Page 1 of 1

non-responsive user login script

Posted: Mon Jun 11, 2007 6:08 pm
by suthie
I have been working on a user login system for the past couple days, and my login script was working, but suddenly it is not and i can't find the problem. does anyone see any obvious errors?

Code: Select all

<?php
ob_start();
include 'error.php';
include 'dbconnect_silent.php';

$username = $_POST["username"];
$password = $_POST["password"];

$result = MYSQL_QUERY("SELECT * from userdata WHERE username='$username'and password='$password'")
   or die ("Name and password not found or not matched");

$worked = mysql_fetch_array($result);

$username = $worked[username];
$password = $worked[password];
$email = $worked[email];

if($worked){
    echo "login successful. now redirecting $user ... please wait";
    session_start();
    $_SESSION['user'] = $username;
    $_SESSION['areyouin'] = true;
    header( 'Location: http://penguinflash.justfree.com/home.php');
}
else{
   error('No match found. Password is incorrect or user does not exist.\\n'.
             'Please try again.')
}

ob_flush();
?>
it is literally a blank screen when i run this

Posted: Mon Jun 11, 2007 6:12 pm
by TreyAU21
Throw an array print function call after the mysql_fetch_array() call and see if you get anything.

Code: Select all

print_r($worked);

Posted: Mon Jun 11, 2007 6:14 pm
by suthie
it is still a blank screen...

Posted: Mon Jun 11, 2007 6:21 pm
by Benjamin
For starters, turn on error reporting so you can at least see the errors in your code.

error is probably an undefined function which would cause a fatal error and in the following code, the syntax is invalid..

Code: Select all


$username = $worked[username];
$password = $worked[password];
$email = $worked[email];

Posted: Mon Jun 11, 2007 6:28 pm
by bdlang
suthie wrote:I have been working on a user login system for the past couple days, and my login script was working, but suddenly it is not and i can't find the problem.
A description of the problem would be nice (I do see in your followup post that you mention a 'blank screen'). What does "not working" mean. What changed from the last time it worked until now?


General observations:
  • session_start() should be the first line in the script.
  • You should call ob_end_flush() immediately after the call to header().
  • You don't bother to escape your POST data.
  • Unless it's a typo or just looks odd, your SQL statement has 'username'and shoved together.
  • Your logic as to whether or not the SQL statement worked is a bit flawed. You should use ( mysql_num_rows() == 1 ) to verify that the user validation is correct and exactly 1 user record was returned.
You may have display_errors turned off, try changing your script to display all errors, e.g.

Code: Select all

<?php
error_reporting(E_ALL);
ini_set('display_errors',1);

session_start();
ob_start();
include('error.php');
...

Posted: Mon Jun 11, 2007 6:29 pm
by suthie
error is defined in the included file errors.php

what is wrong with the syntax?

i turned error reporting on and i am still getting a blank screen

Posted: Mon Jun 11, 2007 6:35 pm
by Benjamin
errors.php or error.php?

Your associative array index keys need to be encapsulated in single or double quotes.

Posted: Mon Jun 11, 2007 6:47 pm
by suthie
my bad typo

it is in error.php

found the problem: I was missing one semicolon late in the script. this script works:

Code: Select all

<?php

error_reporting(E_ALL);
ini_set('display_errors',1);

ob_start();
include 'error.php';
include 'dbconnect_silent.php';

$username = $_POST["username"];
$password = $_POST["password"];

$result = MYSQL_QUERY("SELECT * from userdata WHERE username='$username'and password='$password'")
   or die ("Name and password not found or not matched");

$worked = mysql_fetch_array($result);

$username = $worked['username'];
$password = $worked['password'];
$email = $worked['email'];

if($worked){
    echo "login successful. now redirecting $user ... please wait";
    session_start();
    $_SESSION['user'] = $username;
    $_SESSION['areyouin'] = true;
    header( 'Location: http://penguinflash.justfree.com/home.php');
}
else{
   error('No match found. Password is incorrect or user does not exist.\\n'.
             'Please try again.');
}

ob_flush();
?>

Posted: Mon Jun 11, 2007 6:53 pm
by Benjamin
MYSQL_QUERY should be mysql_query() even though it might work the other way.

As bdlang said, session_start() should be the first line in the script. (Actually second, <?php should be on line 1 )

I don't see any fatal or parse errors in the code you posted, so you may have a problem in one of the files you are including.

Why not install PHP/Apache and MySQL on your own PC so you can debug it? Evidently display_errors is turned off in the php.ini file.

How do you plan on debugging code that way?