bogdaniel Posted September 23, 2008 Share Posted September 23, 2008 hello i got some php code that doesn't work how it should and i don't know why where did i made the mistake or what should i do :-? the should check if the data from the form is corect and if it is corect set the session and var logged_in as true please can you help me ? if($logged_in == 1) { echo 'lol'; } else { echo '<div id="login"> <div class="content"> <form id="form1" method="POST" name="login" action="' . $_SERVER['PHP_SELF'] . '"> <fieldset> <legend>Sign-In</legend> <label for="inputtext1">Client ID:</label> <input id="inputtext1" type="text" id= "username" name="username" value="" /> <label for="inputtext2">Password:</label> <input id="inputtext2" type="password" id="password" name="password" value="" /> <input id="inputsubmit1" type="submit" name="login" value="Log In" /><br /> </fieldset> </form> </div> </div>'; if (!isset($_SESSION['username']) || !isset($_SESSION['id'])) { $logged_in = 0; return; } else { if (!get_magic_quotes_gpc()) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes(md5($_POST['password']))); } $sql = mysql_query("SELECT username, password FROM members WHERE username ='" . $username . "'") or die(tmp_mysql_error()); if (mysql_numrows($sql) == 1) { $set = mysql_fetch_array($sql); if ($password == $set['password']) { $_SESSION['username'] = $set['username']; $_SESSION['id'] = $set['id']; $_SESSION['usrlvl'] = $set['usrlvl']; } } } } Quote Link to comment Share on other sites More sharing options...
thesaleboat Posted September 23, 2008 Share Posted September 23, 2008 Well first of all you are setting the id to two seperate things <input id="inputtext2" type="password" id="password" name="password" value="" /> should be <input name="password" size="50" type="text" id="password" /> Quote Link to comment Share on other sites More sharing options...
thesaleboat Posted September 23, 2008 Share Posted September 23, 2008 oops type should still be password type="password" Quote Link to comment Share on other sites More sharing options...
bogdaniel Posted September 23, 2008 Author Share Posted September 23, 2008 Well first of all you are setting the id to two seperate things <input id="inputtext2" type="password" id="password" name="password" value="" /> should be <input name="password" size="50" type="text" id="password" /> i've changed Quote Link to comment Share on other sites More sharing options...
thesaleboat Posted September 23, 2008 Share Posted September 23, 2008 <form id="form1" method="POST" name="login" action="' . $_SERVER['PHP_SELF'] . '"> to <form action="NameOfWhereYouWantThePageToGoAndCheckTheVariables.php" method="post" name="form1" id="form1"> You need the page to redirect (or have the form post to itself) so that you can check the variables that the user has input. Then on the page you redirect to you have to do the checks. Quote Link to comment Share on other sites More sharing options...
thesaleboat Posted September 23, 2008 Share Posted September 23, 2008 And um.. you need to tell someone that your code is using php lol so change if (!isset($_SESSION['username']) || !isset($_SESSION['id'])) { $logged_in = 0; return; } else { if (!get_magic_quotes_gpc()) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes(md5($_POST['password']))); } $sql = mysql_query("SELECT username, password FROM members WHERE username ='" . $username . "'") or die(tmp_mysql_error()); if (mysql_numrows($sql) == 1) { $set = mysql_fetch_array($sql); if ($password == $set['password']) { $_SESSION['username'] = $set['username']; $_SESSION['id'] = $set['id']; $_SESSION['usrlvl'] = $set['usrlvl']; } } } } to <?php if (!isset($_SESSION['username']) || !isset($_SESSION['id'])) { $logged_in = 0; return; } else { if (!get_magic_quotes_gpc()) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes(md5($_POST['password']))); } $sql = mysql_query("SELECT username, password FROM members WHERE username ='" . $username . "'") or die(tmp_mysql_error()); if (mysql_numrows($sql) == 1) { $set = mysql_fetch_array($sql); if ($password == $set['password']) { $_SESSION['username'] = $set['username']; $_SESSION['id'] = $set['id']; $_SESSION['usrlvl'] = $set['usrlvl']; } } } } ?> Quote Link to comment Share on other sites More sharing options...
bogdaniel Posted September 23, 2008 Author Share Posted September 23, 2008 checked and changes Quote Link to comment Share on other sites More sharing options...
bogdaniel Posted September 23, 2008 Author Share Posted September 23, 2008 so this should be the new code: <? if($logged_in == 1) { echo 'welcome'; } else { ?> <div id="login"> <div class="content"> <form id="form1" method="POST" name="login" action="<? $_SERVER['PHP_SELF'] ?>"> <fieldset> <legend>Sign-In</legend> <label for="inputtext1">Client ID:</label> <input type="text" id= "username" name="username"/> <label for="inputtext2">Password:</label> <input type="password" id="password" name="password" /> <input type="submit" name="login" value="Log In" /><br /> </fieldset> </form> </div> </div> <?php if (!isset($_SESSION['username']) || !isset($_SESSION['id'])) { $logged_in = 0; return; } else { if (!get_magic_quotes_gpc()) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes(md5($_POST['password']))); } $sql = mysql_query("SELECT username, password FROM members WHERE username ='" . $username . "'") or die(tmp_mysql_error()); if (mysql_numrows($sql) == 1) { $set = mysql_fetch_array($sql); if ($password == $set['password']) { $_SESSION['username'] = $set['username']; $_SESSION['id'] = $set['id']; $_SESSION['usrlvl'] = $set['usrlvl']; } } } } ?> other mistakes... ? Quote Link to comment Share on other sites More sharing options...
