law Posted June 18, 2008 Share Posted June 18, 2008 I'm sure that this is some stupid error but my login script doesn't work.. but can some one tell me why this doesn't work.. also i would love and security advice you guys may have if($userloggedin !== 1){ /* if($_GET loggedin==1){ echo "<h5>Previous session was deleted. For security reasons, please log back in.</h5>"; } if($_GET improperlogin==1) { echo "<h5>Your Username or Password are incorrect.</h5>" } */ echo" <form action='./includes/login.php' method='POST'> <input type='text' value='Username'/> <input type='password' value='Password'/> <input type='Submit' value='Login' class='button' /> </form> </p> "; }else{ echo " <a href = './includes/logout.php'>Logout</a> "; } <?php include_once('../dbconfig.php'); if (!isset($_SESSION['user_name'])){ // Diagnosing code only $submit = "$_POST[submit]"; $user = "$_POST[username]"; $pass = "$_POST[Password]"; echo"nosession $submit -- $user -- $pass"; //The above will not be included in the code ^ if ($submit == "Login"){ $md5pass = md5($_POST['password']); $sql = "SELECT id, nickname, privilages FROM admin WHERE username = '$user_name' AND password = '$md5pass'"; $result = mysql_query($sql) or die (mysql_error()); $num = mysql_num_rows($result); echo"submitted"; if ( $num !== 0 ) { // A matching row was found - the user is authenticated. session_start(); list($user_id,$user_name,$user_level) = mysql_fetch_row($result); // this sets variables in the session $_SESSION['user_id'] = $user_id; $_SESSION['user_name']= $user_name; $_SESSION['user_level'] = $user_level; $admin_id = $_SESSION['user_id']; $admin_name = $_SESSION['user_name']; $adminpriv = $_SESSION['user_level']; $usersession = md5($admin_name); //=======================Query's========================= //take user id and $usersession and put it into the database... delete row from user id if it exists $sql = "SELECT id FROM adsession WHERE id = $admin_id"; $result = mysql_query($sql) or die (mysql_error()); $num = mysql_num_rows($result); if ( $num == 0 ) { $sql = "INSERT INTO adsession (id,md5name) value ('$admin_id','$usersession')"; $result = mysql_query($sql) or die (mysql_error()); } else{ header("Location: ./includes/logout.php?loggedin=1"); } //======================================================= header("Location: admenu.php?session=$usersession&action=none"); //} //echo "Logged in..."; //exit() //header("Location: admenu.php?session=$usersession&action=none"); } else { header("Location: admenu.php?login=InvalidLogin"); } } } else { echo "Checking your session and verifying you"; } ?> Link to comment https://forums.phpfreaks.com/topic/110688-help-with-my-login-script-problem/ Share on other sites More sharing options...
Stephen Posted June 18, 2008 Share Posted June 18, 2008 Do you get any errors, or does it just not log you in? EDIT: found one problem Find: $sql = "SELECT id, nickname, privilages FROM admin WHERE username = '$user_name' AND password = '$md5pass'"; Try using: $sql = "SELECT id, nickname, privilages FROM admin WHERE username = '$user' AND password = '$md5pass'"; Link to comment https://forums.phpfreaks.com/topic/110688-help-with-my-login-script-problem/#findComment-567866 Share on other sites More sharing options...
law Posted June 18, 2008 Author Share Posted June 18, 2008 sorry should have been more specific.. the code never satisfies this statement if ($submit == "Login"){ none of the other $_POST ['Variables'] are being picked up either... soo when i submit the form brings me to the login page and all it says is the following "nosession -- -- " this leads me to believe that i'm retrieving or sending the POSTs wrong.. or something is wrong with my WAMP.. i have other login systems that work.. so i don't know if its WAMP.. also should i turn GLOBALS off? i have them on currently (i'm developing on a laptop that doesn't serve the pages publicly) however i have heard that they could be a security threat.. so is it best for "good coding" to not use globals? Link to comment https://forums.phpfreaks.com/topic/110688-help-with-my-login-script-problem/#findComment-568516 Share on other sites More sharing options...
revraz Posted June 18, 2008 Share Posted June 18, 2008 Try changing <input type='Submit' value='Login' class='button' /> to <input type='Submit' name= 'Login' value='Login' class='button' /> Link to comment https://forums.phpfreaks.com/topic/110688-help-with-my-login-script-problem/#findComment-568523 Share on other sites More sharing options...
law Posted June 19, 2008 Author Share Posted June 19, 2008 ok i tried it.. thats a no go either.. i still get "nosession --" Link to comment https://forums.phpfreaks.com/topic/110688-help-with-my-login-script-problem/#findComment-568703 Share on other sites More sharing options...
hitman6003 Posted June 19, 2008 Share Posted June 19, 2008 Don't do this: $submit = "$_POST[submit]"; $user = "$_POST[username]"; $pass = "$_POST[Password]"; Do this: $submit = $_POST['Submit']; $user = $_POST['Username']; $pass = $_POST['Password']; If you want to see the raw contents of $_POST use print_r: echo '<pre>' . print_r($_POST, true); Link to comment https://forums.phpfreaks.com/topic/110688-help-with-my-login-script-problem/#findComment-568704 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.