br><br>
{$errormessage}

<form method="post" action="">

	<table width="100%"  border="0">
		<tr>
			<td width="100">User Name:</td>
			<td><input name="username" size="20" value="{$_POST['username']}" type="text" maxlength="20"></td>
		</tr>
		<tr>
			<td>Password:</td>
			<td><input name="password" size="20" value="" type="password" maxlength="20"></td>
		</tr>
		<tr>
			<td colspan="2"><input type="submit" name="login" value="Login"></td>
		</tr>
	</table>

</form>

POUT;

?>
User avatar
Bomas
Forum Newbie
Posts: 24
Joined: Sun Oct 17, 2004 2:41 am
Location: Heverlee, Belgium

Post by Bomas »

what is the exact problem?
users cannot login? or do you have an error in your script?

what do you want to do with these lines:

Code: Select all

while($countr['thenumber'] = 0){
        
        //make me a session
        $sid = rand();

        $count = mysql_query("SELECT COUNT(*) as thenumber FROM bb_sessions WHERE SessionID = '$sid'");
        $countr = mysql_fetch_array($count);

        mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'"); 
            
        //set session cookie
        setcookie("SID", $sid, time()+$timeout);
        
        $me = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
        header("Refresh: 0; URL = $me");
        
        $errormessage = "Logged in S=".$s."sid=".$sid;

        }
to me it says something like this:
while there's no sessionid like $sid: setcookie and refresh. is this correct?
if it's correct, you shouldn't do it this way, it's kinda bad programming :) . you should place ths $sid in a loop, and AFTER the loop you should insert it into a database and redirect the page
btw: it's never gonna work as you did'nt specify the $countr["thenumber"] BEFORE your while loop. you're now basicly asking:

Code: Select all

while( $varthatisnotspecified == "anydatahere"){ //do something... }
which is impossible

hope it helps a little,
Greetz,
Bomas
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Code: Select all

mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'");
are you updating or inserting?
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
AndyFielder
Forum Newbie
Posts: 5
Joined: Wed Mar 22, 2006 4:55 am

Post by AndyFielder »

Thanks for the comments, i have been looking at this this for too long, i will revise it and repost for more comments.

Andy
AndyFielder
Forum Newbie
Posts: 5
Joined: Wed Mar 22, 2006 4:55 am

Post by AndyFielder »

Code: Select all

if($pass == $row['UserPass']) {
		//woo logged in
		$userid = $row['UserID'];
		mysql_query("DELETE FROM bb_sessions WHERE UserID = '$userid'");
		
			//make me a session
		$sid = rand();
		
		$count = mysql_query("SELECT COUNT(*) as thenumber FROM bb_sessions WHERE SessionID = '$sid'");
		$countr = mysql_fetch_array($count);

		while($countr['thenumber'] = 0){
		
		mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'"); 
			
		//set session cookie
		setcookie("SID", $sid, time()+$timeout);
		
		$me = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
		header("Refresh: 0; URL = $me");
		
		$errormessage = "Logged in S=".$s."sid=".$sid;

		}
I think i need a different type of loop. I need it to do the first bit while the number doesnt = 0, hold up!

Code: Select all

if($pass == $row['UserPass']) {
		//woo logged in
		$userid = $row['UserID'];
		mysql_query("DELETE FROM bb_sessions WHERE UserID = '$userid'");
		
		$countr['thenumber'] = 1;
		
		while($countr['thenumber'] != 0){
			$sid = rand();
			$count = mysql_query("SELECT COUNT(*) as thenumber FROM bb_sessions WHERE SessionID = '$sid'");
			$countr = mysql_fetch_array($count);
		}
		
		mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'"); 
			
		//set session cookie
		setcookie("SID", $sid, time()+$timeout);
		
		$me = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
		header("Refresh: 0; URL = $me");
		
		$errormessage = "Logged in S=".$s."sid=".$sid;
		
	} else {
maby that will work better?!
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

Code: Select all

mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'");
I did not look at your code but I saw this. a proper insert is like this:

Code: Select all

INSERT INTO bb_sessions (UserID, SessionID) VALUES ('$userid', '$sid')
a proper update is like this

Code: Select all

UPDATE bb_sessions SET UserID = '$userid', SessionID = '$sid' WHERE somthing = '$somthing_else'
what you need to do is put a mysql_error() message after each query, like this

Code: Select all

$query = mysql_query('.....') or die(mysql_error());
User avatar
Bomas
Forum Newbie
Posts: 24
Joined: Sun Oct 17, 2004 2:41 am
Location: Heverlee, Belgium

Post by Bomas »

shiznatix wrote:

Code: Select all

mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'");
I did not look at your code but I saw this. a proper insert is like this:

Code: Select all

INSERT INTO bb_sessions (UserID, SessionID) VALUES ('$userid', '$sid')
a proper update is like this

Code: Select all

UPDATE bb_sessions SET UserID = '$userid', SessionID = '$sid' WHERE somthing = '$somthing_else'
what you need to do is put a mysql_error() message after each query, like this

Code: Select all

$query = mysql_query('.....') or die(mysql_error());
you can use both ways to insert data into mysql, all my scripts work that way

Greetz,
Bomas
Post Reply