Page 2 of 2

Re: Help With Registration/Login

Posted: Sat Jan 26, 2008 11:43 am
by InfinityMan
Ok, Ill give that a shot.

`uid`='".$user."' should be `username`='".$user."' ?

In the database the field is called uid
(which stands for userid) - So I just called it uid in the database. But even still
I should probably change $user to $uid right. So it should look like this:

`uid`='".$uid."' correct?

Ill let you know what my results are.

Re: Help With Registration/Login

Posted: Sat Jan 26, 2008 11:47 am
by InfinityMan
Ok, what Im going to do while I work on this is post my entire script for you and others to take a look at as well. - Here is the entire script from start to finish, also Im taking your advice and Im going to try what you said and see what it generates, meanwhile here is the whole script

Code: Select all

<?php
$con = mysql_connect("****","***","***") or die('Could not connect: ' . mysql_error());
mysql_select_db("login", $con);
 
session_start();
 
if(!$_POST['submit']){
    echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
    echo "<form method=\"post\" action=\"login.php\">\n";
    echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
    echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
    echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"Login\" name=\"submit\"></td></tr>\n";
    echo "</form></table>\n";
}else {
    $user = mysql_real_escape_string(trim($_POST['username']));
    $pass = mysql_real_escape_string(trim($_POST['password']));
    $errors = array();
    
    if(!$user){
        $errors[] = "You did not supply a username!";
    }else {
        if(!$pass){
            $errors[] = "You did not supply a password!";
        }else {
            $sql = "SELECT count(*) FROM `users` WHERE `uid`='".$uid."'";
            $res = mysql_query($sql) or die(mysql_error());
            if(mysql_num_rows($res) == 0){
                $errors[] = "Username does not exist!";
            }else {
                $sql2 = "SELECT uid,activated,accesslevel FROM `users` WHERE `uid`='".$uid."' AND `pass`='".md5($pass)."'";
                $res2 = mysql_query($sql2) or die(mysql_error());
                if(mysql_num_rows($res2) == 0){
                    $errors[] = "Incorrect username and password combination!";
                }else {
                    $row = mysql_fetch_assoc($res2);
                    if($row['activated'] == 0){
                        $errors[] = "Your account is not activated!";
                    }
                }
            }
        }
    }
    
    if(count($errors) > 0){
        foreach($errors AS $error){
            echo $error . "<br>\n";
        }
    }else {
        $_SESSION['uid'] = $row['id'];
        
        switch($row['accesslevel']){
            case 1:
                header("Location: /members/index.php");
            break;
            
            case 2:
                header("Location: /admin/index.php");
            break;
            
            case 3:
                header("Location: /manager/index.php");
            break;
            
            default:
                header("Location: /members/index.php");
        }
    }
}
 
var_dump($row['accesslevel']);
?>

Re: Help With Registration/Login

Posted: Sat Jan 26, 2008 11:57 am
by JAM
You can remove the var_dump().

I'm personally not sure as I cant see where the $uid is begin set. You use it, but it's not being set anywhere.
$user is begin set here (line 15):

Code: Select all

   $user = mysql_real_escape_string(trim($_POST['username']));
...but $uid? You are using it here (line 25);

Code: Select all

           $sql = "SELECT count(*) FROM `users` WHERE `uid`='".$uid."'";
...but I still cannot se where it's set.

This entire part of the code seems bad if the $uid isn't set as a variable...

Code: Select all

           $sql = "SELECT count(*) FROM `users` WHERE `uid`='".$uid."'";
            $res = mysql_query($sql) or die(mysql_error());
            if(mysql_num_rows($res) == 0){
                $errors[] = "Username does not exist!";
            }
Verify that the uid shouldn't be username. No need to post your entire code anymore. You do however need to sit down and think about what's being used where, and add some basic debugging. Echo out variables within the script to see if the varaibles are set at all or to what you want. an if-then-else will break if you only think it works, when it does not.

I wont write the script to you. I'd help you understand what the different parts do however. :wink:

Re: Help With Registration/Login

Posted: Sat Jan 26, 2008 12:30 pm
by InfinityMan
Well thank you :) I appreciate all the help. I took at look at the first part of your comment there, and Ive changed somethings around - which took away the "Account Not Activated" error. Now its just saying "You did not supply a username" lol. But that is progress for me, because at least we did something right. So talking about the username thing, it is supposed to be uid
so I did change that around to make it look like this

Code: Select all

    $uid = mysql_real_escape_string(trim($_POST['uid']));
    $pass = mysql_real_escape_string(trim($_POST['pass']));
    $errors = array();
    
    if(!$uid){
        $errors[] = "You did not supply a username!";
    }else {
        if(!$pass){
            $errors[] = "You did not supply a password!";
 
Now
Im going to do some investigating here because I think I see some errors in one of my lines, but
I did make the alteration, changing it from 'user/username' to 'uid'

Re: Help With Registration/Login

Posted: Sat Jan 26, 2008 12:39 pm
by InfinityMan
I found a problem, up on the script near the top it said
echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";

Which I changed to

Code: Select all

echo "<tr><td>Username</td><td><input type=\"text\" name=\"uid\"></td></tr>\n";
 

Now the error changed to "Invalid username/password" combinatino when trying to login...

Making progress lol :) :banghead: :banghead: :banghead: :banghead:

Re: Help With Registration/Login

Posted: Sat Jan 26, 2008 1:13 pm
by JAM
Glad your'e doing progress.

Again, the main objective of these forums is to discuss problems/theory with the focus on people actually learning something. You are doing it 'the right way' if you posts contain 'I've tried this, but the result is <something> and not whats expected' rather than the 'I have this code, now what.' approach.

Re: Help With Registration/Login

Posted: Sat Jan 26, 2008 3:02 pm
by InfinityMan
:) I FINALLY got it to work!

Thanks for all the input!!!