Login not working correctly, PLEASE HELP!

[lquidsilver]

Hello everyone, first off I would like to introduce myself, I am lquidsilver and I am new to these parts. Now onto my issue at hand, I have been working on a new login page for my newly created website, and I thought I had completed it, however, when I go to login it redirects me right back to my login page(login.php), I have nothing that tells it to do so, and I recieve no error. I have been searching high and low for the answer and have come up with nothing. So now I turn to all of you mad geniuses out there!

 

Heres the code:

 

<html> 
<head> 
<title>The Mundane</title> 
</head> 
<body> 
<table align='center' border=0 background='images/login.jpg' cellpadding=0 cellspacing=0 width=800 height=600>
<tr><td align='center'>
</br></br></br></br></br></br></br></br></br></br></br></br></br></br></br></br></br>
<form action="login.php" method="POST">
Username: <input type="text" name="username" size="15"><br />
Password: <input type="password" name="password" size="15"><br />
<input type="submit" value="Submit" name="login">
</form>
<font size=2>Don't have an account? <a href="register.php">Click here!</a></font>
</td></tr>
</table>
</body> 
<?php
//check that the user is calling the page from the login form and not accessing it directly 
//and redirect back to the login form if necessary 
session_start(); 
if ($user !=  $_SESSION["valid_user"])
{
echo "Incorrect username and/or password.";
}  

else{ 

//convert the field values to simple variables 

//add slashes to the username and md5() the password 
$user = $_POST['username']; 
$pass = $_POST['password']; 
//set the database connection variables 
include "dbConfig.php";
$result = mysql_query("select * from users where `username` = '".$user."' AND `password` = PASSWORD('".$pass."')"); 
$object = @mysql_fetch_object($result);
  
  $_SESSION["valid_user"] = $object->username;
  $_SESSION["valid_id"] = $object->ID;
  $_SESSION["valid_time"] = time();
    header( "Location: login2.php" ); 
  } 
?>

 

Thanks in advance!

[peranha]

Your form action is going to login.php

 

<form action="login.php" method="POST">

 

is that supposed to be login2.php?

[lquidsilver]

My apologies, the html code above is actually in a seperate file called login.htm.

[peranha]

What are the files, and what are the name of the files, if the php portion is login.php, then login.htm is going to login.php which is correct.  What is the issue?  does it not go to login2.php

[lquidsilver]

The html code above is a file called login.htm which is supposed to send the username and password to the above php code(login.php) which is then supposed to create session variables and redirect to login2.php, however login.php goes back to login.htm instead of login2.php which is the issue.

[NikkiLoveGod]

You need to put a .php extension to any file that you run php on. Unless you embed it with <script>... but it doesnt execute any php code with in <?php ?> tags unless the extension is .php.

 

You could try renaming the files to a bit more logical way, and putting up the extension correctly. Try checking the page source from your browser, and you can see your php there, and that is wrong. PHP is a serverside language and is processed before sending the page back to user and thus not visible for user.

 

good luck! Sorry if it was confusing

 

-Nikki

[peranha]

can we see login2.php code.  Is something in there that is redirecting to login.htm?

[lquidsilver]

Sorry for any confusion I am causing, lets see if I can make it a bit more understandable.

 

this is my login.htm file (ext. is .htm)

 

<html> 
<head> 
<title>The Mundane</title> 
</head> 
<body> 
<table align='center' border=0 background='images/login.jpg' cellpadding=0 cellspacing=0 width=800 height=600>
<tr><td align='center'>
</br></br></br></br></br></br></br></br></br></br></br></br></br></br></br></br></br>
<form action="login.php" method="POST">
Username: <input type="text" name="username" size="15"><br />
Password: <input type="password" name="password" size="15"><br />
<input type="submit" value="Submit" name="login">
</form>
<font size=2>Don't have an account? <a href="register.php">Click here!</a></font>
</td></tr>
</table>
</body> 
</html>

This is a form which is supposed to redirect to login.php with a username and password.

 

This is my login.php file (ext. is .php)

<?php
//check that the user is calling the page from the login form and not accessing it directly 
//and redirect back to the login form if necessary 
session_start(); 
if ($user !=  $_SESSION["valid_user"])
{
echo "Incorrect username and/or password.";
}  

else{ 


//username and password 
$user = $_POST['username']; 
$pass = $_POST['password']; 
//set the database connection variables 
include "dbConfig.php";
$result = mysql_query("select * from users where `username` = '".$user."' AND `password` = PASSWORD('".$pass."')"); 
$object = @mysql_fetch_object($result);
  
  $_SESSION["valid_user"] = $object->username;
  $_SESSION["valid_id"] = $object->ID;
  $_SESSION["valid_time"] = time();
    header( "Location: login2.php" ); 
  } 
?>

This php code here is supposed to check to see if the user is indeed an actual registered person, and  then sets session variables and redirects he/she to login2.php.

 

This is my login2.php code (ext. is .php)

<?php
session_start();
// dBase file
include "dbConfig.php";

$q2 = "SELECT * FROM userchars WHERE ID=".$_SESSION["valid_id"]." LIMIT 1";
$r2 = mysql_query($q2);
$obj2 = @mysql_fetch_object($r2);
if ($_SESSION["valid_id"] == $_SESSION["valid_id"])
{
  $_SESSION["valid_type"] = $obj2->race;
  $_SESSION["valid_align"] = $obj2->alignment;
  $_SESSION["valid_str"] = $obj2->strength;
  $_SESSION["valid_def"] = $obj2->defense;
  $_SESSION["valid_spd"] = $obj2->speed;
  $_SESSION["valid_en"] = $obj2->energy;
  $_SESSION["valid_hp"] = $obj2->hp;
  $_SESSION["valid_intel"] = $obj2->intel;
  // Redirect to member page
if ($_SESSION["valid_align"] == Evil)
{
Header("Location: members2.php");
}
else
  {
Header("Location: members.php");
  }
}
  else
  {
  // Login not successful
  die(mysql_error());
  }
?>

This code here is supposed to check and see if there is a valid user logged in then set some more session variables and finally based on which ever alignment they are redirect to the appopriate members page.

 

I hope that clears everything up!

[lquidsilver]

Well after process of emlimination I have figured out what the issue is, but the question still remains, "why?"

 

Here is where the issue is

$user = $_POST['username']; 

 

the php code refuses to register $user as a variable so it will not work in the following code

$result = mysql_query("select * from users where `username` = '".$_POST['username']."' AND `password` = PASSWORD('".$pass."')");

 

Which leads it to redirect back to login.htm instead of giving me an error, which is still baffeling me. Any ideas as to why?

[peranha]

$query = "select * from users where `username` = '".$_POST['username']."' AND `password` = PASSWORD('".$pass."')";

 

$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error();

 

change your query to this and see what gets displayed.