Andy-H Posted September 21, 2008 Share Posted September 21, 2008 This is my login code, it works fine up until the part after the password incorrect error, the session is not set and the header location does not redirect users. inc/db.php doesnt give any output... <?php session_start(); include_once 'inc/db.php'; if ($_POST['submit_x']){ if ( !isset($_POST['login']) || empty($_POST['login']) ){ $err = 'Please enter your login name.'; }else{ if ( !isset($_POST['pass']) || empty($_POST['pass']) ){ $err = 'Please enter your password.'; }else{ if ( (strlen($_POST['login']) < 3) || (strlen($_POST['login']) > 20) ){ $err = 'Login name can only contain between 3 and 20 characters.'; }else{ if ( (strlen($_POST['pass']) < 6) || (strlen($_POST['pass']) > 20) ){ $err = 'Password can only be between 6 and 20 characters.'; }else{ $login = md5($_POST['login']); $pass = md5($_POST['pass']); $q1 = "SELECT user, pass FROM users WHERE login = '$login' LIMIT 1"; $r1 = mysql_query($q1)or trigger_error('Error on line: ' . __LINE__); $n1 = mysql_num_rows($r1); if ($n1 == 0){ $err = 'Their is no account with that login name - login names are case sensitive.'; }else{ $r2 = mysql_fetch_row($r1); $username = $r2[0]; $password = $r2[1]; if ($pass != $password){ $err = 'Incorrect password - passwords are case sensitive.'; }else{ $_SESSION['user'] = $username; $time = time() + 300; $ip = $_SERVER['REMOTE_ADDR']; $u1 = "UPDATE users SET last_login = '$date', active = '$time', ip = '$ip' WHERE user = '$username' LIMIT 1"; $u2 = mysql_query($u1)or trigger_error('Error on line: ' . __LINE__); header('Location: main.php'); }}}}}}} if (isset($err)){ $id = 'id="err"'; $msg = '<strong>Error:</strong> ' . $err; }else{ $id = ''; $msg = ''; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title> <?php echo $gamename . ' - ' . $motto; ?> </title> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" > <link rel="stylesheet" type="text/css" href="style/style.php.inc" > <meta name="Author" content="Andrew Michael Holland - UK" > <meta name="Keywords" content="" > <meta name="Description" content="" > <meta name="resource-type" content="document"> <meta name="distribution" content="global"> <meta name="revisit-after" content="7 days"> <meta name="copyright" content="Copyright <?php echo $gamename; ?> All Rights reserved 2008+"> <meta name="Robots" content="follow,index"> <style type="text/css"> input { font-size: 12px; vertical-align: text-center; font-weight: bold; text-align: center; } #err { color: red; } </style> </head> <body> <p align="center" style="height: 15px;" <?php echo $id; ?>> <?php echo $msg; ?> </p> <form action="" method="POST"> <table align="center" style="width: 938px; height: 501px; border: 0; border-collapse: collapse;" cellspacing="0" cellpadding="0"> <tr> <td colspan="7" style="background-image: url('images/LOG-IN_01.gif'); width: 938px; height: 200px; border: 0px;"></td> </tr> <tr> <td rowspan="8" style="background-image: url('images/LOG-IN_02.gif'); width: 425px; height: 300px; border: 0px;"></td> <td colspan="4" style="background-image: url('images/Login.gif'); width: 120px; height: 20px; border: 0px; font-size: 12px;"> <input type="text" name="login" style="background-color: #000000; color: #00c6ff; width: 120px; height: 18px; border: none; position: relative; padding: 0px;" maxlength="20"> </td> <td colspan="2" rowspan="6" style="background-image: url('images/LOG-IN_04.gif'); width: 393px; height: 193px; border: 0px;"></td> </tr> <tr> <td colspan="4" style="background-image: url('images/LOG-IN_05.gif'); width: 120px; height: 66px; border: 0px;"></td> </tr> <tr> <td colspan="4" style="background-image: url('images/Pass.gif'); width: 120px; height: 21px; border: 0px;"> <input type="password" name="pass" style="background-color: #000000; color: #00c6ff; width: 120px; height: 18px; border: none; position: relative; padding: 0px;" maxlength="20"> </td> </tr> <tr> <td colspan="4" style="background-image: url('images/LOG-IN_07.gif'); width: 120px; height: 8px; border: 0px;"></td> </tr> <tr> <td colspan="2" rowspan="2" style="background-image: url('images/LOG-IN_08.gif'); width: 28px; height: 78px; border: 0px;"></td> <td> <input type="image" name="submit" src="images/btn_Login.gif" alt="Login" style="height: 