topflight Posted October 25, 2008 Share Posted October 25, 2008 I am trying to write a a log in script and it is saying the login information is correct but I am typing the same thing as the database says. all in one form <?php $login = $_POST['login']; $pwd = $_POST['pwd']; if(isset($_POST['login'])) { //Include Config File For DB info.. include 'db.php'; //Connect TO The MySQL Server $connect = mysql_connect($db_host,$db_username,$db_password) or die("MySQL Said:".mysql_error()); $database = mysql_select_db($db_database,$connect) or die("MySQl Said:".mysql_error()); $link = mysql_query("SELECT * FROM `pilots` where login='$login' and pwd='$pwd'") or die("MySQL Said:".mysql_error()); $count = mysql_num_rows($link); $data = mysql_fetch_assoc($link); if($count == 1) { if($data['status'] == 0) { echo '<center>Your Account Is Not Active.</center>'; } else { if($data['status'] == 2) { echo '<center><FONT COLOR =ff001b>Your Account Has Been Suspended.</center></FONT COLOR>'; } else { $_SESSION['login']=$login; $_SESSION['pwd']=$password; ?> <center> <h7><i><b>Pilots Panel</b></i></h7></br> <a href="filepirep.php">File Pirep</a></br> <a href="fileloa.php">File LOA</a></br> <a href="sigs.php">Signatures</a></br> <a href="profile.php">My Profile</a></br> <a href="pevetnts.php">Events</a></br> <a href="roster.php">VIew Roster</a></br> <a href="resign.php"><font color="#FF0000">Resignation Form</font Color> <br> <h7><i><b>Pilots Tools</b></i></h7></br> <a href="http://www.fspassengers.com/"> FS Passengers</a></br> </center> <?php if($data['hm'] == 1) { ?> <center> <h7><i><b>Hub Manager Panel</b></i></h7></br> <a href="edithub.php?hub=<?php echo $data['hub']; ?>">Edit Hub Page</a></br> <a href="apppireps.php?hub=<?php echo $data['hub']; ?>">Approve Pireps</a></br> <a href="promote.php?hub=<?php echo $data['hub']; ?>">Promote Pilot</a> <a href="awards.php">Grant Award</a></br> </center> <?php } if($data['fm'] == 1) { ?> <center> <h7><i><b>Fleet Manager Panel</b></i></h7></br> <a href="addaircraft.php">Add Aircraft</a></br> <a href="manageaircraft.php">Manage Aircraft</a> </center> <?php } if($data['ed'] == 1) { ?> <center> <h7><i><b>Events Director Panel</b></i></h7></br> <a href="addevents.php">Add Event</a></br> <a href="manageevents.php">Manage Events</a></br> <a href="postnews.php">Post News</a> </center> <?php } if($data['hr'] == 1) { ?> <center> <h7><i><b>Human Rescources Panel</b></i></h7></br> <a href="newpilots.php">New Pilots</a></br> <a href="editpilots.php">Edit Pilots</a></br> <a href="viewcomments.php">View Comments</a></br> <a href="viewsitecomments.php">View Site Comments</a></br> <?php } if($data['bm'] == 1) { ?> <center> <h7><i><b>Executive Staff Panel</b></i></h7></br> <a href="edithub.php?hub=<?php echo $data['hub']; ?>">Edit Hub Page</a></br> <a href="apppireps.php?hub=<?php echo $data['hub']; ?>">Approve Pireps</a></br> <a href="promote.php?hub=<?php echo $data['hub']; ?>">Promote Pilot</a> <a href="awards.php">Grant Award</a></br> <a href="addaircraft.php">Add Aircraft</a></br> <a href="addstaffmember.php">Grant Staff Acesses</a></br> <a href="revokestaffmember.php">Revoke Staff Acesses</a></br> <a href="manageaircraft.php">Manage Aircraft</a></br> <a href="addevents.php">Add Event</a></br> <a href="manageevents.php">Manage Events</a></br> <a href="postnews.php">Post News</a></br> <a href="newpilots.php">New Pilots</a></br> <a href="editpilots.php">Edit Pilots</a></br> <a href="viewcomments.php">View Comments</a></br> <a href="viewsitecomments.php">View Site Comments</a></br> <?php } } } } else { echo '<center><FONT COLOR =ff001b> Your <i>Pilot ID And/Or Password</i> is wrong!