Need help with login webpage
Posted: Sat Mar 20, 2004 7:14 pm
This was working and now it quit working and I haven't changed anything. The loginsucces.php doesn't even show the username. Can anyone tell me what I am doing wrong?
login3.php
========================
<?
function login_form()
{
?>
<html>
<head>
<title> IronAddicts.com - Training Log Database </title>
</head>
<body bgcolor="#ffffff" text="#336699">
<hr noshade height=1>
<form method=post>
<table border=0>
<tr>
<td>username: </td>
<td><input type=text name=http_user></td>
</tr>
<tr>
<td>password: </td>
<td><input type=password name=http_pass></td>
</tr>
<tr>
<td colspan=2><input type=submit value="login"></td>
</tr>
</table>
</form>
<hr noshade height=1>
</body>
</html>
<?
}
if ((!isset($http_user)) or (!isset($http_pass)))
{
login_form();
exit;
}
else
{
include ('conf.php');
$dbh = mysql_connect($host,$usr,$pwd) or die("Could not connect to database");
mysql_select_db ($db, $dbh) or die("Could not select the database");
$sql = "select * from clients where username='$http_user' and password='$http_pass'";
$res = mysql_query($sql);
$err = mysql_error();
$num_rows = mysql_num_rows($res);
if ($num_rows != 1)
{
login_form();
exit;
}
else
{
session_start();
session_register('username');
$username = $http_user;
header('Location: loginsuccess.php');
//echo "you are authenticated as $http_user with password $http_pass<br>";
}
mysql_close($dbh);
}
?>
loginsuccess.php
<?
if(!isset($PHPSESSID))
{
//echo "no PHP session started";
header('Location: login3.php');
}
else
session_start();
include 'conf.php';
echo "Welcome, ". $username .". <BR><BR> You are now in our exclusive 'Trainees Only' section.</u><br><br>";
# connect to database
$cid = mysql_connect($host, $usr, $pwd);
if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); }
# setup SQL statement
$SQL = " SELECT * FROM clientinfo WHERE username='$username'";
# execute SQL statement
$result = mysql_db_query($db, $SQL, $cid);
$row = mysql_fetch_array($result);
# check for errors
if (!$result) { echo( mysql_error()); }
else {
echo'<form method="post" action="update.php">';
echo'<input type="hidden" name="id" value="'.$row['id'].'" />';
echo'<input type="text" name="username" value="'. $row['username'].'" />';
echo'<input type="text" name="name" value="'. $row['name'].'" />';
echo'<input type="submit" value="Update" />';
echo'</form>';
printf("Name: %s<br>\n", mysql_result($result,0,"name"));
}
echo "<br><br><br><b><a href=logout.php>Logout</a><br>";
print "<br><br><br><br>";
?>
login3.php
========================
<?
function login_form()
{
?>
<html>
<head>
<title> IronAddicts.com - Training Log Database </title>
</head>
<body bgcolor="#ffffff" text="#336699">
<hr noshade height=1>
<form method=post>
<table border=0>
<tr>
<td>username: </td>
<td><input type=text name=http_user></td>
</tr>
<tr>
<td>password: </td>
<td><input type=password name=http_pass></td>
</tr>
<tr>
<td colspan=2><input type=submit value="login"></td>
</tr>
</table>
</form>
<hr noshade height=1>
</body>
</html>
<?
}
if ((!isset($http_user)) or (!isset($http_pass)))
{
login_form();
exit;
}
else
{
include ('conf.php');
$dbh = mysql_connect($host,$usr,$pwd) or die("Could not connect to database");
mysql_select_db ($db, $dbh) or die("Could not select the database");
$sql = "select * from clients where username='$http_user' and password='$http_pass'";
$res = mysql_query($sql);
$err = mysql_error();
$num_rows = mysql_num_rows($res);
if ($num_rows != 1)
{
login_form();
exit;
}
else
{
session_start();
session_register('username');
$username = $http_user;
header('Location: loginsuccess.php');
//echo "you are authenticated as $http_user with password $http_pass<br>";
}
mysql_close($dbh);
}
?>
loginsuccess.php
<?
if(!isset($PHPSESSID))
{
//echo "no PHP session started";
header('Location: login3.php');
}
else
session_start();
include 'conf.php';
echo "Welcome, ". $username .". <BR><BR> You are now in our exclusive 'Trainees Only' section.</u><br><br>";
# connect to database
$cid = mysql_connect($host, $usr, $pwd);
if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); }
# setup SQL statement
$SQL = " SELECT * FROM clientinfo WHERE username='$username'";
# execute SQL statement
$result = mysql_db_query($db, $SQL, $cid);
$row = mysql_fetch_array($result);
# check for errors
if (!$result) { echo( mysql_error()); }
else {
echo'<form method="post" action="update.php">';
echo'<input type="hidden" name="id" value="'.$row['id'].'" />';
echo'<input type="text" name="username" value="'. $row['username'].'" />';
echo'<input type="text" name="name" value="'. $row['name'].'" />';
echo'<input type="submit" value="Update" />';
echo'</form>';
printf("Name: %s<br>\n", mysql_result($result,0,"name"));
}
echo "<br><br><br><b><a href=logout.php>Logout</a><br>";
print "<br><br><br><br>";
?>