jamesbrauman Posted September 13, 2008 Share Posted September 13, 2008 Well I am just starting on the base for my membership system for my website, and decided that logging in, logging out, checking if you are logged in and getting the logged in users name were the things to write first. However, they don't seem to work... at all. Main function file. //Logs a user in. function user_login($username, $md5password, $cookies="false") { $_SESSION['username'] = $username; $_SESSION['md5password'] = $md5password; if ($cookies) { setcookie("username", $username, strtotime("+30 days")); setcookie("md5password", $md5password, strtotime("+30 days")); } } //Logs a user out. function user_logout() { session_destroy(); setcookie("username", "", 1); setcookie("md5password", "", 1); } //Returns true if a user is logged in. function user_loggedin() { $username = $_SESSION['username']; $md5password = $_SESSION['md5password']; if (isset($_COOKIE['username']) && isset($_COOKIE['md5password'])) { $username = $_COOKIE['username']; $md5password = $_COOKIE['md5password']; } if (empty($username) || empty($password)) return false; $conn = mysql_connect("localhost", "****", "****"); mysql_select_db("redbox_main", $conn); $rows = mysql_num_rows(mysql_query("SELECT * FROM members WHERE username='$username' AND user_password='$md5password'")); mysql_close($conn); if ($rows == 0) return false; else return true; } //Returns the username of the logged in user. function user_username() { $username = $_SESSION['username']; if (isset($_COOKIE['username'])) $username = $_COOKIE['username']; return $username; } Login.php (the php parts) //At the very top of the webpage //if already logged in redirect to homepage. if (user_loggedin()) { header("Location: ../index.php"); exit(); } Login_process.php (Login.php posts to this) <?php include "../construct.php"; //login_process.php - Processes logins. //Go back to the page where we came from. $redirectURL = $_POST['page_url']; $username = $_POST['username']; $password = $_POST['password']; if (isset($_POST['remember_me'])) $remember_me = true; else $remember_me = false; if (!empty($username) && !empty($password)) { //Validate the user. $md5password = md5($password); $conn = mysql_connect("localhost", "****", "****"); mysql_select_db("redbox_main", $conn); $result = mysql_query("SELECT * FROM members WHERE username='$username' AND user_password='$md5password'") or exit(mysql_error); $rows = mysql_num_rows($result); mysql_close($conn); if ($rows != 0) { user_login($username, $md5password, $remember_me); header("Location: $redirectURL"); exit(); } else { header("Location: $redirectURL"); exit(); } } else { header("Location: $redirectURL"); exit(); } ?> I did a vardump script after this, and neither cookies or session variables are getting set... help? Thanks. Link to comment https://forums.phpfreaks.com/topic/124055-why-arent-my-login-scripts-working/ Share on other sites More sharing options...
PFMaBiSmAd Posted September 13, 2008 Share Posted September 13, 2008 I don't see a single session_start() statement (required on any page that references or sets a session variable) in any of the posted code. Also, when learning php, developing php code, or debugging php code, set error_reporting to E_ALL and set display_errors to ON in your php.ini to get php to help you (stop and start your web server to get any changes made to php.ini to take effect.) Link to comment https://forums.phpfreaks.com/topic/124055-why-arent-my-login-scripts-working/#findComment-640432 Share on other sites More sharing options...
jamesbrauman Posted September 13, 2008 Author Share Posted September 13, 2008 I don't see a single session_start() statement (required on any page that references or sets a session variable) in any of the posted code. Also, when learning php, developing php code, or debugging php code, set error_reporting to E_ALL and set display_errors to ON in your php.ini to get php to help you (stop and start your web server to get any changes made to php.ini to take effect.) Oh I forgot to add that in the file where the functions I posted are located, session_start() is called. So all pages have session_start on them. I will turn those settings on and get back to you. Link to comment https://forums.phpfreaks.com/topic/124055-why-arent-my-login-scripts-working/#findComment-640433 Share on other sites More sharing options...
jamesbrauman Posted September 13, 2008 Author Share Posted September 13, 2008 With error_reporting(E_ALL) on, login_process.php throws this error: Warning: Header may not contain more than a single header, new line detected. in C:\xampplite\htdocs\members\login_process.php on line 23 Link to comment https://forums.phpfreaks.com/topic/124055-why-arent-my-login-scripts-working/#findComment-640440 Share on other sites More sharing options...
jamesbrauman Posted September 13, 2008 Author Share Posted September 13, 2008 I rewrote the script to use only cookies and no sessions, and it is working now. Thanks. Link to comment https://forums.phpfreaks.com/topic/124055-why-arent-my-login-scripts-working/#findComment-640466 Share on other sites More sharing options...
Garethp Posted September 13, 2008 Share Posted September 13, 2008 I wouldn't do that if I were you. Cookies are easy to steal, and even easier to edit. Someone could easily hack that script. If you want to give me a link I'll readily demonstrate Link to comment https://forums.phpfreaks.com/topic/124055-why-arent-my-login-scripts-working/#findComment-640492 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.