</center></FONT COLOR>'; ?> <style type="text/css"> .idBox { width:50px; } .passwordBox { width:80px; } </style> <table border="0" align="center"> <form action= "<?php echo $_SERVER['php_self']; ?>" method="post"> <tr> <td align="center">ID:</td><td align="center">ASA<input type="text" name="login" class="idBox"></td> </tr> <tr> <td align="center">Password:</td><td align="center"><input type="password" name="pwd" class="passwordBox"></td> </tr> <tr> <td></td><td align="center"><input type="submit" name="login" value="Login"></td> </tr> </table> <? } ?> <? } else { ?> Login Form <style type="text/css"> .idBox { width:50px; } .passwordBox { width:80px; } </style> <table border="0" align="center"> <form action= "<?php echo $_SERVER['php_self']; ?>" method="post"> <tr> <td align="center">ID:</td><td align="center">ASA<input type="text" name="login" class="idBox"></td> </tr> <tr> <td align="center">Password:</td><td align="center"><input type="password" name="pwd" class="passwordBox"></td> </tr> <tr> <td></td><td align="center"><input type="submit" name="login" value="Login"></td> </tr> </table> <?php } ?> Quote Link to comment Share on other sites More sharing options...
kenshintomoe225 Posted October 25, 2008 Share Posted October 25, 2008 i'm not quite sure I understand the question. Could you please rephrase? Quote Link to comment Share on other sites More sharing options...
topflight Posted October 25, 2008 Author Share Posted October 25, 2008 no problem I tried to log in with the information in the database. And it says my log in is incorrect like it is suppose to say if I have the wrong log in information. Well in this case I have the right log in information and it is still echoing you log is incorrect please help thanks. Quote Link to comment Share on other sites More sharing options...
Andy-H Posted October 25, 2008 Share Posted October 25, 2008 I know this is irrelivant to your question but you need to add session_start(); Quote Link to comment Share on other sites More sharing options...
topflight Posted October 25, 2008 Author Share Posted October 25, 2008 oo ok thanks lol Quote Link to comment Share on other sites More sharing options...
kenshintomoe225 Posted October 26, 2008 Share Posted October 26, 2008 One potential problem I see right off the bat is your submit button and your text field have the same name. Please name them different things and try again. Quote Link to comment Share on other sites More sharing options...
topflight Posted October 26, 2008 Author Share Posted October 26, 2008 I renamed it and now it does not even tell me if the login/password is incorrect it just reshow the login form. Quote Link to comment Share on other sites More sharing options...
Brian W Posted October 26, 2008 Share Posted October 26, 2008 Umm, maybe this. $_SESSION['pwd']=$password; $password is not defined. $pwd is though. Quote Link to comment Share on other sites More sharing options...
