Jump to content

[SOLVED] can't figure it out


bogdaniel

Recommended Posts

hello i got some php code that doesn't work how it should and i don't know why where did i made the mistake or what should i do :-?

the should check if the data from the form is corect and if it is corect set the session and var logged_in as true please can you help me ?

 

 

 

if($logged_in == 1) {
echo 'lol';
} else {
echo '<div id="login">
<div class="content">
<form id="form1" method="POST" name="login" action="' . $_SERVER['PHP_SELF'] . '">
<fieldset>
<legend>Sign-In</legend>
<label for="inputtext1">Client ID:</label>
<input id="inputtext1" type="text" id= "username" name="username" value="" />
<label for="inputtext2">Password:</label>
<input id="inputtext2" type="password" id="password" name="password" value="" />
<input id="inputsubmit1" type="submit" name="login" value="Log In" /><br />
</fieldset>
</form>
</div>
</div>';

    if (!isset($_SESSION['username']) || !isset($_SESSION['id'])) {
        $logged_in = 0;
        return;
    } else {

        if (!get_magic_quotes_gpc()) {

        $username = mysql_real_escape_string(stripslashes($_POST['username']));
        $password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
        }
        $sql = mysql_query("SELECT username, password FROM members WHERE username ='" .
            $username . "'") or die(tmp_mysql_error());
        if (mysql_numrows($sql) == 1) {
            $set = mysql_fetch_array($sql);
            if ($password == $set['password']) {
                $_SESSION['username'] = $set['username'];
                $_SESSION['id'] = $set['id'];
                $_SESSION['usrlvl'] = $set['usrlvl'];
            }
        }
    }

}

Link to comment
Share on other sites

<form id="form1" method="POST" name="login" action="' . $_SERVER['PHP_SELF'] . '">

 

to

<form action="NameOfWhereYouWantThePageToGoAndCheckTheVariables.php" method="post" name="form1" id="form1">

 

You need the page to redirect (or have the form post to itself) so that you can check the variables that the user has input.  Then on the page you redirect to you have to do the checks.

 

Link to comment
Share on other sites

And um.. you need to tell someone that your code is using php lol so change

 

if (!isset($_SESSION['username']) || !isset($_SESSION['id'])) {
        $logged_in = 0;
        return;
    } else {

        if (!get_magic_quotes_gpc()) {

        $username = mysql_real_escape_string(stripslashes($_POST['username']));
        $password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
        }
        $sql = mysql_query("SELECT username, password FROM members WHERE username ='" .
            $username . "'") or die(tmp_mysql_error());
        if (mysql_numrows($sql) == 1) {
            $set = mysql_fetch_array($sql);
            if ($password == $set['password']) {
                $_SESSION['username'] = $set['username'];
                $_SESSION['id'] = $set['id'];
                $_SESSION['usrlvl'] = $set['usrlvl'];
            }
        }
    }

}

 

to

 

<?php
if (!isset($_SESSION['username']) || !isset($_SESSION['id'])) {
        $logged_in = 0;
        return;
    } else {

        if (!get_magic_quotes_gpc()) {

        $username = mysql_real_escape_string(stripslashes($_POST['username']));
        $password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
        }
        $sql = mysql_query("SELECT username, password FROM members WHERE username ='" .
            $username . "'") or die(tmp_mysql_error());
        if (mysql_numrows($sql) == 1) {
            $set = mysql_fetch_array($sql);
            if ($password == $set['password']) {
                $_SESSION['username'] = $set['username'];
                $_SESSION['id'] = $set['id'];
                $_SESSION['usrlvl'] = $set['usrlvl'];
            }
        }
    }

} ?>

Link to comment
Share on other sites

so this should be the new code:

 

 

 

<?
if($logged_in == 1) {
echo 'welcome';
} else {
?>
<div id="login">
<div class="content">
<form id="form1" method="POST" name="login" action="<? $_SERVER['PHP_SELF'] ?>">
<fieldset>
<legend>Sign-In</legend>
<label for="inputtext1">Client ID:</label>
<input  type="text" id= "username" name="username"/>
<label for="inputtext2">Password:</label>
<input  type="password" id="password" name="password" />
<input  type="submit" name="login" value="Log In" /><br />
</fieldset>
</form>
</div>
</div>
<?php
if (!isset($_SESSION['username']) || !isset($_SESSION['id'])) {
        $logged_in = 0;
        return;
    } else {

        if (!get_magic_quotes_gpc()) {

        $username = mysql_real_escape_string(stripslashes($_POST['username']));
        $password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
        }
        $sql = mysql_query("SELECT username, password FROM members WHERE username ='" .
            $username . "'") or die(tmp_mysql_error());
        if (mysql_numrows($sql) == 1) {
            $set = mysql_fetch_array($sql);
            if ($password == $set['password']) {
                $_SESSION['username'] = $set['username'];
                $_SESSION['id'] = $set['id'];
                $_SESSION['usrlvl'] = $set['usrlvl'];
            }
        }
    }

}
?>

 

other mistakes... ?

