Login Page doesn't log anyone in

A

Anonymous

Guest
I created a login page, but when I enter my username and password I am redirected to the login page as if the username and password are incorrect. What is wrong with my code?

Problem is at: http://martialartsupplystore.littlegd.com/catalog/admin/login_form.php
user: test
password: test

This is the code for the page you should go to when logged in:

Code: 
<?php
//check for required fields from the form
if ((!$_POST[user]) || (!$_POST[password])) {
	header("Location: login_form.php");
	exit;
}

//connect to server and select database
$conn = mysql_connect("localhost", "root", "")
	or die(mysql_error());
mysql_select_db("mass",$conn) or die(mysql_error());

//create and issue the query
$sql = "select first_name from member where user = 
	'$_POST[user]' AND password = password('$_POST[password]')";
$result = mysql_query($sql,$conn) or die(mysql_error());

//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {

	//if authorized, get the value of first_name
	$first_name = mysql_result($result, 0, 'first_name');

	//set authorization cookie
	setcookie("auth", "1", 0, "/", "http://martialartsupplystore.littlegd.com", 0);

	//prepare message for printing, and user menu
	$msg = "<p>Welcome, $first_name!</p>";

} else {

	//redirect back to login form if not authorized
	head("Location: login_form.php");
	exit;
}
?>
 
((!$_POST[user]) || (!$_POST[password]))


try replacing that with:

Code: 
((!$_POST["user"]) || (!$_POST["password"]))
(and the same for all other instances in your script). My suggestion is to assign them to variables to save typing out, and to make your life easier... i.e.

$user = $_POST["user"]; $password = $_POST["password"];


Then when you get here:

$sql = "select first_name from member where user =
'$_POST[user]' AND password = password('$_POST[password]')";
$result = mysql_query($sql,$conn) or die(mysql_error());
Click to expand...
You'll not have any problems with confusing " or ' marks messing things up (so replace then with:


Code: 
$sql = "select first_name from member where user = 
   '$user' AND password = password('$password')"; 
$result = mysql_query($sql,$conn) or die(mysql_error());

Check that cookies work in your browser too - you could just be experiencing browser problems!!




Also, for an alternate method here:

//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {

//if authorized, get the value of first_name
$first_name = mysql_result($result, 0, 'first_name');

Try using $row = mysql_fetch_array($result); then $first_name = $row["first_name"]; and that way your result is available any time in that script (not necessary now, but in the future you just never know!)


Andrew
 
Thanks for the help, but that didn't work. Any other ideas?
 
try echoing $query - see if it gives the expected respons.

Andrew
 
Still didn't work. Is there a simple script that someone else is using that I could use? Nothing to complex because I am just starting with PHP. Thanks for all your help with this. I really appreciate it.
 
You know, I probably echoed the query wrong. So how exactly do I do that? I think I echoed the result. :D I told you I was a beginnner.
 
I have a problem with my login script, as you know, but I also created an insert record script for the same site that doesn't work. It seems that none of the scripts I do work. I am using Sams Teach Yourself as a reference guide. Am I missing something important?
 
littlegdesigns2004 said:
I am using Sams Teach Yourself as a reference guide
Click to expand...
Is that a book !? Maybe the scripts are out of date.
Does the author gives some information about the php's version and configuration !?

Cheers
 
The book uses PHP version 4.2.3. Is there maybe something on my server that I should check out? Many of my scripts are working, and they are pretty simple scripts. I made a form with an insert record script. When I submit the form, a blank record is added to my database. None of the information I type into the text fields is added to the database, though. And, obviously, my login script doesn't work. As well as, a couple others. I'm really thinking that my server may be the cause of all of my frustration, but I don't know much about that sort of thing.
 
Code: 
<?php 
$user = $_POST["user"]; $password = $_POST["password"];
//check for required fields from the form 
if ((!$user) || (!$password)) { 
   header("Location: login_form.php"); 
   exit; 
} 

//connect to server and select database 
mysql_connect("localhost", "root", "") 
   or die(mysql_error()); 
mysql_select_db("mass") or die(mysql_error()); 

//create and issue the query 
$sql = "select * from member where user='user' AND password=password('$password')"; 
$result = mysql_query($sql) or die(mysql_error()); 

//get the number of rows in the result set; should be 1 if a match 
if (mysql_num_rows($result) == 1) { 
$row = mysql_fetch_array($result);
   //if authorized, get the value of first_name 
   $first_name = $row["first_name"]; 

   //set authorization cookie 
   setcookie("auth", "1", 0, "/", "http://martialartsupplystore.littlegd.com", 0); 

   //prepare message for printing, and user menu 
   $msg = "<p>Welcome, $first_name!</p>"; echo $msg;

} else { 

   //redirect back to login form if not authorized 
   head("Location: login_form.php"); 
   exit; 
} 
?>


I've re-written your code how I think it should be - try it out and let me know how it works.

