Need help with login webpage

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
legaljuicer
Forum Newbie
Posts: 6
Joined: Sat Mar 06, 2004 1:32 pm

Need help with login webpage

Post by legaljuicer »

This was working and now it quit working and I haven't changed anything. The loginsucces.php doesn't even show the username. Can anyone tell me what I am doing wrong?

login3.php
========================

<?

function login_form()
{
?>
<html>
<head>
<title> IronAddicts.com - Training Log Database </title>
</head>
<body bgcolor="#ffffff" text="#336699">
<hr noshade height=1>
<form method=post>
<table border=0>
<tr>
<td>username: </td>
<td><input type=text name=http_user></td>
</tr>
<tr>
<td>password: </td>
<td><input type=password name=http_pass></td>
</tr>
<tr>
<td colspan=2><input type=submit value="login"></td>
</tr>
</table>
</form>
<hr noshade height=1>
</body>
</html>
<?
}

if ((!isset($http_user)) or (!isset($http_pass)))
{
login_form();
exit;
}
else
{
include ('conf.php');
$dbh = mysql_connect($host,$usr,$pwd) or die("Could not connect to database");
mysql_select_db ($db, $dbh) or die("Could not select the database");
$sql = "select * from clients where username='$http_user' and password='$http_pass'";
$res = mysql_query($sql);
$err = mysql_error();
$num_rows = mysql_num_rows($res);
if ($num_rows != 1)
{
login_form();
exit;
}
else
{
session_start();
session_register('username');
$username = $http_user;
header('Location: loginsuccess.php');

//echo "you are authenticated as $http_user with password $http_pass<br>";
}
mysql_close($dbh);
}
?>



loginsuccess.php

<?



if(!isset($PHPSESSID))
{
//echo "no PHP session started";
header('Location: login3.php');
}
else

session_start();

include 'conf.php';

echo "Welcome, ". $username .". <BR><BR> You are now in our exclusive 'Trainees Only' section.</u><br><br>";



# connect to database
$cid = mysql_connect($host, $usr, $pwd);
if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); }

# setup SQL statement
$SQL = " SELECT * FROM clientinfo WHERE username='$username'";

# execute SQL statement
$result = mysql_db_query($db, $SQL, $cid);
$row = mysql_fetch_array($result);
# check for errors
if (!$result) { echo( mysql_error()); }
else {
echo'<form method="post" action="update.php">';
echo'<input type="hidden" name="id" value="'.$row['id'].'" />';
echo'<input type="text" name="username" value="'. $row['username'].'" />';
echo'<input type="text" name="name" value="'. $row['name'].'" />';
echo'<input type="submit" value="Update" />';
echo'</form>';
printf("Name: %s<br>\n", mysql_result($result,0,"name"));

}
echo "<br><br><br><b><a href=logout.php>Logout</a><br>";

print "<br><br><br><br>";


?>
Illusionist
Forum Regular
Posts: 903
Joined: Mon Jan 12, 2004 9:32 pm

Post by Illusionist »

First thing, in the login function there is no action in your form.... And for everyone else, and myself:
login3.php:

Code: Select all

<?
function login_form()
{
?>
<html>
<head>
<title> IronAddicts.com - Training Log Database </title>
</head>
<body bgcolor="#ffffff" text="#336699">
<hr noshade height=1>
<form method=post>
<table border=0>
<tr>
<td>username: </td>
<td><input type=text name=http_user></td>
</tr>
<tr>
<td>password: </td>
<td><input type=password name=http_pass></td>
</tr>
<tr>
<td colspan=2><input type=submit value="login"></td>
</tr>
</table>
</form>
<hr noshade height=1>
</body>
</html>
<?
}

if ((!isset($http_user)) or (!isset($http_pass)))
{
login_form();
exit;
}
else
{
include ('conf.php');
$dbh = mysql_connect($host,$usr,$pwd) or die("Could not connect to database");
mysql_select_db ($db, $dbh) or die("Could not select the database");
$sql = "select * from clients where username='$http_user' and password='$http_pass'";
$res = mysql_query($sql);
$err = mysql_error();
$num_rows = mysql_num_rows($res);
if ($num_rows != 1)
{
login_form();
exit;
}
else
{
session_start();
session_register('username');
$username = $http_user;
header('Location: loginsuccess.php');

//echo "you are authenticated as $http_user with password $http_pass<br>";
}
mysql_close($dbh);
}
?>
loginsuccess.php

Code: Select all

<?
if(!isset($PHPSESSID))
{
//echo "no PHP session started";
header('Location: login3.php');
}
else

session_start();

include 'conf.php';

echo "Welcome, ". $username .". <BR><BR> You are now in our exclusive 'Trainees Only' section.</u><br><br>";



# connect to database
$cid = mysql_connect($host, $usr, $pwd);
if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); }

# setup SQL statement
$SQL = " SELECT * FROM clientinfo WHERE username='$username'";

# execute SQL statement
$result = mysql_db_query($db, $SQL, $cid);
$row = mysql_fetch_array($result);
# check for errors
if (!$result) { echo( mysql_error()); }
else {
echo'<form method="post" action="update.php">';
echo'<input type="hidden" name="id" value="'.$row['id'].'" />';
echo'<input type="text" name="username" value="'. $row['username'].'" />';
echo'<input type="text" name="name" value="'. $row['name'].'" />';
echo'<input type="submit" value="Update" />';
echo'</form>';
printf("Name: %s<br>\n", mysql_result($result,0,"name"));

}
echo "<br><br><br><b><a href=logout.php>Logout</a><br>";

print "<br><br><br><br>";
?>
Illusionist
Forum Regular
Posts: 903
Joined: Mon Jan 12, 2004 9:32 pm

Post by Illusionist »

? why are you not consistent with your code??

Code: Select all

$dbh = mysql_connect($host,$usr,$pwd) or die("Could not connect to database");
Why didn't you use the same method here:

Code: Select all

$cid = mysql_connect($host, $usr, $pwd);
if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); }
Not all that importnant, just caught my eye!!
Illusionist
Forum Regular
Posts: 903
Joined: Mon Jan 12, 2004 9:32 pm

Post by Illusionist »

One more thing your not selecting a databse in loginsucess.php
Illusionist
Forum Regular
Posts: 903
Joined: Mon Jan 12, 2004 9:32 pm

Post by Illusionist »

hmmm... I don't think you can pass variables to pages like that:

Code: Select all

//login page
$username = "whatever";
header("Location: sucess.php");

Code: Select all

//succes page
echo $username;
I just tried that and... i doesn't work that way. You best bet would be to use sessions... Wait just looked over your code again, try adding session_start to your loginsucess.php page and see if that clears things up!!
legaljuicer
Forum Newbie
Posts: 6
Joined: Sat Mar 06, 2004 1:32 pm

Post by legaljuicer »

I will try your suggestions and see what happens. I looked over my code and I do have a session_start in my loginsucces.php

<?
if(!isset($PHPSESSID))
{
//echo "no PHP session started";
header('Location: login3.php');
}
else

session_start();
Illusionist
Forum Regular
Posts: 903
Joined: Mon Jan 12, 2004 9:32 pm

Post by Illusionist »

oh ya! lol i didn't even see that!! i was looking for it at the very top!! You probably do not have register_globals ON in your php.ini file.
1)You can either turn them on
2)Use Super Globals(i think) $_POST, $_GET, $_SESSIONS for your variables....

Code: Select all

$_SESSIONS['username'] = "Hugh G. Rection";
echo $_SESSIONS['username'];
Post Reply