Page 1 of 1
non-responsive user login script
Posted: Mon Jun 11, 2007 6:08 pm
by suthie
I have been working on a user login system for the past couple days, and my login script was working, but suddenly it is not and i can't find the problem. does anyone see any obvious errors?
Code: Select all
<?php
ob_start();
include 'error.php';
include 'dbconnect_silent.php';
$username = $_POST["username"];
$password = $_POST["password"];
$result = MYSQL_QUERY("SELECT * from userdata WHERE username='$username'and password='$password'")
or die ("Name and password not found or not matched");
$worked = mysql_fetch_array($result);
$username = $worked[username];
$password = $worked[password];
$email = $worked[email];
if($worked){
echo "login successful. now redirecting $user ... please wait";
session_start();
$_SESSION['user'] = $username;
$_SESSION['areyouin'] = true;
header( 'Location: http://penguinflash.justfree.com/home.php');
}
else{
error('No match found. Password is incorrect or user does not exist.\\n'.
'Please try again.')
}
ob_flush();
?>
it is literally a blank screen when i run this
Posted: Mon Jun 11, 2007 6:12 pm
by TreyAU21
Throw an array print function call after the mysql_fetch_array() call and see if you get anything.
Posted: Mon Jun 11, 2007 6:14 pm
by suthie
it is still a blank screen...
Posted: Mon Jun 11, 2007 6:21 pm
by Benjamin
For starters, turn on error reporting so you can at least see the errors in your code.
error is probably an undefined function which would cause a fatal error and in the following code, the syntax is invalid..
Code: Select all
$username = $worked[username];
$password = $worked[password];
$email = $worked[email];
Posted: Mon Jun 11, 2007 6:28 pm
by bdlang
suthie wrote:I have been working on a user login system for the past couple days, and my login script was working, but suddenly it is not and i can't find the problem.
A description of the problem would be nice (I do see in your followup post that you mention a 'blank screen'). What does "not working" mean. What changed from the last time it worked until now?
General observations:
- session_start() should be the first line in the script.
- You should call ob_end_flush() immediately after the call to header().
- You don't bother to escape your POST data.
- Unless it's a typo or just looks odd, your SQL statement has 'username'and shoved together.
- Your logic as to whether or not the SQL statement worked is a bit flawed. You should use ( mysql_num_rows() == 1 ) to verify that the user validation is correct and exactly 1 user record was returned.
You may have display_errors turned off, try changing your script to display all errors, e.g.
Code: Select all
<?php
error_reporting(E_ALL);
ini_set('display_errors',1);
session_start();
ob_start();
include('error.php');
...
Posted: Mon Jun 11, 2007 6:29 pm
by suthie
error is defined in the included file errors.php
what is wrong with the syntax?
i turned error reporting on and i am still getting a blank screen
Posted: Mon Jun 11, 2007 6:35 pm
by Benjamin
errors.php or error.php?
Your associative array index keys need to be encapsulated in single or double quotes.
Posted: Mon Jun 11, 2007 6:47 pm
by suthie
my bad typo
it is in error.php
found the problem: I was missing one semicolon late in the script. this script works:
Code: Select all
<?php
error_reporting(E_ALL);
ini_set('display_errors',1);
ob_start();
include 'error.php';
include 'dbconnect_silent.php';
$username = $_POST["username"];
$password = $_POST["password"];
$result = MYSQL_QUERY("SELECT * from userdata WHERE username='$username'and password='$password'")
or die ("Name and password not found or not matched");
$worked = mysql_fetch_array($result);
$username = $worked['username'];
$password = $worked['password'];
$email = $worked['email'];
if($worked){
echo "login successful. now redirecting $user ... please wait";
session_start();
$_SESSION['user'] = $username;
$_SESSION['areyouin'] = true;
header( 'Location: http://penguinflash.justfree.com/home.php');
}
else{
error('No match found. Password is incorrect or user does not exist.\\n'.
'Please try again.');
}
ob_flush();
?>
Posted: Mon Jun 11, 2007 6:53 pm
by Benjamin
MYSQL_QUERY should be mysql_query() even though it might work the other way.
As bdlang said, session_start() should be the first line in the script. (Actually second, <?php should be on line 1 )
I don't see any fatal or parse errors in the code you posted, so you may have a problem in one of the files you are including.
Why not install PHP/Apache and MySQL on your own PC so you can debug it? Evidently display_errors is turned off in the php.ini file.
How do you plan on debugging code that way?