Andrew
 
I tried your script and got the exact same results, which was nothing. All the PHP scripts I am trying to use are kicking my butt. I am getting beat down by all of this. :shock: Thank you for trying to help, though. I am still open to any new ideas or possible error causes I might have.
 
Is it possible that I need to reconfigure something on my server that could be causing me all of these problems? Again, I am basically an idiot when it comes to this cause I am a beginner. I am an HTML nut just breaking into PHP, MySQL and servers. So one tiny error in my server could be causing me all this headache. Is there anything in particular that I should check?
 
What are the error you get when trying script that bezmond posted !?
Please use this:
Code: 
<?php

// At the very top of you page!

error_reporting(E_ALL);
ini_set('display_errors', 1); // Just to make sure they will appear ! 

?>
 
Here is the code:

Code: 
<?php 
// At the very top of you page! 

error_reporting(E_ALL); 
ini_set('display_errors', 1); // Just to make sure they will appear ! 

$user = $_POST["username"]; $password = $_POST["password"]; 
//check for required fields from the form 
if ((!$username) || (!$password)) { 
   header("Location: login_form.php"); 
   exit; 
} 

//connect to server and select database 
mysql_connect("localhost", "root", "") 
   or die(mysql_error()); 
mysql_select_db("mass") or die(mysql_error()); 

//create and issue the query 
$sql = "select * from auth_users where username='username' AND password=password('$password')"; 
$result = mysql_query($sql) or die(mysql_error()); 

//get the number of rows in the result set; should be 1 if a match 
if (mysql_num_rows($result) == 1) { 
$row = mysql_fetch_array($result); 
   //if authorized, get the value of f_name 
   $f_name = $row["f_name"]; 

   //set authorization cookie 
   setcookie("auth", "1", 0, "/", "http://martialartsupplystore.littlegd.com", 0); 

   //prepare message for printing, and user menu 
   $msg = "<p>Welcome, $f_name!</p>"; echo $msg; 

} else { 

   //redirect back to login form if not authorized 
   head("Location: login_form.php"); 
   exit; 
} 
?>

Here are the error messages:

Warning: Undefined variable: _POST in /usr/local/www/vhosts/martialartsupplystore.littlegd.com/htdocs/catalog/admin/admin2.php on line 7

Warning: Undefined variable: _POST in /usr/local/www/vhosts/martialartsupplystore.littlegd.com/htdocs/catalog/admin/admin2.php on line 7

Warning: Cannot add header information - headers already sent by (output started at /usr/local/www/vhosts/martialartsupplystore.littlegd.com/htdocs/catalog/admin/admin2.php:7) in /usr/local/www/vhosts/martialartsupplystore.littlegd.com/htdocs/catalog/admin/admin2.php on line 10
 
you are getting that because the inital page does not post anything so $_POST is undefined. wrap an if statement checking to see if $_POST is set.


instead of
Code: 
$user = $_POST["username"]; $password = $_POST["password"];
//check for required fields from the form
if ((!$username) || (!$password)) {
   header("Location: login_form.php");
   exit;
}

use
Code: 
if(isset($_POST['username']) && isset($_POST['password']))
{
   header("Location: login_form.php");
   exit;
}
else
{

$user = $_POST["username"]; $password = $_POST["password"];

and set the $username and $password values later in the else

That will take care of the notice.
 
Well, I figured out that my problem is that my server has an old version of PHP which doesn't use the global var $_POST. So, now I don't know how to modify my scripts to work with the old version of PHP. Anybody?
 
Thank you all for all of your input. I have found a way to upgrade my server php version, so all of my scripts should be fine (haha...should be fine, right).
 
Upgrade the server. If it's not yours get a new host. It's pure stupidity security wise to not have the latest. PHP is free.. no excuses.
 
just to add my 2 cents, here's code that should work on that old version,

Code: 
//Check Login Variables
$query= "select username , password from member";
$result= mysql_query($query);

//If login fails $i will be defined
$i=0;

//Look in the database for matching username
while ($row= mysql_fetch_row($result)) {
    if ($row[0] == $username) {

//Look in the database for matching password
        if ($row[1] == $password) {
            $i=1;
        }
    }
}

//If login fails $user will be defined
$user='user';
if ($i == 1) {
//If login is successful this variable can be set to anything to show the auth script that it was successful
    $user='validUser';
}

it's a little sloppy but I only spent about a minute on it, it may need some debugging as well but the general concept should be apparent.
 
You must log in or register to reply here.
Back
Top