Page 1 of 1

simple log in script not working

Posted: Sat Feb 09, 2008 5:07 pm
by lafflin
Hello, I am having trouble trying to implement a login system for an app I'm creating. First off this is my first project, but I've been working on it for a while, the point is that I'm a newb, but I've been doing my homework.

here is the simple authentication script

Code: Select all

 
<?php
 
session_start;
 
 
if (isset($_POST['submitted']))  {
 
require_once ('../../../mysql_connect.php');
include ('../includes/functions.php');
 
                                $username = escape_data($_POST['user']);
                                $password = md5(escape_data($_POST['password']));
                                
 
 
$authenticate = "SELECT             username 
                 FROM   
                                    user_accounts
                 WHERE 
                                    username = '$username'
                 AND                    
                                    password = '$password'";
                  
                  $result = mysql_query ($authenticate) or die(mysql_error());                       
                  if (mysql_num_rows($result) == 1)
                                {  
                                 
                                 $_SESSION['USER'] = mysql_fetch_row($result) ;
                                 
                                      header("Location: ../pages/index.html");                       
                                   // header("Location: {$_SERVER['HTTP_REFERER']}");
                                          exit;
                                           
                                    //var_dump($_SESSION['USER']);
                                    //die  ($authenticate);
                                        
                                 } else { echo'Invalid username and/ or password, <br>
                                                Please try again.' ; }
                              
            
}
include ('../includes/header_footer/header.inc.htm');
echo'
<form action="log_in.php" method="post">
<table class="frame" cellpadding="8" >
  <tr>
    <td align="right" > 
      
        Username<input name="user" type="text" size="14" maxlength="12">
       <br />
    
        Password<input name="password" type="password" size="14" maxlength="16">
       
 
    <br />
  <input name="enter" type="submit" value="Enter" />
    </td>
  </tr>
  <input name="submitted" type="hidden"  />
</table>
 
</form>
' ;
 
include ('../includes/header_footer/footer.inc.htm');
?>
 
incase what I am trying to do is not obvious I'm trying to create a session (USER) which will be used to grant access to all my other pages in the application.
the problem I'm having is that in the first line or so of all my other scripts I'm putting this:

Code: Select all

 
 
<?php
session_start();
if (isset($_SESSION['USER'])) {
 
// my script
 
else { header("Location: ../authentication/log_in.php");}
?>
 
but what is happeneing is that I'm being re-directed to my log in script regardless.

Any advice and / or criticism is greatly appreciated.
let me know if there is any obvious security blunders (this will be hosted on a secure site).
Thank you so much.

Re: simple log in script not working

Posted: Sat Feb 09, 2008 5:27 pm
by Benjamin
How many rows is the query returning?

Re: simple log in script not working

Posted: Sat Feb 09, 2008 5:34 pm
by lafflin
just one. You'll notice that I did a var_dump on my session (commented out) and it came back as expected. In my second script though where I check for the session the same var_dump is comming back NULL.

Re: simple log in script not working

Posted: Sat Feb 09, 2008 5:36 pm
by Benjamin
Are they crossing subdomains?

Re: simple log in script not working

Posted: Sat Feb 09, 2008 5:40 pm
by lafflin
Subdomains? the scripts are in two seperate directories, but both are within the same main directory. Subdomain? I'm not sure what the true definition of a subdomain is, but I'm pretty sure the answer is no.

Re: simple log in script not working

Posted: Sat Feb 09, 2008 5:42 pm
by Christopher
Because you are redirecting you might want to try:

Code: Select all

header("Location: ../pages/index.html");                       
session_write_close();
exit;
Also, depending on browser (IE) you might need:

Code: Select all

session_cache_limiter('must-revalidate');
session_start();

Re: simple log in script not working

Posted: Sat Feb 09, 2008 5:42 pm
by Benjamin
Are they both on domain.com?

Or is one at domain.com and the other at domain_two.com?

Or is one at login.domain.com and the other at accounts.domain.com?

Re: simple log in script not working

Posted: Sat Feb 09, 2008 5:48 pm
by lafflin
Nope, everything is right here on my laptop, nothing is live. I'm using WAMP, php 5

Re: simple log in script not working

Posted: Sat Feb 09, 2008 5:51 pm
by Benjamin
It's probably the missing } then...

Code: Select all

 
<?php
session_start();
if (isset($_SESSION['USER'])) {
 
// my script
# right here 
} else { header("Location: ../authentication/log_in.php");}
?>
 

Re: simple log in script not working

Posted: Sat Feb 09, 2008 5:57 pm
by lafflin
oh, yeah that's a typo in my post, code has it.

Re: simple log in script not working

Posted: Sat Feb 09, 2008 6:06 pm
by Benjamin
Maybe the sessions directory is not writable or you have cookies disabled. I'm running out if ideas here. Unless I'm missing something so blatant I don't see it, based on your code it should be working. Are you absolutely sure the query is only returning 1 record? If it's returning 0,2,3,4 etc it won't set USER var in the session.

Re: simple log in script not working

Posted: Sat Feb 09, 2008 6:16 pm
by lafflin
here is the var_dump of the $_SESSION["USER"]:
array(1) { [0]=> string(5) "admin" }

I'm using sessions successfully several other paces in this application.
But keep in mind this is my first apllication and I have never created a login system so there could be something that is very basic that I'm not doing that you might be assuming I know, but I don't.
In any case I appreciate your effort.

Re: simple log in script not working

Posted: Sun Feb 10, 2008 9:57 am
by Mordred
The very first session_start is missing (), that should be it. Turn on your error reporting.

A better alternative to

Code: Select all

<?php
session_start();
if (isset($_SESSION['USER'])) {
 
// my script
# right here 
} else { header("Location: ../authentication/log_in.php");}
?>
is

Code: Select all

<?php
session_start();
if (!isset($_SESSION['USER'])) {
header("Location: ../authentication/log_in.php");
exit();
}
 
// my script
?>
P.S. My compliments on your well written code, you seem to have done your homework very well indeed.

Re: simple log in script not working [solved]

Posted: Sun Feb 10, 2008 10:57 am
by lafflin
Yeah, that was it. Thank you so much. The issue was my:

Code: Select all

 
session_start()
//was typed without the () in the script creating the sesssion.
 
or perhaps I should say that was supposed to create the session.


And big thanks for showing my the reverse logic snippet also, that'll be much easier to go back and implement on the thirty or so other pages I've already made.

Re: simple log in script not working

Posted: Sun Feb 10, 2008 1:01 pm
by Benjamin
Mordred wrote:The very first session_start is missing ()
Good eye, I so didn't even notice that.