CroNiX Posted September 24, 2008 Share Posted September 24, 2008 Yes, dont use short tags "<?". They make your code not portable. Always use "<?php". Its just good coding practice. If you have to put your code on a different server and they don't allow short tags, you got a lot of editing to do... But if you use the regular tag it will work anywhere. Quote Link to comment Share on other sites More sharing options...
bogdaniel Posted September 24, 2008 Author Share Posted September 24, 2008 changed. Quote Link to comment Share on other sites More sharing options...
Adam Posted September 24, 2008 Share Posted September 24, 2008 The whole order of the script is a little illogical, plus you're not actually setting $logged_in to 1 at any point... <?php if (!isset($_SESSION['username']) || !isset($_SESSION['id'])) { if (!get_magic_quotes_gpc()) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes(md5($_POST['password']))); } $sql = mysql_query("SELECT * FROM members WHERE username ='" .$username . "'") or die(mysql_error()); if (mysql_numrows($sql) == 1) { $set = mysql_fetch_array($sql); if ($password == $set['password']) { $_SESSION['username'] = $set['username']; $_SESSION['id'] = $set['id']; $_SESSION['usrlvl'] = $set['usrlvl']; $_SESSION['logged_in'] = 1; } } } if ($_SESSION['logged_in'] == 1) { echo 'welcome'; } else { ?> <div id="login"> <div class="content"> <form id="form1" method="POST" name="login" action="<? $_SERVER['PHP_SELF'] ?>"> <fieldset> <legend>Sign-In</legend> <label for="inputtext1">Client ID:</label> <input type="text" id= "username" name="username"/> <label for="inputtext2">Password:</label> <input type="password" id="password" name="password" /> <input type="submit" name="login" value="Log In" /><br /> </fieldset> </form> </div> </div> <?php } ?> ...try that Adam Quote Link to comment Share on other sites More sharing options...
Adam Posted September 24, 2008 Share Posted September 24, 2008 Oh you've missed session_start() off of the top, should be: <?php session_start(); if (!isset($_SESSION['us....... Also have you connected to the database? Just realised there's no code... Quote Link to comment Share on other sites More sharing options...
bogdaniel Posted September 24, 2008 Author Share Posted September 24, 2008 i've made the changes and still nothing no error nothing after trying to login it shows the login form this is my actual code after i've made the changes. <?php // Flush the buffered output. ob_start(); session_start(); require('config/dba.inc.php'); if (!isset($_SESSION['username']) || !isset($_SESSION['id'])) { if (!get_magic_quotes_gpc()) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes(md5($_POST['password']))); } $sql = mysql_query("SELECT * FROM members WHERE username ='" .$username . "'") or die(mysql_error()); if (mysql_numrows($sql) == 1) { $set = mysql_fetch_array($sql); if ($password == $set['password']) { $_SESSION['username'] = $set['username']; $_SESSION['id'] = $set['id']; $_SESSION['usrlvl'] = $set['usrlvl']; $_SESSION['logged_in'] = 1; } } } if ($_SESSION['logged_in'] == 1) { echo 'welcome'; } else { ?> <div id="login"> <div class="content"> <form id="form1" method="POST" name="login" action="<? $_SERVER['PHP_SELF'] ?>"> <fieldset> <legend>Sign-In</legend> <label for="inputtext1">Client ID:</label> <input type="text" id= "username" name="username"/> <label for="inputtext2">Password:</label> <input type="password" id="password" name="password" /> <input type="submit" name="login" value="Log In" /><br /> </fieldset> </form> </div> </div> <?php } ?> <? // Flush the buffered output. ob_flush(); ?> Quote Link to comment Share on other sites More sharing options...
Adam Posted September 24, 2008 Share Posted September 24, 2008 Instead of: if (!get_magic_quotes_gpc()) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes(md5($_POST['password']))); } Just use: $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes(md5($_POST['password']))); See if that works? If not try outputting the $username and $password variables, if still nothing, try changing: if (mysql_numrows($sql) == 1) { $set = mysql_fetch_array($sql); if ($password == $set['password']) { $_SESSION['username'] = $set['username']; $_SESSION['id'] = $set['id']; $_SESSION['usrlvl'] = $set['usrlvl']; $_SESSION['logged_in'] = 1; } } to: if (mysql_numrows($sql) == 1) { $set = mysql_fetch_array($sql); if ($password == $set['password']) { $_SESSION['username'] = $set['username']; $_SESSION['id'] = $set['id']; $_SESSION['usrlvl'] = $set['usrlvl']; $_SESSION['logged_in'] = 1; } else { die('Invalid password!'); } } else { die('No user found!'); } Any luck? Quote Link to comment Share on other sites More sharing options...
bogdaniel Posted September 24, 2008 Author Share Posted September 24, 2008 no:( Quote Link to comment Share on other sites More sharing options...
bogdaniel Posted September 24, 2008 Author Share Posted September 24, 2008 hmmm i made a var dump on $username, $password, and they are showing null null even after is press the submit button :-? Quote Link to comment Share on other sites More sharing options...
Adam Posted September 24, 2008 Share Posted September 24, 2008 ahh, do you have error reporting turned off?? here's the problem i reckon: mysql_numrows($sql) should be: mysql_num_rows($sql) Quote Link to comment Share on other sites More sharing options...
bogdaniel Posted September 24, 2008 Author Share Posted September 24, 2008 it almost working showing user not found Quote Link to comment Share on other sites More sharing options...
Adam Posted September 24, 2008 Share Posted September 24, 2008 Okay so double check; $username is what it's supposed to be that the username exists in the database and.. that there isn't two of the same username seen as you're using == 1 Adam Quote Link to comment Share on other sites More sharing options...
bogdaniel Posted September 24, 2008 Author Share Posted September 24, 2008 problem solved thank you for you help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.