Page 1 of 1

Login Help

Posted: Wed Mar 22, 2006 4:59 am
by AndyFielder
Hello all,

I am designing a login system, and am having troubles letting people login. I will post the code below, any questions feel free to ask, hopefully you can see where i am going wrong.

Andy

Code: Select all

<?php

//reset output variables
$pageoutput = "";

$timeout = 1800;

if(isset($_POST['username']) AND isset($_POST['password'])) {
	$user = $_POST['username'];
	$pass = crypt($_POST['password'], 'ln');

	$row = mysql_fetch_assoc(mysql_query("SELECT * FROM bb_users WHERE UserName = '$user'"));

	if($pass == $row['UserPass']) {
		//woo logged in
		$userid = $row['UserID'];
		mysql_query("DELETE FROM bb_sessions WHERE UserID = '$userid'");

		while($countr['thenumber'] = 0){
		
		//make me a session
		$sid = rand();

		$count = mysql_query("SELECT COUNT(*) as thenumber FROM bb_sessions WHERE SessionID = '$sid'");
		$countr = mysql_fetch_array($count);

		mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'"); 
			
		//set session cookie
		setcookie("SID", $sid, time()+$timeout);
		
		$me = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
		header("Refresh: 0; URL = $me");
		
		$errormessage = "Logged in S=".$s."sid=".$sid;

		}
		
	} else {

		$errormessage = "Error: Password or Username invalid";

	}
	
}

$pageoutput.=<<<POUT

Members, login by filling in the form below:<br>
If you are not a member, click <a href="index.php?pid=3">here</a> to sign up.<br><br>
{$errormessage}

<form method="post" action="">

	<table width="100%"  border="0">
		<tr>
			<td width="100">User Name:</td>
			<td><input name="username" size="20" value="{$_POST['username']}" type="text" maxlength="20"></td>
		</tr>
		<tr>
			<td>Password:</td>
			<td><input name="password" size="20" value="" type="password" maxlength="20"></td>
		</tr>
		<tr>
			<td colspan="2"><input type="submit" name="login" value="Login"></td>
		</tr>
	</table>

</form>

POUT;

?>

Posted: Wed Mar 22, 2006 5:24 am
by Bomas
what is the exact problem?
users cannot login? or do you have an error in your script?

what do you want to do with these lines:

Code: Select all

while($countr['thenumber'] = 0){
        
        //make me a session
        $sid = rand();

        $count = mysql_query("SELECT COUNT(*) as thenumber FROM bb_sessions WHERE SessionID = '$sid'");
        $countr = mysql_fetch_array($count);

        mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'"); 
            
        //set session cookie
        setcookie("SID", $sid, time()+$timeout);
        
        $me = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
        header("Refresh: 0; URL = $me");
        
        $errormessage = "Logged in S=".$s."sid=".$sid;

        }
to me it says something like this:
while there's no sessionid like $sid: setcookie and refresh. is this correct?
if it's correct, you shouldn't do it this way, it's kinda bad programming :) . you should place ths $sid in a loop, and AFTER the loop you should insert it into a database and redirect the page
btw: it's never gonna work as you did'nt specify the $countr["thenumber"] BEFORE your while loop. you're now basicly asking:

Code: Select all

while( $varthatisnotspecified == "anydatahere"){ //do something... }
which is impossible

hope it helps a little,
Greetz,
Bomas

Posted: Wed Mar 22, 2006 5:28 am
by s.dot

Code: Select all

mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'");
are you updating or inserting?

Posted: Wed Mar 22, 2006 7:19 am
by AndyFielder
Thanks for the comments, i have been looking at this this for too long, i will revise it and repost for more comments.

Andy

Posted: Wed Mar 22, 2006 7:27 am
by AndyFielder

Code: Select all

if($pass == $row['UserPass']) {
		//woo logged in
		$userid = $row['UserID'];
		mysql_query("DELETE FROM bb_sessions WHERE UserID = '$userid'");
		
			//make me a session
		$sid = rand();
		
		$count = mysql_query("SELECT COUNT(*) as thenumber FROM bb_sessions WHERE SessionID = '$sid'");
		$countr = mysql_fetch_array($count);

		while($countr['thenumber'] = 0){
		
		mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'"); 
			
		//set session cookie
		setcookie("SID", $sid, time()+$timeout);
		
		$me = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
		header("Refresh: 0; URL = $me");
		
		$errormessage = "Logged in S=".$s."sid=".$sid;

		}
I think i need a different type of loop. I need it to do the first bit while the number doesnt = 0, hold up!

Code: Select all

if($pass == $row['UserPass']) {
		//woo logged in
		$userid = $row['UserID'];
		mysql_query("DELETE FROM bb_sessions WHERE UserID = '$userid'");
		
		$countr['thenumber'] = 1;
		
		while($countr['thenumber'] != 0){
			$sid = rand();
			$count = mysql_query("SELECT COUNT(*) as thenumber FROM bb_sessions WHERE SessionID = '$sid'");
			$countr = mysql_fetch_array($count);
		}
		
		mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'"); 
			
		//set session cookie
		setcookie("SID", $sid, time()+$timeout);
		
		$me = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
		header("Refresh: 0; URL = $me");
		
		$errormessage = "Logged in S=".$s."sid=".$sid;
		
	} else {
maby that will work better?!

Posted: Wed Mar 22, 2006 10:12 am
by shiznatix

Code: Select all

mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'");
I did not look at your code but I saw this. a proper insert is like this:

Code: Select all

INSERT INTO bb_sessions (UserID, SessionID) VALUES ('$userid', '$sid')
a proper update is like this

Code: Select all

UPDATE bb_sessions SET UserID = '$userid', SessionID = '$sid' WHERE somthing = '$somthing_else'
what you need to do is put a mysql_error() message after each query, like this

Code: Select all

$query = mysql_query('.....') or die(mysql_error());

Posted: Mon Mar 27, 2006 6:16 am
by Bomas
shiznatix wrote:

Code: Select all

mysql_query("INSERT INTO bb_sessions SET UserID = '$userid', SessionID = '$sid'");
I did not look at your code but I saw this. a proper insert is like this:

Code: Select all

INSERT INTO bb_sessions (UserID, SessionID) VALUES ('$userid', '$sid')
a proper update is like this

Code: Select all

UPDATE bb_sessions SET UserID = '$userid', SessionID = '$sid' WHERE somthing = '$somthing_else'
what you need to do is put a mysql_error() message after each query, like this

Code: Select all

$query = mysql_query('.....') or die(mysql_error());
you can use both ways to insert data into mysql, all my scripts work that way

Greetz,
Bomas