Jump to content

First login script and its all gone wrong! :(

Merdok

By Merdok
in PHP Coding Help

Recommended Posts

Merdok Member

Merdok

Posted
Posted

Ok here we go, I've never made my own login script for a website before but this time I thought i'd give it a go. Sadly though, its not working how id hoped.

 

The first line of code in my header include is this:

 

<?php if(isset($isloggedin)) {
$loggedin = 1;
}
?>

 

Later in the page there appears the rest of the script:

 


<?php // If the user has not logged in, the login box will be displayed instead of the page 

if (!empty($_POST['submit']))
{ 
$post_username = $_POST['username'];
$post_password = $_POST['password'];
$post_username = stripslashes($post_username);
$post_password = stripslashes($post_password);
$post_username = mysql_real_escape_string($post_username);
$post_password = mysql_real_escape_string($post_password);
$secure_password = sha1($post_password);

$sql="SELECT * FROM bolt_users WHERE username='$post_username' AND password='$secure_password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);

// If only one result is returned as a match, it must be the right one, so continue.
if($count==1){
	//session_register("isloggedin");
	setcookie("isloggedin", $isloggedin, time ( )+600, "/", "", 0);
	$loggedin = 1;	
	$message = NULL;
} else {
	$message = '<p align="center"> Login Failed </p>';
	$loggedin = 0;
}
}

if ($loggedin == 0) {

?>

<form action="<?php echo $siteroot ?>/socket/index.php" method="post" enctype="multipart/form-data" name="dologin" id="login_form">
  <table id="dologin" width="250" border="0" cellspacing="0" cellpadding="0" align="center">
    <tr>
      <td class="darker"><p> Username:</p></td>
      <td><input id="username" name="username" type="text"/></td>
    </tr>
    <tr>
      <td class="darker"><p> Password:</p></td>
      <td><input id="password" name="password" type="password"/></td>
    </tr>
    <tr>
      <td class="darker"> </td>
      <td><input id="submit" name="submit" type="submit" value="Login" /></td>
    </tr>
    <?php if (isset($message)) { 
	echo '<tr>';
    echo '<td class="darker" colspan="2">';
	echo $message; 
	echo '</td>';
	echo '</tr>';
	}
	?>
  </table>
</form>
<?php //Main content ends here	
require_once('' . $serverroot . '/socket/templates/standard/socket_footer.php');
exit();
}
?>

 

All of this appears in socket_header.php which is called on every page in the admin section, the login form posts to index.php which also contains the header.

 

I have tried a number of things:

 

1: I tried the method posted above after reading about cookies on a tutorial website, however I'm not sure if I've implemented it right as i've not got any experience with sessions and cookies.

 

This throws up the following error:

 

Warning: Cannot modify header information - headers already sent by (output started at /path/to/website/admin/template/socket_header.php:11) in /path/to/website/admin/template/socket_header.php on line 75

 

2: Instead of using cookies I just had the session thing at the top of the header, this is the code:

 

<?php session_start();
if(!session_is_registered(isloggedin)){
$loggedin = 1;
}

 

This seemed to ignore the login box and allowed me to view every page, it also does not show the error shown above, however it stopped working and activated the login box if I tried to submit a form from an admin page.

 

3: Before I even started to implement the idea of sessions and cookies I tried to get the login form to actually let me into the site, all I ever seem to get is "login failed" - This one is really stumping me as this one should be well within my abilities and I can't see what i've done wrong.

 

By the way: I realise that the cookie and the session have the same name, this is because I've had one commented out whilst using the other. They have not been used simultaniously.

 

 

Can anyone help me?

 

Thanks.

 

Merdok Member

Merdok

Posted
  • Author
Posted

OK I've figured out what I was doing wrong with the error message, however I still have two remaining problems.

 

1st: The usernames and passwords will not match, it constantly returns login failed and

2nd: If I make it so that whatever you put in the login box will let you in, it still asks for the login box on every page.

