Login Management

[ublapach]

Im having trouble with makeing a login user name password system that checks values against a database and moves on to a main page once the user is loged in im haveing trouble with the code in the auth user file and im not sure why pleas help heres the code

 

<?php

// we must never forget to start the session

session_start();

 

//$errorMessage = '';

//if (isset($_POST['username']) && isset($_POST['passwd'])) {

  include '../tracking/db_connx.php';

 

  $username = @$_POST['username'];

  $passwd = @$_POST['passwd'];

 

  // check if the user id and password combination exist in database

  $sql = "SELECT username

          FROM webusers

          WHERE username = '$username'

                AND passwd = '$passwd'" or die("error 1");

 

  $result = mysql_query($sql)

            or die('Query failed. ' . mysql_error());

 

  if (mysql_num_rows($result) == 1) {

      // the user id and password match,

      // set the session

      $_SESSION['db_is_logged_in'] == true;

 

      // after login we move to the main page

      header('Location:../indexin.php');

      exit;

  } else {

      $errorMessage = 'Sorry, wrong user id / password';

  }

 

 

?>

 

 

[dptr1988]

What is the 'trouble' that you are having? Are you getting an error message? a blank page? redirect not working? .......

[madspof]

I would try this:

<?php
// we must never forget to start the session
session_start();

//$errorMessage = '';
//if (isset($_POST['username']) && isset($_POST['passwd'])) {
   include '../tracking/db_connx.php';

   $username = @$_POST['username'];
   $passwd = @$_POST['passwd'];

           $issuchusername = mysql_query("SELECT * FROM webusers WHERE username = '$username'");
           $usernamelogin = mysql_num_rows($issuchusername);

if ($usernamelogin == 1) {

          $issuchpassword = mysql_query("SELECT * FROM webusers WHERE username = '$username' AND passwd = '$passwd'");
          $passwordlogin = mysql_num_rows($issuchpassword);

           if ($passwordlogin == 1) {


      $_SESSION['db_is_logged_in'] == true;

      // after login we move to the main page
      header('Location:../indexin.php');
      exit;
}else{
echo "Your password was incorrect";
}
}else{
echo "Your username was incorrect";
}
}else{
echo "You did not enter either you password or username";
}

?>

[ublapach]

now getting error

 

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /usr/home/jlytal/public_html/newsite/login/authuser.php:2) in /usr/home/jlytal/public_html/newsite/login/authuser.php on line 4

 

[ublapach]

I'm wanting to have it log you in and then go to a different page based on user access level stored in the database i think i can get this part if i could get it to set the session and stay logged in though out the site till you hit the logout button i dont think it is passing the form information along the the auth page but im not sure ive only done this once before and then i had the help of a teacher

[947740]

There can be 0 spaces/linebreaks/whitespace in between the <?php tags and the header().

 

Example:

 

This will not/should not work:

 
<?php header("Location: test.php"); ?>

This will/should work:

<?php header("Location: test.php"); ?>

[ublapach]

what if the header is not at the top of the page

[947740]

That makes no difference whatsoever.

[ublapach]

do i need any configuration file to tell the sever where to send the cookie of how to set the session?

[947740]

You should not.  The only other problem would be the fact that sessions are disabled.  In that situation, you would need to edit a configuration file.

[ublapach]

ok heres the code form my index page where it redirects to the indexlog page and then that page is just html whith a form thats action is authuser.php then that page is spost to check the username and password to see if they match form a database here the code of the two pages

 

 

<?php
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in'])
   || $_SESSION['db_is_logged_in'] !== true) {

   // not logged in, move to login page
   header('Location:indexlog.html');
   exit;
   }else{
   header('Location:indexin.php');
   exit;
}

?>

 

 

thats the index page

 

 

 <?php session_start();
//$errorMessage = '';
//if (isset($_POST['username']) && isset($_POST['passwd'])) {
   include '../tracking/db_connx.php';
   $username = @$_POST['username'];
   $passwd = @$_POST['passwd'];
           $issuchusername = mysql_query("SELECT * FROM webusers WHERE username = '$username'");
           $usernamelogin = mysql_num_rows($issuchusername);
if ($usernamelogin == 1) {
          $issuchpassword = mysql_query("SELECT * FROM webusers WHERE username = '$username' AND passwd = '$passwd'");
          $passwordlogin = mysql_num_rows($issuchpassword);
           if ($passwordlogin == 1) 
      $_SESSION['db_is_logged_in'] == true;
      // after login we move to the main page
      header('Location:../indexin.php');
      exit;
}
?>

 

theres the authuser page and im sure that the db_connx.php file works cause i used it somewhere else and it worked so its not that

 

oh and then after loged in it should redirect you to the indexin.php which checks for the session variable

 

heres that code

 

<?php
session_start();

// is the one accessing this page logged in or not?
if (!isset($_SESSION['db_is_logged_in'])
   || $_SESSION['db_is_logged_in'] !== true) {

   // not logged in, move to login page
   header('Location: indexlog.php');
   exit;
}

?>

[ublapach]

still need help on this issue please

 

[phpretard]

I have read throught the post and still don't know the problem.  I see that some problems were made.  What was the original problem?

[ublapach]

i cant get it to validate the user name and password and then move on to the logged in page

 

[phpretard]

What happen when you try to log in?  Blank page, Error, etc...

[ublapach]

well blank page till i commented out the //if (isset($_POST['username']) && isset($_POST['passwd'])) {  then it just goes back to the login page

[phpretard]

Can you post the form code?

[ublapach]

  <p>
              <form id="login" name="login" method="POST" action="login/authuser.php">
		    <input type="text" id="username" name="username" value="User Name" />
		    <input type="password" id="passwd" name="passwd" value="Password"/>
		    <input type="submit" id="submit" value="Log In"/>
	      </p>

[phpretard]

I gave your submit button a name and used it for the isset

 

<?php
session_start();

$errorMessage = '';
if (isset($_POST['Submit'])) {
   
   $username=$_POST['username'];
   $passwd=$_POST['passwd'];
   
   include '../tracking/db_connx.php';

   $sql = "SELECT * FROM webusers WHERE username = '$username' AND passwd = '$passwd'" 
   
   or die("error 1");

   $result = mysql_query($sql)
             or die('Query failed. ' . mysql_error());

   if (mysql_num_rows($result) == 1) {

     echo"Loged In";

      
      /* UNCOMMENT THIS LATER
      
      $_SESSION['db_is_logged_in'] == true; 

      header('Location:../indexin.php');
      exit;
      
      */
   } else {
   
      $echo = 'Sorry, wrong user id / password';
   }

}
?>
<p>
<form id="login" name="login" method="POST" action="">
<input type="text" id="username" name="username" value="User Name" />
<input type="password" id="passwd" name="passwd" value="Password"/>
<input type="submit" id="submit" name=Submit value="Log In"/>
</form>      
</p>

[phpretard]

oh yeah...I also --selected * from table-- instead of just username

[phpretard]

change the action="" to whatever it was...

[ublapach]

um getting a black page now

[phpretard]

Black?

[ublapach]

oh no type o blank my bad cant type

[BrianM]

he probably means 'blank'... ? in which case, it's most likely a syntax error.

 

ublapach, can you please copy your code here again and i'll review what you have.