Jump to content

Help with my login script problem.

law

By law
in PHP Coding Help

 Share

Recommended Posts

law Member

law

Posted
Posted

I'm sure that this is some stupid error but my login script doesn't work.. but can some one tell me why this doesn't work.. also i would love and security advice you guys may have

 

if($userloggedin !== 1){
/*
if($_GET loggedin==1){
	echo "<h5>Previous session was deleted. For security reasons, please log back in.</h5>";
}
if($_GET improperlogin==1) {
	echo "<h5>Your Username or Password are incorrect.</h5>"
}
*/
echo"	<form action='./includes/login.php' method='POST'>
			<input type='text' value='Username'/>
			<input type='password' value='Password'/>
			<input type='Submit' value='Login' class='button' />
		</form>
	</p>
	";
}else{
echo "
<a href = './includes/logout.php'>Logout</a>
";
}

 

 

<?php 
include_once('../dbconfig.php');
if (!isset($_SESSION['user_name'])){

// Diagnosing code only
$submit = "$_POST[submit]";
$user = "$_POST[username]";
$pass = "$_POST[Password]";

echo"nosession   $submit -- $user -- $pass";
//The above will not be included in the code ^

if ($submit == "Login"){
$md5pass = md5($_POST['password']);
$sql = "SELECT id, nickname, privilages FROM admin WHERE 
            username = '$user_name' AND 
            password = '$md5pass'"; 
            
$result = mysql_query($sql) or die (mysql_error()); 
$num = mysql_num_rows($result);

echo"submitted";
    if ( $num !== 0 ) { 

        // A matching row was found - the user is authenticated. 
       session_start(); 
       list($user_id,$user_name,$user_level) = mysql_fetch_row($result);
        // this sets variables in the session 
        
	$_SESSION['user_id'] = $user_id;
        $_SESSION['user_name']= $user_name;  
        $_SESSION['user_level'] = $user_level;

	$admin_id = $_SESSION['user_id'];
	$admin_name = $_SESSION['user_name'];
	$adminpriv = $_SESSION['user_level'];
            
	$usersession = md5($admin_name);

			//=======================Query's=========================
			//take user id and $usersession and put it into the database... delete row from user id if it exists
			$sql = "SELECT id FROM adsession WHERE 
						id = $admin_id"; 
			$result = mysql_query($sql) or die (mysql_error()); 
			$num = mysql_num_rows($result);
				    if ( $num == 0 ) { 
						$sql = "INSERT INTO adsession (id,md5name) 
									value ('$admin_id','$usersession')"; 
						$result = mysql_query($sql) or die (mysql_error()); 
					} else{
						header("Location: ./includes/logout.php?loggedin=1");
					}
			//=======================================================

        header("Location: admenu.php?session=$usersession&action=none");
        //}
        //echo "Logged in...";
        //exit()
	//header("Location: admenu.php?session=$usersession&action=none");

    } else {
	header("Location: admenu.php?login=InvalidLogin");
}
}
} else {
echo "Checking your session and verifying you";
}
?>

Link to comment
Share on other sites
Stephen Newbie

Stephen

Posted
Posted

Do you get any errors, or does it just not log you in?

 

EDIT: found one problem

 

Find:

$sql = "SELECT id, nickname, privilages FROM admin WHERE 
            username = '$user_name' AND 
            password = '$md5pass'";

Try using:

$sql = "SELECT id, nickname, privilages FROM admin WHERE 
            username = '$user' AND 
            password = '$md5pass'";

Link to comment
Share on other sites
law Member

law

Posted
  • Author
Posted

sorry should have been more specific.. the code never satisfies this statement

 

if ($submit == "Login"){

 

 

none of the other $_POST ['Variables'] are being picked up either... soo when i submit the form brings me to the login page and all it says is the following

 

"nosession -- -- "

 

 

this leads me to believe that i'm retrieving or sending the POSTs wrong.. or something is wrong with my WAMP.. i have other login systems that work.. so i don't know if its WAMP.. also should i turn GLOBALS off? i have them on currently (i'm developing on a laptop that doesn't serve the pages publicly) however i have heard that they could be a security threat.. so is it best for "good coding" to not use globals?

Link to comment
Share on other sites
hitman6003 Newbie

hitman6003

Posted
Posted

Don't do this:

 

$submit = "$_POST[submit]";
$user = "$_POST[username]";
$pass = "$_POST[Password]";

 

Do this:

 

$submit = $_POST['Submit'];
$user = $_POST['Username'];
$pass = $_POST['Password'];

 

If you want to see the raw contents of $_POST use print_r:

 

echo '<pre>' . print_r($_POST, true);

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.