19px; width: 58px; border: none;"></td> <td rowspan="2" style="background-image: url('images/LOG-IN_10.gif'); width: 34px; height: 78px; border: 0px;"></td> </tr> <tr> <td style="background-image: url('images/LOG-IN_11.gif'); width: 58px; height: 59px; border: 0px;"></td> </tr> <tr> <td rowspan="2" style="background-image: url('images/LOG-IN_12.gif'); width: 5px; height: 107px; border: 0px;"></td> <td colspan="4"> <img src="images/Screenshot.gif" width="120" height="22" alt=""></td> <td rowspan="2" style="background-image: url('images/LOG-IN_14.gif'); width: 388px; height: 107px; border: 0px;"></td> </tr> <tr> <td colspan="4" style="background-image: url('images/LOG-IN_15.gif'); width: 120px; height: 85px; border: 0px;"></td> </tr> <tr> <td style="background-image: url('images/spacer.gif'); width: 425px; height: 1px; border: 0px;"></td> <td style="background-image: url('images/spacer.gif'); width: 5px; height: 1px; border: 0px;"></td> <td style="background-image: url('images/spacer.gif'); width: 23px; height: 1px; border: 0px;"></td> <td style="background-image: url('images/spacer.gif'); width: 58px; height: 1px; border: 0px;"></td> <td style="background-image: url('images/spacer.gif'); width: 34px; height: 1px; border: 0px;"></td> <td style="background-image: url('images/spacer.gif'); width: 5px; height: 1px; border: 0px;"></td> <td style="background-image: url('images/spacer.gif'); width: 388px; height: 1px; border: 0px;"></td> </tr> </table> </form> <div align="center"> | <a href="register.php">Register</a> | </div> </body> </html> Link to comment https://forums.phpfreaks.com/topic/125180-help-with-login-code-cant-see-the-problem/ Share on other sites More sharing options...
PFMaBiSmAd Posted September 21, 2008 Share Posted September 21, 2008 Are you developing and debugging this on a system where error_reporting is set to E_ALL and display_errors is set to ON in php.ini to get php help you find things like header errors? Link to comment https://forums.phpfreaks.com/topic/125180-help-with-login-code-cant-see-the-problem/#findComment-647021 Share on other sites More sharing options...
Andy-H Posted September 21, 2008 Author Share Posted September 21, 2008 No, I am using shared hosting, I will try ini_set but my host likes to disable things for no apparent reason. :-\ Link to comment https://forums.phpfreaks.com/topic/125180-help-with-login-code-cant-see-the-problem/#findComment-647023 Share on other sites More sharing options...
Andy-H Posted September 21, 2008 Author Share Posted September 21, 2008 ini_set('error_reporting','E_ALL'); ini_set('display_errors','ON'); I think thats right, I never used it before. If it is, still no errors... Link to comment https://forums.phpfreaks.com/topic/125180-help-with-login-code-cant-see-the-problem/#findComment-647026 Share on other sites More sharing options...
chronister Posted September 21, 2008 Share Posted September 21, 2008 As a tip, you are giving away more information than is needed. When a user logs in, you should check it as SELECT * FROM users WHERE username = '$username' && password = '$password'; If it returns a row, log them in. If it does not, then simply present the error message as 'Username or password incorrect'. By telling users the login does not exist, and/or password is incorrect you are giving people hints as to whether their hacking is successful or not. Not good to give additional information. If the login does or does not exist and/or password is wrong, just present the 'Username or password incorrect'. Nate Link to comment https://forums.phpfreaks.com/topic/125180-help-with-login-code-cant-see-the-problem/#findComment-647038 Share on other sites More sharing options...
PFMaBiSmAd Posted September 21, 2008 Share Posted September 21, 2008 If you are not getting any header errors that would prevent the session/redirect from working, have you checked if that part of the code is being executed? If the code branch is not being executed, check what the values are that are being compared to see what they actually are. Link to comment https://forums.phpfreaks.com/topic/125180-help-with-login-code-cant-see-the-problem/#findComment-647070 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.