Andy-H Posted October 26, 2008 Share Posted October 26, 2008 <?php session_start(); if(isset($_POST['login'])) { $login = mysql_real_escape_string($_POST['user']); $pwd = mysql_real_escape_string($_POST['pwd']); //Include Config File For DB info.. include 'db.php'; //Connect TO The MySQL Server $connect = mysql_connect($db_host,$db_username,$db_password) or die("MySQL Said:".mysql_error()); $database = mysql_select_db($db_database,$connect) or die("MySQl Said:".mysql_error()); $link = mysql_query("SELECT * FROM `pilots` where login='$login' and pwd='$pwd'") or die("MySQL Said:".mysql_error()); $count = mysql_num_rows($link); $data = mysql_fetch_assoc($link); if($count == 1) { if($data['status'] == 0) { echo '<center>Your Account Is Not Active.</center>'; } else { if($data['status'] == 2) { echo '<center><FONT COLOR =ff001b>Your Account Has Been Suspended.</center></FONT COLOR>'; } else { $_SESSION['login']=$login; $_SESSION['pwd']=$pwd; ?> <center> <h7><i><b>Pilots Panel</b></i></h7></br> <a href="filepirep.php">File Pirep</a></br> <a href="fileloa.php">File LOA</a></br> <a href="sigs.php">Signatures</a></br> <a href="profile.php">My Profile</a></br> <a href="pevetnts.php">Events</a></br> <a href="roster.php">VIew Roster</a></br> <a href="resign.php"><font color="#FF0000">Resignation Form</font Color> <br> <h7><i><b>Pilots Tools</b></i></h7></br> <a href="http://www.fspassengers.com/"> FS Passengers</a></br> </center> <?php if($data['hm'] == 1) { ?> <center> <h7><i><b>Hub Manager Panel</b></i></h7></br> <a href="edithub.php?hub=<?php echo $data['hub']; ?>">Edit Hub Page</a></br> <a href="apppireps.php?hub=<?php echo $data['hub']; ?>">Approve Pireps</a></br> <a href="promote.php?hub=<?php echo $data['hub']; ?>">Promote Pilot</a> <a href="awards.php">Grant Award</a></br> </center> <?php } if($data['fm'] == 1) { ?> <center> <h7><i><b>Fleet Manager Panel</b></i></h7></br> <a href="addaircraft.php">Add Aircraft</a></br> <a href="manageaircraft.php">Manage Aircraft</a> </center> <?php } if($data['ed'] == 1) { ?> <center> <h7><i><b>Events Director Panel</b></i></h7></br> <a href="addevents.php">Add Event</a></br> <a href="manageevents.php">Manage Events</a></br> <a href="postnews.php">Post News</a> </center> <?php } if($data['hr'] == 1) { ?> <center> <h7><i><b>Human Rescources Panel</b></i></h7></br> <a href="newpilots.php">New Pilots</a></br> <a href="editpilots.php">Edit Pilots</a></br> <a href="viewcomments.php">View Comments</a></br> <a href="viewsitecomments.php">View Site Comments</a></br> <?php } if($data['bm'] == 1) { ?> <center> <h7><i><b>Executive Staff Panel</b></i></h7></br> <a href="edithub.php?hub=<?php echo $data['hub']; ?>">Edit Hub Page</a></br> <a href="apppireps.php?hub=<?php echo $data['hub']; ?>">Approve Pireps</a></br> <a href="promote.php?hub=<?php echo $data['hub']; ?>">Promote Pilot</a> <a href="awards.php">Grant Award</a></br> <a href="addaircraft.php">Add Aircraft</a></br> <a href="addstaffmember.php">Grant Staff Acesses</a></br> <a href="revokestaffmember.php">Revoke Staff Acesses</a></br> <a href="manageaircraft.php">Manage Aircraft</a></br> <a href="addevents.php">Add Event</a></br> <a href="manageevents.php">Manage Events</a></br> <a href="postnews.php">Post News</a></br> <a href="newpilots.php">New Pilots</a></br> <a href="editpilots.php">Edit Pilots</a></br> <a href="viewcomments.php">View Comments</a></br> <a href="viewsitecomments.php">View Site Comments</a></br> <?php } } } } else { echo '<center><FONT COLOR =ff001b> Your <i>Pilot ID And/Or Password</i> is wrong!</center></FONT COLOR>'; ?> <style type="text/css"> .idBox { width:50px; } .passwordBox { width:80px; } </style> <table border="0" align="center"> <form action= "<?php echo $_SERVER['php_self']; ?>" method="post"> <tr> <td align="center">ID:</td><td align="center">ASA<input type="text" name="user" class="idBox"></td> </tr> <tr> <td align="center">Password:</td><td align="center"><input type="password" name="pwd" class="passwordBox"></td> </tr> <tr> <td></td><td align="center"><input type="submit" name="login" value="Login"></td> </tr> </table> <? } ?> <? } else { ?> <style type="text/css"> .idBox { width:50px; } .passwordBox { width:80px; } </style> <table border="0" align="center"> <form action= "<?php echo $_SERVER['php_self']; ?>" method="post"> <tr> <td align="center">ID:</td><td align="center">ASA<input type="text" name="user" class="idBox"></td> </tr> <tr> <td align="center">Password:</td><td align="center"><input type="password" name="pwd" class="passwordBox"></td> </tr> <tr> <td></td><td align="center"><input type="submit" name="login" value="Login"></td> </tr> </table> <?php } ?> Try that. Quote Link to comment Share on other sites More sharing options...