 

Here is my updated code:

 

<?php 
session_start();
setcookie("isloggedin", $loggedin, time ( )+600, "/", "", 0);?>
<?php require_once('/path/to/website/globals.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Socket | Website Administration Software</title>
<link href="<?php echo $siteroot?>/socket/elements/socket.css" rel="stylesheet" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="<?php $siteroot?>/Scripts/tiny_mce/tiny_mce.js"></script>
<script language="javascript" type="text/javascript">	
tinyMCE.init({
mode : "textareas",
theme : "advanced",
editor_selector : "mceSimple",
theme_advanced_buttons1 : "cut,copy,paste,| ,undo,redo",
theme_advanced_buttons2 : "",
theme_advanced_buttons3 : "",
forced_root_block : false,
force_p_newlines : false
});

tinyMCE.init({
mode : "textareas",
theme : "advanced",
editor_selector : "mceAdvanced",
content_css : "<?php $siteroot?>/elements/standard.css",
// Drop lists for link/image/media/template dialogs
template_external_list_url : "js/template_list.js",
external_link_list_url : "js/link_list.js",
external_image_list_url : "js/image_list.js",
media_external_list_url : "js/media_list.js",
//theme_advanced_disable : "code",
theme_advanced_buttons1 : "save,newdocument,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull, |, hr,removeformat,|,sub,sup,|,charmap,code",
theme_advanced_buttons2 : "cut,copy,paste,|,bullist,numlist,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,|,forecolor,backcolor",
theme_advanced_buttons3 : "styleselect,formatselect,fontselect,fontsizeselect"
});
</script>
</head>
<body id="socket">
<?php if($conn) { //Connection Test ?>
<div id="wrapper">
<img src="<?php $siteroot?>/socket/elements/socket_header.jpg" width="705" height="101" alt="Socket Site Administrator" />

<div id="container">
<div id="topnav">
<a href="<?php echo $siteroot?>/socket/index.php"><img src="<?php $siteroot?>/socket/elements/website_tab-active.jpg" width="215" height="44" alt="Website Manager" /></a><img src="<?php $siteroot?>/socket/elements/account_tab-inactive.jpg" width="214" height="44" alt="Account Manager" /><img src="<?php $siteroot?>/socket/elements/hosting_tab-inactive.jpg" width="214" height="44" alt="Hosting Manager" />
<div id="content">


<?php // If the user has not logged in, the login box will be displayed instead of the page 

if (!empty($_POST['submit']))
{ 
$post_username = $_POST['username'];
$post_password = $_POST['password'];
$post_username = stripslashes($post_username);
$post_password = stripslashes($post_password);
$post_username = mysql_real_escape_string($post_username);
$post_password = mysql_real_escape_string($post_password);
$secure_password = sha1($post_password);

$sql="SELECT * FROM table_name WHERE username='$post_username' AND password='$secure_password'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);

// If only one result is returned as a match, it must be the right one, so continue.
if($count==1){
	$loggedin = 1;	
	$message = NULL;
} else {
	$message = '<p align="center"> Login Failed </p>';
	$loggedin = 0;
}
}

if ($loggedin == 0) {

?>

<form action="<?php echo $siteroot ?>/socket/index.php" method="post" enctype="multipart/form-data" name="dologin" id="login_form">
  <table id="dologin" width="250" border="0" cellspacing="0" cellpadding="0" align="center">
    <tr>
      <td class="darker"><p> Username:</p></td>
      <td><input id="username" name="username" type="text"/></td>
    </tr>
    <tr>
      <td class="darker"><p> Password:</p></td>
      <td><input id="password" name="password" type="password"/></td>
    </tr>
    <tr>
      <td class="darker"> </td>
      <td><input id="submit" name="submit" type="submit" value="Login" /></td>
    </tr>
    <?php if (isset($message)) { 
	echo '<tr>';
    echo '<td class="darker" colspan="2">';
	echo $message; 
	echo '</td>';
	echo '</tr>';
	}
	?>
  </table>
</form>
<?php //Main content ends here	
require_once('' . $serverroot . '/socket/templates/standard/socket_footer.php');
exit();
}
?>

<?php 

} else { echo '<h1> Connection to the database has been lost!!'; } // End connection test
require_once('' . $serverroot . '/socket/modules/module_bar.php'); ?>
<div id="content_viewport">

 

Thanks for your help so far guys. Looks like i've got a busy weekend ahead of me!

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.