PHP login help!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
jamiller
Forum Commoner
Posts: 26
Joined: Mon Mar 12, 2007 12:25 pm

PHP login help!

Post by jamiller »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hello all! This is my first post here. Let me also note that I'm very new to PHP but want to learn more because of it's integration with Flash. Anyways, on to my question.

So I'm building a login for my website with Flash. In my sql database I have a table with username, password, and most importantly, for this question, page. This value I'm hoping will allow the user to login and be redirected to this predefined page on my site. So for test purposes my value for "page" on the database is "admin.php."

Here is the portion of my code that redirects:

Code: Select all

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");


$myusername=$_POST['username'];
$mypassword=$_POST['pass'];

$sql="SELECT * FROM $tbl_name WHERE Username='$myusername' and Password='$mypassword'";
$result=mysql_query($sql);


$count=mysql_num_rows($result);

$dbarray = mysql_fetch_array($result);

if($count==1)
{
	session_register("myusername");
	session_register("mypassword");
	if($myusername == "myusername")
	{
		header("location:".$page);
	}
}
else 
{
	header("location:index.php?badlogin=true");
}

***EDIT: Ok, this is the whole thing except for the info to connect to the database***


Right now when I login with the correct credentials I get redirected to "checklogin.php" which is the name of this php page. Any ideas?

Again, I'm new to PHP so if there is any other information you need to help, let me know.

Thanks!


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Last edited by jamiller on Mon Mar 12, 2007 12:50 pm, edited 2 times in total.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

You are going to have to show more code. Specifically where $page is set. Also, stay away from session_register. You should be using the $_SESSION superglobal array to assign session vars.

But show some more code.
User avatar
jamiller
Forum Commoner
Posts: 26
Joined: Mon Mar 12, 2007 12:25 pm

Post by jamiller »

Everah wrote:You are going to have to show more code. Specifically where $page is set. Also, stay away from session_register. You should be using the $_SESSION superglobal array to assign session vars.

But show some more code.
Ok, I edited the post to show all the code. And thanks for the $_SESSION comment. Will do.
Begby
Forum Regular
Posts: 575
Joined: Wed Dec 13, 2006 10:28 am

Post by Begby »

jamiller wrote: Ok, I edited the post to show all the code.
lies!
User avatar
jamiller
Forum Commoner
Posts: 26
Joined: Mon Mar 12, 2007 12:25 pm

Post by jamiller »

Begby wrote:
jamiller wrote: Ok, I edited the post to show all the code.
lies!
??
Begby
Forum Regular
Posts: 575
Joined: Wed Dec 13, 2006 10:28 am

Post by Begby »

jamiller wrote:
Begby wrote:
jamiller wrote: Ok, I edited the post to show all the code.
lies!
??
You didn't add in the part where you show where $page gets set. :lol:
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Are the following variables defined?
  • $host
  • $username
  • $password
  • $db_name
  • $tbl_name
  • $page
---

Side notes:
  • Quotes around a variable is rarely required.
  • The following may shed some light if replacing your current mysql_query() call.

    Code: Select all

    mysql_query($sql) or die(mysql_error());
  • Your query is susceptible to SQL injection. At minimum, use mysql_real_escape_string() on $myusername and $mypassword.
  • session_register() shouldn't be used as already said
  • header() based redirection should always use a full URL. Currently, you are using relative ones. This is a standards compliance issue.
User avatar
jamiller
Forum Commoner
Posts: 26
Joined: Mon Mar 12, 2007 12:25 pm

Post by jamiller »

feyd wrote:Are the following variables defined?
  • $host
  • $username
  • $password
  • $db_name
  • $tbl_name
  • $page
---

Side notes:
  • Quotes around a variable is rarely required.
  • The following may shed some light if replacing your current mysql_query() call.

    Code: Select all

    mysql_query($sql) or die(mysql_error());
  • Your query is susceptible to SQL injection. At minimum, use mysql_real_escape_string() on $myusername and $mypassword.
  • session_register() shouldn't be used as already said
  • header() based redirection should always use a full URL. Currently, you are using relative ones. This is a standards compliance issue.
Yes those variables are defined. I realized that $page wasn't so I defined it:

Code: Select all

$page = $dbarray['page'];
Still not working tho. Do I have the syntax in the "header" code correct?

Code: Select all

header("location:".$page);
This was all working correctly when I used:

Code: Select all

if($count==1)
{
	session_register("myusername");
	session_register("mypassword");
	if($myusername == "admin")
	{
		header("location:admin.php");
	}
}
else 
{
	header("location:index.php?badlogin=true");
}
I just didn't want to have to enter in every user this way...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

This scripts looks very much like the one in viewtopic.php?t=64851 . Coincidence?
User avatar
jamiller
Forum Commoner
Posts: 26
Joined: Mon Mar 12, 2007 12:25 pm

Post by jamiller »

volka wrote:This scripts looks very much like the one in viewtopic.php?t=64851 . Coincidence?
lol. I got this code from a php login tutorial. It appears to be the exact same tutorial except he has changed the session to $_SESSION, which I have not yet done, but will.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

In any case this tutorial is outdated and does not care about sql injections.
I suggest looking somewhere else when looking for a tutorial.
User avatar
jamiller
Forum Commoner
Posts: 26
Joined: Mon Mar 12, 2007 12:25 pm

Post by jamiller »

volka wrote:In any case this tutorial is outdated and does not care about sql injections.
I suggest looking somewhere else when looking for a tutorial.
Ok. Like I said, I'm very new to PHP. I'm a designer by trade, not a programmer. Got any good links for good tutorials. All PHP looks the same to me at this point. I do want to learn PHP and learn it the right way but I just don't have anything to go on.

Thanks
User avatar
jamiller
Forum Commoner
Posts: 26
Joined: Mon Mar 12, 2007 12:25 pm

Post by jamiller »

So I echoed $page and I am getting the right page value from the database. I am doing something wrong in the redirection I believe.

Code: Select all

header("location:"$page);
I'm almost there I can smell it. I realize this may be outdated code and I will correct this to the best of my ability once I get this working.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

It should be:

Code: Select all

<?php
header('Location: http://www.mysite.com/' . $page);
?>
As per HTTP spec, the redirect header should always be a full URI, as feyd mentioned earlier.
User avatar
jamiller
Forum Commoner
Posts: 26
Joined: Mon Mar 12, 2007 12:25 pm

Post by jamiller »

Everah wrote:It should be:

Code: Select all

<?php
header('Location: http://www.mysite.com/' . $page);
?>
As per HTTP spec, the redirect header should always be a full URI, as feyd mentioned earlier.
I'm guessing this is a lost cause. I've done what you said with the full url and still no luck. I just can't figure out how the echo is returning the correct values but my redirect isn't working.

Thanks anyways
Post Reply