topflight Posted October 26, 2008 Author Share Posted October 26, 2008 I am now recceving this error: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\xampp\htdocs\login.php on line 7 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\login.php on line 7 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\xampp\htdocs\login.php on line 8 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\xampp\htdocs\login.php on line 8 Quote Link to comment Share on other sites More sharing options...
Stephen Posted October 26, 2008 Share Posted October 26, 2008 You need to connect before you use any mysql function. I edited Andys code: <?php session_start(); if(isset($_POST['login'])) { //Include Config File For DB info.. include 'db.php'; //Connect TO The MySQL Server $connect = mysql_connect($db_host,$db_username,$db_password) or die("MySQL Said:".mysql_error()); $database = mysql_select_db($db_database,$connect) or die("MySQl Said:".mysql_error()); $login = mysql_real_escape_string($_POST['user']); $pwd = mysql_real_escape_string($_POST['pwd']); $link = mysql_query("SELECT * FROM `pilots` where login='$login' and pwd='$pwd'") or die("MySQL Said:".mysql_error()); $count = mysql_num_rows($link); $data = mysql_fetch_assoc($link); if($count == 1) { if($data['status'] == 0) { echo '<center>Your Account Is Not Active.</center>'; } else { if($data['status'] == 2) { echo '<center><FONT COLOR =ff001b>Your Account Has Been Suspended.</center></FONT COLOR>'; } else { $_SESSION['login']=$login; $_SESSION['pwd']=$pwd; ?> <center> <h7><i><b>Pilots Panel</b></i></h7></br> <a href="filepirep.php">File Pirep</a></br> <a href="fileloa.php">File LOA</a></br> <a href="sigs.php">Signatures</a></br> <a href="profile.php">My Profile</a></br> <a href="pevetnts.php">Events</a></br> <a href="roster.php">VIew Roster</a></br> <a href="resign.php"><font color="#FF0000">Resignation Form</font Color> <br> <h7><i><b>Pilots Tools</b></i></h7></br> <a href="http://www.fspassengers.com/"> FS Passengers</a></br> </center> <?php if($data['hm'] == 1) { ?> <center> <h7><i><b>Hub Manager Panel</b></i></h7></br> <a href="edithub.php?hub=<?php echo $data['hub']; ?>">Edit Hub Page</a></br> <a href="apppireps.php?hub=<?php echo $data['hub']; ?>">Approve Pireps</a></br> <a href="promote.php?hub=<?php echo $data['hub']; ?>">Promote Pilot</a> <a href="awards.php">Grant Award</a></br> </center> <?php } if($data['fm'] == 1) { ?> <center> <h7><i><b>Fleet Manager Panel</b></i></h7></br> <a href="addaircraft.php">Add Aircraft</a></br> <a href="manageaircraft.php">Manage Aircraft</a> </center> <?php } if($data['ed'] == 1) { ?> <center> <h7><i><b>Events Director Panel</b></i></h7></br> <a href="addevents.php">Add Event</a></br> <a href="manageevents.php">Manage Events</a></br> <a href="postnews.php">Post News</a> </center> <?php } if($data['hr'] == 1) { ?> <center> <h7><i><b>Human Rescources Panel</b></i></h7></br> <a href="newpilots.php">New Pilots</a></br> <a href="editpilots.php">Edit Pilots</a></br> <a href="viewcomments.php">View Comments</a></br> <a href="viewsitecomments.php">View Site Comments</a></br> <?php } if($data['bm'] == 1) { ?> <center> <h7><i><b>Executive Staff Panel</b></i></h7></br> <a href="edithub.php?hub=<?php echo $data['hub']; ?>">Edit Hub Page</a></br> <a href="apppireps.php?hub=<?php echo $data['hub']; ?>">Approve Pireps</a></br> <a href="promote.php?hub=<?php echo $data['hub']; ?