carophp Posted January 9, 2014 Share Posted January 9, 2014 When I try to login with my username and password, nothing happens. I only get an error from this line in login.php: "if ($_POST['action']=='logout') {" So what could be wrong? Login.php: <?php session_start(); /*Om användaren har tryck på loggut-knappen så verkställs sessionen.*/ if ($_POST['action']=='logout') { session_unset(); } if (! isset($_SESSION['username'])) { if (isset($_POST['username'])) { $username = addslashes($_POST['username']); $pswd = addslashes($_POST['pswd']); /*Här försöker vi koppla upp mot databasen*/ mysql_connect('localhost', 'root', '') or die("Kan inte koppla upp mot db-servern"); mysql_select_db("db_film") or die("Kan inte koppla upp mot db"); /*Här hämtas namn, användarnamn och lösenord från tabellen users i databasen. Om de inskrivna värdena stämmer överens med uppgifterna i databasen så skickas vi till publishpost.php. */ $query = "SELECT username FROM users WHERE username='$username' AND pswd=md5('$pswd')"; echo "<pre>$query</pre>"; $result = mysql_query($query); if (mysql_num_rows($result) == 1){ // $_SESSION['firstname'] = mysql_result($result,0,"firstname"); $_SESSION['username'] = mysql_result($result,0,"username"); $user = $_POST['username']; $salt = "somestring"; $_SESSION['token'] = md5($salt . $user . $salt); $token = $_SESSION['token']; header("location: publishpost.php"); } /*Om uppgifterna inte stämmer så stannar användaren kvar på login.php och en text skrivs ut som talar om att man inte har blivit inloggad.*/ else { $username = $_SESSION['username']; header("location: login.php"); echo ("Du är inte inloggad"); } } } ?> Checklogin.php: <?php /* En session för att logga in */ session_start(); $user = $_SESSION['username']; $salt = "somestring"; $token = md5($salt . $user . $salt); if (isset($_SESSION['name']) AND $_SESSION['token'] == $token) { $name = $_SESSION['name']; } else { header("location: login.php"); } ?> Quote Link to comment Share on other sites More sharing options...
adam_bray Posted January 9, 2014 Share Posted January 9, 2014 (edited) What error do you get? If you use this, what happens? - $result = mysql_query($query) or die( mysql_error() ); Edited January 9, 2014 by adam_bray Quote Link to comment Share on other sites More sharing options...
carophp Posted January 9, 2014 Author Share Posted January 9, 2014 What error do you get? If you use this, what happens? - $result = mysql_query($query) or die( mysql_error() ); I get this message: SELECT username FROM users WHERE username='Ennon' AND pswd=md5('aslan') Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted January 9, 2014 Share Posted January 9, 2014 I get this message: SELECT username FROM users WHERE username='Ennon' AND pswd=md5('aslan') That is because you are echo'ing the query before hand echo "<pre>$query</pre>"; Remove or comment the line above. This will cause the header redirect from working. Quote Link to comment Share on other sites More sharing options...
carophp Posted January 9, 2014 Author Share Posted January 9, 2014 That is because you are echo'ing the query before hand echo "<pre>$query</pre>"; Remove or comment the line above. This will cause the header redirect from working. I commented the line but still unable to log in! Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted January 9, 2014 Share Posted January 9, 2014 (edited) Use this as login.php. Post what messages are displayed. <?php ini_set('display_errors', 1); error_reporting(E_ALL); session_start(); /*Om användaren har tryck på loggut-knappen så verkställs sessionen.*/ if (isset($_POST['action']) && $_POST['action']=='logout') { session_unset(); } echo "Attempting to login....<br>" if (! isset($_SESSION['username'])) { if (isset($_POST['username'])) { $username = addslashes($_POST['username']); $pswd = addslashes($_POST['pswd']); echo "Username $username<br>Password $pswd<br>"; /*Här försöker vi koppla upp mot databasen*/ mysql_connect('localhost', 'root', '') or die("Kan inte koppla upp mot db-servern"); mysql_select_db("db_film") or die("Kan inte koppla upp mot db"); /*Här hämtas namn, användarnamn och lösenord från tabellen users i databasen. Om de inskrivna värdena stämmer överens med uppgifterna i databasen så skickas vi till publishpost.php. */ $query = "SELECT username FROM users WHERE username='$username' AND pswd=md5('$pswd')"; echo "Query to run...<pre>$query</pre>"; $result = mysql_query($query); if (mysql_num_rows($result) == 1) { echo 'Success logged in! Credentials matched<br>'; // $_SESSION['firstname'] = mysql_result($result,0,"firstname"); $_SESSION['username'] = mysql_result($result,0,"username"); $user = $_POST['username']; $salt = "somestring"; $_SESSION['token'] = md5($salt . $user . $salt); $token = $_SESSION['token']; printf('<pre>$_SESSION data = %s</pre>', print_r($_SESSION, true)); //header("location: publishpost.php"); } /*Om uppgifterna inte stämmer så stannar användaren kvar på login.php och en text skrivs ut som talar om att man inte har blivit inloggad.*/ else { echo "Login failed! Username/password wrong<br>"; $username = $_SESSION['username']; //header("location: login.php"); echo ("Du är inte inloggad"); } } else { echo "\$_POST['username'] does not exist<br>Can not loggin"; } } else { echo "\$_SESSION['username'] exists. Already logged in?<br>"; } ?> Edited January 9, 2014 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
