simple log in script not working

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
lafflin
Forum Contributor
Posts: 123
Joined: Thu Jul 26, 2007 6:26 pm

simple log in script not working

Post by lafflin »

Hello, I am having trouble trying to implement a login system for an app I'm creating. First off this is my first project, but I've been working on it for a while, the point is that I'm a newb, but I've been doing my homework.

here is the simple authentication script

Code: Select all

 
<?php
 
session_start;
 
 
if (isset($_POST['submitted']))  {
 
require_once ('../../../mysql_connect.php');
include ('../includes/functions.php');
 
                                $username = escape_data($_POST['user']);
                                $password = md5(escape_data($_POST['password']));
                                
 
 
$authenticate = "SELECT             username 
                 FROM   
                                    user_accounts
                 WHERE 
                                    username = '$username'
                 AND                    
                                    password = '$password'";
                  
                  $result = mysql_query ($authenticate) or die(mysql_error());                       
                  if (mysql_num_rows($result) == 1)
                                {  
                                 
                                 $_SESSION['USER'] = mysql_fetch_row($result) ;
                                 
                                      header("Location: ../pages/index.html");                       
                                   // header("Location: {$_SERVER['HTTP_REFERER']}");
                                          exit;
                                           
                                    //var_dump($_SESSION['USER']);
                                    //die  ($authenticate);
                                        
                                 } else { echo'Invalid username and/ or password, <br>
                                                Please try again.' ; }
                              
            
}
include ('../includes/header_footer/header.inc.htm');
echo'
<form action="log_in.php" method="post">
<table class="frame" cellpadding="8" >
  <tr>
    <td align="right" > 
      
        Username<input name="user" type="text" size="14" maxlength="12">
       <br />
    
        Password<input name="password" type="password" size="14" maxlength="16">
       
 
    <br />
  <input name="enter" type="submit" value="Enter" />
    </td>
  </tr>
  <input name="submitted" type="hidden"  />
</table>
 
</form>
' ;
 
include ('../includes/header_footer/footer.inc.htm');
?>
 
incase what I am trying to do is not obvious I'm trying to create a session (USER) which will be used to grant access to all my other pages in the application.
the problem I'm having is that in the first line or so of all my other scripts I'm putting this:

Code: Select all

 
 
<?php
session_start();
if (isset($_SESSION['USER'])) {
 
// my script
 
else { header("Location: ../authentication/log_in.php");}
?>
 
but what is happeneing is that I'm being re-directed to my log in script regardless.

Any advice and / or criticism is greatly appreciated.
let me know if there is any obvious security blunders (this will be hosted on a secure site).
Thank you so much.
Last edited by lafflin on Sun Feb 10, 2008 10:58 am, edited 2 times in total.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: simple log in script not working

Post by Benjamin »

How many rows is the query returning?
lafflin
Forum Contributor
Posts: 123
Joined: Thu Jul 26, 2007 6:26 pm

Re: simple log in script not working

Post by lafflin »

just one. You'll notice that I did a var_dump on my session (commented out) and it came back as expected. In my second script though where I check for the session the same var_dump is comming back NULL.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: simple log in script not working

Post by Benjamin »

Are they crossing subdomains?
lafflin
Forum Contributor
Posts: 123
Joined: Thu Jul 26, 2007 6:26 pm

Re: simple log in script not working

Post by lafflin »

Subdomains? the scripts are in two seperate directories, but both are within the same main directory. Subdomain? I'm not sure what the true definition of a subdomain is, but I'm pretty sure the answer is no.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: simple log in script not working

Post by Christopher »

Because you are redirecting you might want to try:

Code: Select all

header("Location: ../pages/index.html");                       
session_write_close();
exit;
Also, depending on browser (IE) you might need:

Code: Select all

session_cache_limiter('must-revalidate');
session_start();
(#10850)
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: simple log in script not working

Post by Benjamin »

Are they both on domain.com?

Or is one at domain.com and the other at domain_two.com?

Or is one at login.domain.com and the other at accounts.domain.com?
lafflin
Forum Contributor
Posts: 123
Joined: Thu Jul 26, 2007 6:26 pm

Re: simple log in script not working

Post by lafflin »

Nope, everything is right here on my laptop, nothing is live. I'm using WAMP, php 5
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: simple log in script not working

Post by Benjamin »

It's probably the missing } then...

Code: Select all

 
<?php
session_start();
if (isset($_SESSION['USER'])) {
 
// my script
# right here 
} else { header("Location: ../authentication/log_in.php");}
?>
 
lafflin
Forum Contributor
Posts: 123
Joined: Thu Jul 26, 2007 6:26 pm

Re: simple log in script not working

Post by lafflin »

oh, yeah that's a typo in my post, code has it.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: simple log in script not working

Post by Benjamin »

Maybe the sessions directory is not writable or you have cookies disabled. I'm running out if ideas here. Unless I'm missing something so blatant I don't see it, based on your code it should be working. Are you absolutely sure the query is only returning 1 record? If it's returning 0,2,3,4 etc it won't set USER var in the session.
lafflin
Forum Contributor
Posts: 123
Joined: Thu Jul 26, 2007 6:26 pm

Re: simple log in script not working

Post by lafflin »

here is the var_dump of the $_SESSION["USER"]:
array(1) { [0]=> string(5) "admin" }

I'm using sessions successfully several other paces in this application.
But keep in mind this is my first apllication and I have never created a login system so there could be something that is very basic that I'm not doing that you might be assuming I know, but I don't.
In any case I appreciate your effort.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: simple log in script not working

Post by Mordred »

The very first session_start is missing (), that should be it. Turn on your error reporting.

A better alternative to

Code: Select all

<?php
session_start();
if (isset($_SESSION['USER'])) {
 
// my script
# right here 
} else { header("Location: ../authentication/log_in.php");}
?>
is

Code: Select all

<?php
session_start();
if (!isset($_SESSION['USER'])) {
header("Location: ../authentication/log_in.php");
exit();
}
 
// my script
?>
P.S. My compliments on your well written code, you seem to have done your homework very well indeed.
lafflin
Forum Contributor
Posts: 123
Joined: Thu Jul 26, 2007 6:26 pm

Re: simple log in script not working [solved]

Post by lafflin »

Yeah, that was it. Thank you so much. The issue was my:

Code: Select all

 
session_start()
//was typed without the () in the script creating the sesssion.
 
or perhaps I should say that was supposed to create the session.


And big thanks for showing my the reverse logic snippet also, that'll be much easier to go back and implement on the thirty or so other pages I've already made.
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: simple log in script not working

Post by Benjamin »

Mordred wrote:The very first session_start is missing ()
Good eye, I so didn't even notice that.
Post Reply