Page 1 of 1

Login and Sessions Form Help

Posted: Wed Dec 17, 2008 1:26 pm
by CodeMama
Can't get a login form to work without passing login id in url which I do not want to do..please help
my code so far:

index.php

Code: Select all

<?php include("inc/dbconn_open.php") ?>
<?php
 $errs = error_reporting ('E_ALL');
 
if (isset($_POST['UserName'])) {$UserName = $_POST['UserName'];} else {$UserName = '';}
if (isset($_POST['Password'])) {$Password = $_POST['Password'];} else {$Password = '';}
 
//$msg = '';
 
if (!empty($UserName)) {
 
    $sql = "SELECT * FROM admin WHERE UserName='$UserName' and Password='$Password'";
    $result = mysql_query ($sql);
    $row = mysql_fetch_object ($result);
 
    If (mysql_num_rows($result) > 0) {
        $_SESSION['AdminLogin'] = $row->AdminID;
        header ("Location: Main.php");
    } else {
        $msg = "Invalid Login";
    }
}
 
?>
 
<HTML>
 
<HEAD>
<TITLE>Work Order System </TITLE>
<LINK REL="STYLESHEET" HREF="inc/style.css">
<script language="JavaScript">
<!--
    function leftTrim(sString) {
        while (sString.substring(0,1) == ' ') {
            sString = sString.substring(1, sString.length);
        }
        return sString;
    }
    
    function chkData1(objForm) {
 
        objForm.UserName.value = leftTrim(objForm.UserName.value);
        if (objForm.UserName.value.length == 0) {
            alert("Please enter your User Name.");
            objForm.Email.focus();
            return false;
        }
        
        objForm.Password.value = leftTrim(objForm.Password.value);
        if (objForm.Password.value.length == 0) {
            alert("Please enter a your Password.");
            objForm.Password.focus();
            objForm.Password.select();
            return false;
        }
        return true;
    }
 
//-->
</script>
 
</HEAD>
 
<BODY>
<TABLE WIDTH="750" BORDER="0" CELLSPACING="0" CELLPADDING="0">
 
<TR>
<TD>&nbsp;</TD>
</TR>
<TR>
<TD ALIGN="CENTER"><B>Work Order System - Administrative Section</B><BR><BR></TD>
</TR>
<TR>
<TD>
<?php
    If (!empty($msg)){
        echo "<div class=\"cl_Error\">". $msg ."</div>";
    }
?>
 
<form name="form1" method="post" action="main.php?AdminID=<?php echo $AdminID; ?>" onSubmit="return chkData1(this)">
<TABLE WIDTH="300" BORDER="2" ALIGN="center" CELLPADDING="2" CELLSPACING="0" bordercolor="#000033" bgcolor="#0099CC">
    <TR>
        <TD HEIGHT="22"><div class="admin_Main">Username:</div></TD>
        <TD HEIGHT="22"> <INPUT TYPE="text" NAME="UserName"></TD>
    </TR>
    <TR>
        <TD><div class="admin_Main">Password:</div></TD>
        <TD><INPUT TYPE="password" NAME="Password"></TD>
    </TR>
    <TR>
        <TD colspan="2" align="center"><INPUT TYPE="submit" VALUE="Login"> </TD>
    </TR>
</TABLE>
</form>
 
then main.php

Code: Select all

<?php
include("inc/dbconn_open.php");
error_reporting ('E_ALL');
 
if (empty($_SESSION['AdminLogin']) OR $_SESSION['AdminLogin'] <> 'OK' ){
    header ("Location: LogOut.php");
}
 
if (isset($_SESSION['AdminID']) && !empty($_SESSION['AdminID'])){
    $AdminID = $_SESSION['AdminID'];
} else {
    header ("Location: LogOut.php");
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Work Order System - Administrative Section</title>
</head>
 
<frameset cols="200,*" frameborder="NO" border="0" framespacing="0">
  <frame src="Menu.php?AdminID=<?php echo $AdminID; ?>" name="leftFrame" scrolling="auto" noresize>
  <frame src="Welcome.php?AdminID=<?php echo $AdminID; ?>" name="mainFrame">
</frameset>
<noframes><body>
</body></noframes>
</html>
 
it's not printing errors to the screen or to the error_log.txt file.....help help please

Re: Login and Sessions Form Help

Posted: Thu Dec 18, 2008 12:14 am
by sparrrow
I'm sorta lost on what I'm looking at. So you have a user name and a user id both it looks like. You are POSTing the login for over to main.php, but index has the code to grab username and password from POST data. I'll take a stab in the dark though:

Add an hidden form element to your login form, then retrieve it from the POST data on the target page.