carophp Posted January 9, 2014 Author Share Posted January 9, 2014 Use this as login.php. Post what messages are displayed. <?php ini_set('display_errors', 1); error_reporting(E_ALL); session_start(); /*Om användaren har tryck på loggut-knappen så verkställs sessionen.*/ if (isset($_POST['action']) && $_POST['action']=='logout') { session_unset(); } echo "Attempting to login....<br>" if (! isset($_SESSION['username'])) { if (isset($_POST['username'])) { $username = addslashes($_POST['username']); $pswd = addslashes($_POST['pswd']); echo "Username $username<br>Password $pswd<br>"; /*Här försöker vi koppla upp mot databasen*/ mysql_connect('localhost', 'root', '') or die("Kan inte koppla upp mot db-servern"); mysql_select_db("db_film") or die("Kan inte koppla upp mot db"); /*Här hämtas namn, användarnamn och lösenord från tabellen users i databasen. Om de inskrivna värdena stämmer överens med uppgifterna i databasen så skickas vi till publishpost.php. */ $query = "SELECT username FROM users WHERE username='$username' AND pswd=md5('$pswd')"; echo "Query to run...<pre>$query</pre>"; $result = mysql_query($query); if (mysql_num_rows($result) == 1) { echo 'Success logged in! Credentials matched<br>'; // $_SESSION['firstname'] = mysql_result($result,0,"firstname"); $_SESSION['username'] = mysql_result($result,0,"username"); $user = $_POST['username']; $salt = "somestring"; $_SESSION['token'] = md5($salt . $user . $salt); $token = $_SESSION['token']; printf('<pre>$_SESSION data = %s</pre>', print_r($_SESSION, true)); //header("location: publishpost.php"); } /*Om uppgifterna inte stämmer så stannar användaren kvar på login.php och en text skrivs ut som talar om att man inte har blivit inloggad.*/ else { echo "Login failed! Username/password wrong<br>"; $username = $_SESSION['username']; //header("location: login.php"); echo ("Du är inte inloggad"); } } else { echo "\$_POST['username'] does not exist<br>Can not loggin"; } } else { echo "\$_SESSION['username'] exists. Already logged in?<br>"; } ?> Thanks! Got this: Parse error: syntax error, unexpected 'if' (T_IF), expecting ',' or ';' in C:\xampp\htdocs\film\login.php on line 15 Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted January 9, 2014 Share Posted January 9, 2014 Oops, change echo "Attempting to login....<br>" to echo "Attempting to login....<br>"; I left the semi-colon off of the end of line 13 which is causing the error. Try to login again and post the messages you get. Quote Link to comment Share on other sites More sharing options...
carophp Posted January 9, 2014 Author Share Posted January 9, 2014 Now we're talking, but still i'm not logged in! Attempting to login.... $_SESSION['username'] exists. Already logged in? Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted January 9, 2014 Share Posted January 9, 2014 (edited) The session data still exists from the last loggin. This is because your logout code is not removing the session correctly, use session_destroy() for this instead. To test your code add session_destroy() after session_start() now run your code. Remove session_destory() after you have ran the code, this to clear the sessions of any data. Edited January 9, 2014 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
carophp Posted January 9, 2014 Author Share Posted January 9, 2014 So it's something wrong with my query? Attempting to login....$_POST['username'] does not existCan not loggin Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted January 9, 2014 Share Posted January 9, 2014 (edited) Are you entering the username and password in your login form? Could you post the login form too Edited January 9, 2014 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
carophp Posted January 9, 2014 Author Share Posted January 9, 2014 Comes here! (sorry I thought I posted the whole file already!) I have 3 users and tried them all, one with MD5 encryption password and two user without. None working.. <?php session_start(); //Om användaren har tryck på loggut-knappen så verkställs sessionen. if ($_GET['action']=='logout') { // session_destroy(); } /* if (isset($_GET['action']===true && $_GET['action'] =='logout') { // logga ut session_destroy(); } if (isset($_POST['action']=='logout')) { // logga ut session_unset(); } */ if (! isset($_SESSION['username'])) { if (isset($_POST['username'])) { $username = addslashes($_POST['username']); $pswd = addslashes($_POST['pswd']); /*Här försöker vi koppla upp mot databasen*/ mysql_connect('localhost', 'root', '') or die("Kan inte koppla upp mot db-servern"); mysql_select_db("db_film") or die("Kan inte koppla upp mot db"); /*Här hämtas namn, användarnamn och lösenord från tabellen users i databasen. Om de inskrivna värdena stämmer överens med uppgifterna i databasen så skickas vi till publishpost.php. */ $query = "SELECT `username`, `pswd` FROM `users` WHERE username='$username' AND pswd=md5('$pswd')"; echo "<pre>$query</pre>"; $result = mysql_query($query) or die( mysql_error() ); $result = mysql_query($query); if (mysql_num_rows($result) == 1){ $_SESSION['firstname'] = mysql_result($result,0,"firstname"); $_SESSION['username'] = mysql_result($result,0,"username"); $user = $_POST['username']; $salt = "somestring"; $_SESSION['token'] = md5($salt . $user . $salt); $token = $_SESSION['token']; header("location: publishpost.php"); } /*Om uppgifterna inte stämmer så stannar användaren kvar på login.php och en text skrivs ut som talar om att man inte har blivit inloggad.*/ else { $username = $_SESSION['username']; header("location: login.php"); echo ("Du är inte inloggad"); } } } ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="sv"> <head> <!-- FILM --> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <div id="header"> Välkommen! <a href="viewpost.php">Läs poster</a> </div> <div id="container"> <?php include 'register.php'; ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>"> <p>Användarnamn<br /><input type="text" name="username" /></p> <p>Lösenord<br /><input type="password" name="pswd" /></p> <p><input type="submit" value="Logga in" /></p> </form> <a href="login.php?action=logout">Logga ut</a> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.