Page 1 of 1

login need help

Posted: Fri Aug 10, 2007 11:31 pm
by carsky
hi need help on our login..please help us with our query and validation..this is the page where our login form is dispaly..if the login is ok the account menu will appear.

Code: Select all

<? 
/* Include Files **********************/
require_once 'library/config.php';
/*************************************/

$errorMessage = '';
?>
<body>
<?php
if(isset($_SESSION['login_user']) && $_SESSION['login_user'] == $userName){
?>
<table cellpadding="0" cellspacing="10" border="0" bgcolor="#6CFF9D" width="170" style="font-family:sans-serif">
					<tr>
						<td align="center" style="font-size:14px;background-color:#461B7E;color:#ffffff">MY ACCOUNT MENU</td>
					</tr>
					<tr>
						<td class="accountmenu"><a href="" class="accmenu">View/Edit Profile</a></td>
					</tr>
					<tr>
						<td class="accountmenu"><a href="cart.php?action=view" class="accmenu">View Shopping Cart</a></td>
					</tr>
					<tr>
						<td class="accountmenu"><a href="" class="accmenu">View Order History</a></td>
					</tr>
					<tr>
						<td class="accountmenu" ><a href="" class="accmenu">Login</a></td>
					</tr>
					<tr>
						<td class="accountmenu" ><a href="logout.php" class="accmenu">Logout</a></td>
					</tr><?php echo $_SESSION['login_user'];?>
				</table>

<?php
}else{
?>
<h4>Login</h4>
<form method="post"action="login2.php">
<div class="errorMessage" align="center"><?php echo $errorMessage; ?></div>
<table align="left" border="0" cellspacing="0" cellpadding="1">
<tr><td style="font-size:12px">Username:</td><td><input type="text" name="user" size="10" maxlength="30"></td></tr>
<tr><td style="font-size:12px">Password:</td><td><input type="password" name="pass" size="10" maxlength="30"></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember">
<font size="2">Remember me next time</td></tr>
<tr><td colspan="2" align="center">
<input type="submit" name="sublogin" value="Login"></td></tr>
<tr><td colspan="2" align="center"><a href="register.php" class="1">Join</a></td></tr>
</table>
</form>
<?php
}
?>
</body>
here the php file that processing the login..

Code: Select all

<?php
require_once 'library/config.php';


// if we found an error save the error message in this variable
	$errorMessage = '';
	
	$userName = $_POST['user'];
	$password = $_POST['pass'];
	
	// first, make sure the username & password are not empty
	if ($userName == '') {
		$errorMessage = 'You must enter your username';
	} else if ($password == '') {
		$errorMessage = 'You must enter the password';
	} else {
		// check the database and see if the username and password combo do match
		$sql = "SELECT *
		        FROM tbl_customer 
				WHERE Username = '$userName' AND Password = '$password'";
		$result = dbQuery($sql);
	
		if (dbNumRows($result) == 1) {
			$row = dbFetchAssoc($result);
			$_SESSION['thesis1_Customerno'] = $row['Customerno'];
			
			/*
			// log the time when the user last login
			$sql = "UPDATE tbl_admin 
			        SET admin_last_login = NOW() 
					WHERE admin_id = '{$row['admin_id']}'";
			dbQuery($sql);
			*/
			// now that the user is verified we move on to the next page
            // if the user had been in the admin pages before we move to
			// the last page visited
			 if(isset($_SESSION['login_user'])) {
				header('Location: index.php');
				exit;
			}
		} else {
			$errorMessage = 'Wrong username or password';
		}		
			
	}
	
	return $errorMessage;
?>
here the link of how our site looks like...its not yet fully functional just to give an idea of how it looks
http://jehlion.org/im_thesis/ieccTESTproj/index.php

Posted: Fri Aug 10, 2007 11:46 pm
by s.dot
You should never store passwords in plain text. Have a look at md5() or sha1() functions.

Also... what exactly is the question? Are you having problems with the login script?

Posted: Fri Aug 10, 2007 11:58 pm
by carsky
we just set aside the encryption...we are using md5..but right now the problem is on the script..the login2.php is the problem..the moment we login we are redirected to a blank php page

Posted: Sat Aug 11, 2007 12:27 am
by Benjamin
Blank pages are generally the result of a parse or fatal error, and you have error reporting turned off.

Posted: Sat Aug 11, 2007 12:38 am
by s.dot
Why are you returning $errorMessage.. is this inside of a function? Try echo error message and see if that gives you any output.

Posted: Sat Aug 11, 2007 12:39 am
by carsky
how will i turn on the errorr report?which part of the code will i include the error message?

Posted: Sat Aug 11, 2007 12:45 am
by tecktalkcm0391

Code: Select all

error_reporting(6143);

Posted: Sat Aug 11, 2007 12:46 am
by Benjamin