Link to comment
Share on other sites

Yes, dont use short tags "<?".  They make your code not portable.  Always use "<?php".  Its just good coding practice.  If you have to put your code on a different server and they don't allow short tags, you got a lot of editing to do...  But if you use the regular tag it will work anywhere.

Link to comment
Share on other sites

The whole order of the script is a little illogical, plus you're not actually setting $logged_in to 1 at any point...

 

<?php

if (!isset($_SESSION['username']) || !isset($_SESSION['id'])) {

    if (!get_magic_quotes_gpc()) {
        $username = mysql_real_escape_string(stripslashes($_POST['username']));
        $password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
    }

    $sql = mysql_query("SELECT * FROM members WHERE username ='" .$username . "'") or die(mysql_error());

    if (mysql_numrows($sql) == 1) {

        $set = mysql_fetch_array($sql);
        if ($password == $set['password']) {
            $_SESSION['username'] = $set['username'];
            $_SESSION['id'] = $set['id'];
            $_SESSION['usrlvl'] = $set['usrlvl'];
            $_SESSION['logged_in'] = 1;
        }

    }
}

if ($_SESSION['logged_in'] == 1) {
echo 'welcome';
} else {

?>
<div id="login">
<div class="content">
<form id="form1" method="POST" name="login" action="<? $_SERVER['PHP_SELF'] ?>">
<fieldset>
<legend>Sign-In</legend>
<label for="inputtext1">Client ID:</label>
<input  type="text" id= "username" name="username"/>
<label for="inputtext2">Password:</label>
<input  type="password" id="password" name="password" />
<input  type="submit" name="login" value="Log In" /><br />
</fieldset>
</form>
</div>
</div>
<?php
}
?>

 

...try that

 

Adam

Link to comment
Share on other sites

i've made the changes :) and still nothing :( no error nothing after trying to login it shows the login form :(

this is my actual code after i've made the changes.

 

 

 

<?php
// Flush the buffered output.
ob_start();
session_start();
require('config/dba.inc.php');

if (!isset($_SESSION['username']) || !isset($_SESSION['id'])) {

    if (!get_magic_quotes_gpc()) {
        $username = mysql_real_escape_string(stripslashes($_POST['username']));
        $password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
    }

    $sql = mysql_query("SELECT * FROM members WHERE username ='" .$username . "'") or die(mysql_error());

    if (mysql_numrows($sql) == 1) {

        $set = mysql_fetch_array($sql);
        if ($password == $set['password']) {
            $_SESSION['username'] = $set['username'];
            $_SESSION['id'] = $set['id'];
            $_SESSION['usrlvl'] = $set['usrlvl'];
            $_SESSION['logged_in'] = 1;
        }

    }
}

if ($_SESSION['logged_in'] == 1) {
echo 'welcome';
} else {

?>
<div id="login">
<div class="content">
<form id="form1" method="POST" name="login" action="<? $_SERVER['PHP_SELF'] ?>">
<fieldset>
<legend>Sign-In</legend>
<label for="inputtext1">Client ID:</label>
<input  type="text" id= "username" name="username"/>
<label for="inputtext2">Password:</label>
<input  type="password" id="password" name="password" />
<input  type="submit" name="login" value="Log In" /><br />
</fieldset>
</form>
</div>
</div>
<?php
}
?>
<?
// Flush the buffered output.
ob_flush();

?>

Link to comment
Share on other sites

Instead of:

 

    if (!get_magic_quotes_gpc()) {
        $username = mysql_real_escape_string(stripslashes($_POST['username']));
        $password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));
    }

 

Just use:

 

        $username = mysql_real_escape_string(stripslashes($_POST['username']));
        $password = mysql_real_escape_string(stripslashes(md5($_POST['password'])));

 

See if that works? If not try outputting the $username and $password variables, if still nothing, try changing:

 

    if (mysql_numrows($sql) == 1) {

        $set = mysql_fetch_array($sql);
        if ($password == $set['password']) {
            $_SESSION['username'] = $set['username'];
            $_SESSION['id'] = $set['id'];
            $_SESSION['usrlvl'] = $set['usrlvl'];
            $_SESSION['logged_in'] = 1;
        }

    }

 

to:

 

    if (mysql_numrows($sql) == 1) {

        $set = mysql_fetch_array($sql);
        if ($password == $set['password']) {
            $_SESSION['username'] = $set['username'];
            $_SESSION['id'] = $set['id'];
            $_SESSION['usrlvl'] = $set['usrlvl'];
            $_SESSION['logged_in'] = 1;
        } else {
            die('Invalid password!');
        }

    } else {
         die('No user found!');
    }

 

Any luck?

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.