Code: Select all

<input type="hidden" name="AdminID" value="<?php echo $AdminID; ?>" />

Re: Login and Sessions Form Help

Posted: Thu Dec 18, 2008 8:29 am
by CodeMama
Thanks for looking! The current code which still isn't passing the AdminID session is this:

Code: Select all

<?php
// start session
  session_start(); 
 include("inc/dbconn_open.php") ;
 $errs = error_reporting ('E_ALL');
 
if (isset($_POST['UserName'])) {$UserName = $_POST['UserName'];} else {$UserName = '';}
if (isset($_POST['Password'])) {$Password = $_POST['Password'];} else {$Password = '';}
 
$msg = '';
 
if (!empty($UserName)) {
 
    $sql = "SELECT * FROM  admin WHERE `UserName`='$UserName' and `Password`='$Password' LIMIT 1" or die(mysql_error());
    $result = mysql_query ($sql);
    $row = mysql_fetch_object ($result);
    If (mysql_num_rows($result) > 0) {
        $_SESSION['AdminLogin'] = '$row['AdminID']';
        header ("Location: Main.php");
    } else {
        $msg = "Invalid Login";
    }
}
 
?>
 
<HTML>
 
<HEAD>
<TITLE>Work Order System </TITLE>
<LINK REL="STYLESHEET" HREF="inc/style.css">
<script language="JavaScript">
<!--
    function leftTrim(sString) {
        while (sString.substring(0,1) == ' ') {
            sString = sString.substring(1, sString.length);
        }
        return sString;
    }
    
    function chkData1(objForm) {
 
        objForm.UserName.value = leftTrim(objForm.UserName.value);
        if (objForm.UserName.value.length == 0) {
            alert("Please enter your User Name.");
            objForm.Email.focus();
            return false;
        }
        
        objForm.Password.value = leftTrim(objForm.Password.value);
        if (objForm.Password.value.length == 0) {
            alert("Please enter a your Password.");
            objForm.Password.focus();
            objForm.Password.select();
            return false;
        }
        return true;
    }
 
//-->
</script>
 
</HEAD>
 
<BODY>
<TABLE WIDTH="750" BORDER="0" CELLSPACING="0" CELLPADDING="0">
 
<TR>
<TD>&nbsp;</TD>
</TR>
<TR>
<TD ALIGN="CENTER"><B>Work Order System - Administrative Section</B><BR><BR></TD>
</TR>
<TR>
<TD>
<?php
    If (!empty($msg)){
        echo "<div class=\"cl_Error\">". $msg ."</div>";
    }
?>
 
<form name="form1" method="post" action="main.php" onSubmit="return chkData1(this)">
<TABLE WIDTH="300" BORDER="2" ALIGN="center" CELLPADDING="2" CELLSPACING="0" bordercolor="#000033" bgcolor="#0099CC">
    <TR>
        <TD HEIGHT="22"><div class="admin_Main">Username:</div></TD>
        <TD HEIGHT="22"> <INPUT TYPE="text" NAME="UserName"></TD>
    </TR>
    <TR>
        <TD><div class="admin_Main">Password:</div></TD>
        <TD><INPUT TYPE="password" NAME="Password"></TD>
    </TR>
    <TR>
        <TD colspan="2" align="center"><INPUT TYPE="submit" VALUE="Login"> </TD>
    </TR>
</TABLE>
</form>
 
which is supposed to pass it to main.php:

Code: Select all

<?php
session_start();
include("inc/dbconn_open.php");
 
if((isset($_SESSION['AdminLogin'])) && (!empty($_SESSION['AdminLogin'])))
{
}else{
     echo ($_SESSION['AdminLogin']);
     die ( $_SESSION['AdminLogin']); 
     header ("Location: LogOut.php");
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Work Order System - Administrative Section</title>
</head>
 
<frameset cols="200,*" frameborder="NO" border="0" framespacing="0">
  <frame src="Menu.php" name="leftFrame" scrolling="auto" noresize>
  <frame src="Welcome.php" name="mainFrame">
</frameset>
<noframes><body>
</body></noframes>
</html>
 

Re: Login and Sessions Form Help

Posted: Thu Dec 18, 2008 9:09 am
by CodeMama
Ok well in attempt to echo the adminID I discovered it it NOT picking up anything from the DB