>">Promote Pilot</a> <a href="awards.php">Grant Award</a></br> <a href="addaircraft.php">Add Aircraft</a></br> <a href="addstaffmember.php">Grant Staff Acesses</a></br> <a href="revokestaffmember.php">Revoke Staff Acesses</a></br> <a href="manageaircraft.php">Manage Aircraft</a></br> <a href="addevents.php">Add Event</a></br> <a href="manageevents.php">Manage Events</a></br> <a href="postnews.php">Post News</a></br> <a href="newpilots.php">New Pilots</a></br> <a href="editpilots.php">Edit Pilots</a></br> <a href="viewcomments.php">View Comments</a></br> <a href="viewsitecomments.php">View Site Comments</a></br> <?php } } } } else { echo '<center><FONT COLOR =ff001b> Your <i>Pilot ID And/Or Password</i> is wrong!</center></FONT COLOR>'; ?> <style type="text/css"> .idBox { width:50px; } .passwordBox { width:80px; } </style> <table border="0" align="center"> <form action= "<?php echo $_SERVER['php_self']; ?>" method="post"> <tr> <td align="center">ID:</td><td align="center">ASA<input type="text" name="user" class="idBox"></td> </tr> <tr> <td align="center">Password:</td><td align="center"><input type="password" name="pwd" class="passwordBox"></td> </tr> <tr> <td></td><td align="center"><input type="submit" name="login" value="Login"></td> </tr> </table> <? } ?> <? } else { ?> <style type="text/css"> .idBox { width:50px; } .passwordBox { width:80px; } </style> <table border="0" align="center"> <form action= "<?php echo $_SERVER['php_self']; ?>" method="post"> <tr> <td align="center">ID:</td><td align="center">ASA<input type="text" name="user" class="idBox"></td> </tr> <tr> <td align="center">Password:</td><td align="center"><input type="password" name="pwd" class="passwordBox"></td> </tr> <tr> <td></td><td align="center"><input type="submit" name="login" value="Login"></td> </tr> </table> <?php } ?> Quote Link to comment Share on other sites More sharing options...
Andy-H Posted October 26, 2008 Share Posted October 26, 2008 oops my bad lol Quote Link to comment Share on other sites More sharing options...
topflight Posted October 30, 2008 Author Share Posted October 30, 2008 Hi I have a question with this login sciprt I have crated how can I make other pages secure. I have tried using <?php session_start(); if(issset($_SESSION['login']){ // Some display code here for users who are logged in } else { echo 'You are not logged in'; include'login.php'; } ?> That is just something I threw out of my head. But is that correct for creating other serucre pages using the original login.php code? Thanks In Advanced. Quote Link to comment Share on other sites More sharing options...
topflight Posted October 30, 2008 Author Share Posted October 30, 2008 i feel that I am really close of trying to create secure pages but I just don't know what I it wrong. Quote Link to comment Share on other sites More sharing options...
topflight Posted October 30, 2008 Author Share Posted October 30, 2008 Any updates? Quote Link to comment Share on other sites More sharing options...
sKunKbad Posted November 1, 2008 Share Posted November 1, 2008 There are countless tutorials and free code on creating a user authentication system. I've been dealing with the same issue the last day or so. You will probably find some of the best info by searching for "PHP Session Hijacking" or "PHP Session Fixation" on yahoo ( or google ). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.