rockindano30 Posted July 14, 2008 Share Posted July 14, 2008 Hi everyone, i am working on a app. for a client. now i have my login.php page with a simple form. this page calls my validation2.php page and then validation2 page calls my update page. now when i type in the user name and password, my validation page displays my error that i have: "invalid username and password. login first" but if i hit go back on my browser and refresh the page and retype the info, it logs me in. i typed my info in correctly. but seems that the first time that i run it it doesn't finds anything in the mysql table users, so when i go back and refresh and retype it finds it in the table and continues with the update form.??? ??? ??? i will be including my files here: login.php <form method="post" action="validate2.php"> User Name:<Br /> <input name="user_name" type="text" value=" " size="15" maxlength="25" /><br /><br /> Password:<br /> <input name="psswrd" type="password" value="" size="15" maxlength="25" /><br /><br /> <input name="submit" type="submit" value="Login" /> </form> validate2.php <?php if(!isset($_POST["user_name"]) || !isset($_POST["psswrd"])) die("invalid operation"); $goback = "<br /><br />Please <a href=\"login.php\">go back</a> and try again."; //print "$_POST[\"user_name\"]<br />"; if(empty($_POST["user_name"])) die("<br />The email field cannot be left blank."); if(empty($_POST["psswrd"])) die("<br />The Password field cannot be left blank"); $user_name = $_POST["user_name"]; $psswrd = md5(trim($_POST["psswrd"])); if (!($db = mysql_connect('localhost','user_db','db_password'))) { print"Error: could not connect to the database."; exit; } mysql_select_db(test); //$query = "SELECT * FROM users WHERE user_name='{$_POST['user_name']}' AND psswrd='{$_POST['psswrd']}'"; $query = "SELECT * FROM users WHERE user_name = '{$user_name}' AND psswrd = '{$psswrd}'"; $result = mysql_query($query); if(mysql_num_rows($result)==0) die("<br />Invalid email or passwordmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm!<br />{$goback}"); $row = @ mysql_fetch_array($result); session_start(); $_SESSION["user_id"]=$row["user_id"]; $_SESSION["ip_addr"]=$_SERVER["REMOTE_ADDR"]; $_SESSION["user_name"]=$row["user_name"]; header("LOCATION: update.php"); ?> Quote Link to comment https://forums.phpfreaks.com/topic/114659-solved-help-with-login-php-script-and-forms/ Share on other sites More sharing options...
craygo Posted July 14, 2008 Share Posted July 14, 2008 I would try clearing your temp internet files and private cache. Seems like the original page has been cached. If you have changed the input field names they may be cached in the original names which is why it works when you refresh the page. i am just throwing this out there since your code looks fine and does work. Ray Quote Link to comment https://forums.phpfreaks.com/topic/114659-solved-help-with-login-php-script-and-forms/#findComment-589629 Share on other sites More sharing options...
rockindano30 Posted July 14, 2008 Author Share Posted July 14, 2008 thank you let me try that and see if it works. Quote Link to comment https://forums.phpfreaks.com/topic/114659-solved-help-with-login-php-script-and-forms/#findComment-589635 Share on other sites More sharing options...
MiCR0 Posted July 14, 2008 Share Posted July 14, 2008 & your code has a number of vulnerabilities.. $_POST["user_name"] $_POST["psswrd"] there is no validation security.. Quote Link to comment https://forums.phpfreaks.com/topic/114659-solved-help-with-login-php-script-and-forms/#findComment-589640 Share on other sites More sharing options...
rockindano30 Posted July 14, 2008 Author Share Posted July 14, 2008 MiCR0 how could i fix my code for that? Quote Link to comment https://forums.phpfreaks.com/topic/114659-solved-help-with-login-php-script-and-forms/#findComment-589648 Share on other sites More sharing options...
rockindano30 Posted July 14, 2008 Author Share Posted July 14, 2008 well craygo i did your steps and still same thing??? Quote Link to comment https://forums.phpfreaks.com/topic/114659-solved-help-with-login-php-script-and-forms/#findComment-589655 Share on other sites More sharing options...
craygo Posted July 14, 2008 Share Posted July 14, 2008 can use mysql_real_escape_string() to prepare the data. Quote Link to comment https://forums.phpfreaks.com/topic/114659-solved-help-with-login-php-script-and-forms/#findComment-589657 Share on other sites More sharing options...
craygo Posted July 14, 2008 Share Posted July 14, 2008 One thing you may want to do is not suppress error reporting until all your code is set <?php if(!isset($_POST["user_name"]) || !isset($_POST["psswrd"])) die("invalid operation"); $goback = "<br /><br />Please <a href=\"login.php\">go back</a> and try again."; if (!$db = mysql_connect('localhost','user_db','db_password')) { print"Error: could not connect to the database.<br>".mysql_error(); exit; } @mysql_select_db('test') or die(mysql_error()); // unless your database name is test, you should change this. and if it is put it in quotes //print "$_POST[\"user_name\"]<br />"; if(empty($_POST["user_name"])) die("<br />The email field cannot be left blank."); if(empty($_POST["psswrd"])) die("<br />The Password field cannot be left blank"); $user_name = mysql_real_escape_string($_POST["user_name"]); $psswrd = md5(trim($_POST["psswrd"])); //$query = "SELECT * FROM users WHERE user_name='{$_POST['user_name']}' AND psswrd='{$_POST['psswrd']}'"; $query = "SELECT * FROM `users` WHERE `user_name` = '{$user_name}' AND psswrd = '{$psswrd}'"; $result = mysql_query($query) or die(mysql_error()); if(mysql_num_rows($result) == 0) die("<br />Invalid email or passwordmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm!<br />{$goback}"); $row = mysql_fetch_array($result); session_start(); $_SESSION["user_id"]=$row["user_id"]; $_SESSION["ip_addr"]=$_SERVER["REMOTE_ADDR"]; $_SESSION["user_name"]=$row["user_name"]; header("LOCATION: update.php"); ?> Ray Quote Link to comment https://forums.phpfreaks.com/topic/114659-solved-help-with-login-php-script-and-forms/#findComment-589660 Share on other sites More sharing options...
rockindano30 Posted July 14, 2008 Author Share Posted July 14, 2008 huh? what do you mean. sorry for being a nubbie Quote Link to comment https://forums.phpfreaks.com/topic/114659-solved-help-with-login-php-script-and-forms/#findComment-589663 Share on other sites More sharing options...
rockindano30 Posted July 14, 2008 Author Share Posted July 14, 2008 anybody know of a good tutorial for that? or guide me to a tut? Quote Link to comment https://forums.phpfreaks.com/topic/114659-solved-help-with-login-php-script-and-forms/#findComment-589667 Share on other sites More sharing options...
craygo Posted July 14, 2008 Share Posted July 14, 2008 you want to use php's error checking to get your code working correctly. Above I added some error checking to try and narrow things down for you Quote Link to comment https://forums.phpfreaks.com/topic/114659-solved-help-with-login-php-script-and-forms/#findComment-589669 Share on other sites More sharing options...
rockindano30 Posted July 14, 2008 Author Share Posted July 14, 2008 oh i c. thank you Quote Link to comment https://forums.phpfreaks.com/topic/114659-solved-help-with-login-php-script-and-forms/#findComment-589671 Share on other sites More sharing options...
rockindano30 Posted July 14, 2008 Author Share Posted July 14, 2008 well don't know what it was but changed my login.php file to a login.html file and seems to be working just fine. thank you craygo for all your help and advise. Quote Link to comment https://forums.phpfreaks.com/topic/114659-solved-help-with-login-php-script-and-forms/#findComment-589700 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.