maxudaskin Posted August 2, 2008 Share Posted August 2, 2008 I made this script yesterday, but I cannot seem to debug a crucial error. I put letters and numbers into the functions so I know what exactly it is doing and in what order. Everything seems to be logically correct, but it is not seeming to complete the functions as a whole properly. http://www.virtualzoom.net/loginscript/ Username: test Password: test123 Code: http://www.virtualzoom.net/loginscript/pretty/ Quote Link to comment Share on other sites More sharing options...
maxudaskin Posted August 2, 2008 Author Share Posted August 2, 2008 Now I am getting the following error with the following code. MySQL Error 1054 with description Unknown column 'test' in 'where clause' $sql = "SELECT password FROM " . USERS_TABLE . " WHERE username = " . $username; $query = mysql_query($sql) or die ( "MySQL Error " . mysql_errno() . " with description " . mysql_error() ); Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 2, 2008 Share Posted August 2, 2008 All values in a query must be wrapped in quotes $sql = "SELECT password FROM " . USERS_TABLE . " WHERE username = '$username'"; Also on your index page, session_start must be called before any output is made: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <?php include ("include/login.php"); session_start(); ?> Should be <?php include ("include/login.php"); session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> Quote Link to comment Share on other sites More sharing options...
TempleDMDKrazd Posted August 2, 2008 Share Posted August 2, 2008 Now I am getting the following error with the following code. MySQL Error 1054 with description Unknown column 'test' in 'where clause' $sql = "SELECT password FROM " . USERS_TABLE . " WHERE username = " . $username; $query = mysql_query($sql) or die ( "MySQL Error " . mysql_errno() . " with description " . mysql_error() ); uhhh... dude $username is a string it needs to be in quotes also are you sure its a good idea to store someone's username + password together in a cookie?..... Quote Link to comment Share on other sites More sharing options...
maxudaskin Posted August 2, 2008 Author Share Posted August 2, 2008 Ok, my two silly mistakes... And it is the remember me feature of the site. Another site cannot access the cookie so it should be fine. Anyways, aren't cookies encoded? Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 2, 2008 Share Posted August 2, 2008 Cookies are stored as plain text on the client side. Cookies will only work on the site that created it. Cookies cannot be shared across multiple sites. Quote Link to comment Share on other sites More sharing options...
maxudaskin Posted August 2, 2008 Author Share Posted August 2, 2008 Ok, well it is still not working. Test it out and tell me what you think please. It works at first, but if you refresh (do not resend POST data) or reenter the URL, it doesn't work. I think it may be sessions. Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 2, 2008 Share Posted August 2, 2008 Change your confirmUser function to // Check Credentials function confirmUser($username, $password) { // undo magic cuotes if (get_magic_quotes_gpc()) { $username = stripslashes($username); } // escape harmful characters $username = mysql_real_escape_string($username); // md5 'n salt the password $password = md5($password . SALT); // check the username AND password in the query at the same time $sql = "SELECT username FROM " . USERS_TABLE . " WHERE username = '$username' AND password = '$password'"; $query = mysql_query($sql) or die("MySQL Error " . mysql_errno() . " with description " . mysql_error()); // check that mysql returned 1 result, meaning a match was found if (mysql_num_rows($query) == 1) { return TRUE; } // no match return false! return FALSE; } Quote Link to comment Share on other sites More sharing options...
maxudaskin Posted August 2, 2008 Author Share Posted August 2, 2008 Nope...still not working... Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 2, 2008 Share Posted August 2, 2008 On Index.php you have this: if(LOGGED_IN) { "You are logged in"; } it should be if(LOGGED_IN) { echo "You are logged in"; } Quote Link to comment Share on other sites More sharing options...
maxudaskin Posted August 2, 2008 Author Share Posted August 2, 2008 But when you refresh, it still logs you out... I am going crazy! Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 2, 2008 Share Posted August 2, 2008 When debugging you should turn display_errors on and set error_reporting to E_ALL I have ran your code and setup a test database on my dev machine, and your the code works fine. Quote Link to comment Share on other sites More sharing options...
maxudaskin Posted August 2, 2008 Author Share Posted August 2, 2008 The error reporting should be on... I made a page with a common error on it (on purpose) to test it. It seems to be on: http://www.virtualzoom.net/websiteadministrator/error.php Quote Link to comment Share on other sites More sharing options...
DeanWhitehouse Posted August 2, 2008 Share Posted August 2, 2008 ok, add error_reporting(E_ALL); to the top of the page Quote Link to comment Share on other sites More sharing options...
maxudaskin Posted August 2, 2008 Author Share Posted August 2, 2008 Here is the list. Notice: Undefined variable: PHP_SELF in /home/.grable/vzoom/virtualzoom.net/loginscript/include/functions.php on line 79 Notice: A session had already been started - ignoring session_start() in /home/.grable/vzoom/virtualzoom.net/loginscript/index.php on line 1 After Login Notice: Undefined variable: password in /home/.grable/vzoom/virtualzoom.net/loginscript/include/login.php on line 178 Notice: Undefined index: remember_me in /home/.grable/vzoom/virtualzoom.net/loginscript/include/login.php on line 181 Notice: A session had already been started - ignoring session_start() in /home/.grable/vzoom/virtualzoom.net/loginscript/index.php on line 1 You are logged in Quote Link to comment Share on other sites More sharing options...
maxudaskin Posted August 2, 2008 Author Share Posted August 2, 2008 Aha! Thank you all for your help. Now I know about error_reporting(E_ALL); and I will use it wisely! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.