Jump to content

login check problem


DEVILofDARKNESS

Recommended Posts

I get this error:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /www/uuuq.com/4/a/d/4ade/htdocs/gedichten/test/ADD.php:10) in /www/uuuq.com/4/a/d/4ade/htdocs/gedichten/test/ADD.php on line 14

 

Parse error: syntax error, unexpected '<' in /www/uuuq.com/4/a/d/4ade/htdocs/gedichten/test/login-check.php on line 16

 

this is the script:

<html>
<head><title>Gedichten</title>
        <link href='../../standard.css' type='text/css' rel='stylesheet' />
<link href='natuur.css' type='text/css' rel="stylesheet" />
</head>
<body>
<table class='look' height='100%' width='100%' border='1'>
            <tbody>
                <tr>
                    <td width='10%' height='100%'><iframe class='frames' src='../../functieknoppen/functieknoppennatuur.htm' frameborder='0' width='100%' height='100%' scrolling='no'></iframe>
                    </td>
                    <td><center>
                    <?php
				session_start();
require_once 'login-check.php';
/* DATABASE SETTINGS */

print "<form action='' method='POST'>
		Jou Naam: <input type='text' maxlength='35' Name='UName'><br>
		Gedicht Naam: <input type='text' maxlength='35' Name='PName'><br>
		Auteur Naam: <input type='text' maxlength='35' Name='Auteur'><br>
		bundel: <input type='text' maxlength='35' Name='bundel'><br>
		Jaartal: <input type='text' maxlength='35' Name='jaartal'><br>
		Poem Text: <textarea COLS='60' ROWS='5' Name='PText'></textarea>
		<input type='submit' Value='Add!' name='submit'> <input type='reset'>
	</form>";
$query = sprintf("SELECT COUNT(DISTINCT poem_id) FROM poems");
$result = mysql_query($query);
list($id) = mysql_fetch_row($result);

$query = sprintf("SELECT COUNT(DISTINCT user_id) FROM users");
$result = mysql_query($query);
list($userid) = mysql_fetch_row($result);

$query = sprintf("SELECT COUNT(DISTINCT book_id) FROM books");
$result = mysql_query($query);
list($bookid) = mysql_fetch_row($result);

$query = sprintf("SELECT COUNT(DISTINCT author_id) FROM authors");
$result = mysql_query($query);
list($authorid) = mysql_fetch_row($result);

if(isset($_POST['submit'])) {
$id = $id + 1;
$userid = $userid + 1;
$bookid = $bookid + 1;
$authorid = $authorid + 1;
$pname = $_POST['PName'];
$uname = $_POST['UName'];
$ptext = $_POST['PText'];
$auteur = $_POST['Auteur'];
$bundel = $_POST['bundel'];
$jaartal = $_POST['jaartal'];
$ip = $_SERVER['REMOTE_ADDR'];
$added = date("d/m/y : H:i:s", time()) ;
	if(empty($_POST['PName'])) {
		print "<script type='text/javascript'>alert('Je hebt geen gedichten naam geschreven!');</script>";
	} elseif(empty($_POST['UName'])) {
		print "<script type='text/javascript'>alert('Je hebt je naam niet geschreven!');</script>";	
	} elseif(empty($_POST['PText'])) {
		print "<script type='text/javascript'>alert('je hebt geen gedicht geschreven!');</script>";
	} elseif(empty($_POST['Auteur'])) {
		print "<script type='text/javascript'>alert('Je hebt geen Auteur ingevuld, als je het niet weet, schrijf dan Onbekend of UnKnown!');</script>";
	} else {
		$query = sprintf("INSERT INTO poems(poem_id,poem_name,user_id,poem_text,category_id,book_id,poem_added) VALUES ('$id','$pname','$userid','$ptext','7','$bookid','$added')");
		$result = mysql_query($query);
		$query = sprintf("INSERT INTO users(user_id,user_name) VALUES ('$userid','$uname')");
		$result = mysql_query($query);
		$query = sprintf("INSERT INTO books(book_id,book_name,author_id) VALUES ('$bookid','$bundel','$authorid')");
		$result = mysql_query($query);
		$query = sprintf("INSERT INTO authors(author_id,author_name) VALUES ('$authorid','$auteur')");
		$result = mysql_query($query);
		print "<script type='text/javascript'>alert('Je gedicht is toegevoegd aan de 'Test' categorie);</script><a href='test.php'>Zie alle gedichten</a>";
	}
}
?>
                    </center></td>
                </tr>
            </tbody>
        </table>
</body>
</html>

 

this is the login-check code:

<?php

session_start();

/* DATABASE SETTINGS */
$username = $_SESSION['username'];
$query = sprintf("SELECT id FROM users WHERE user_name = '$username'",
                        mysql_real_escape_string($_SESSION['username']));
$result = mysql_query($query);
list($userID) = mysql_fetch_row($result);
if(!$userID) {
        // not logged in!
	<script type='text/Javascript'>
		alert:('Je moet ingelogd zijn om een gedicht te kunnen toevoegen!');
	</script>
        header('Location: login.php');        
}

?>

 

and this is the login script:

<?php

session_start();
if(isset($_POST)) {
/*DATABASE SETTINGS */
        $username = mysql_real_escape_string($_POST['username']);
    $password = md5('ssdùµDSFQ£Fµ^µùµùùù%%*¨£+£%£¨45ss68ee46"é435§(§è)' . $_POST['password'] . 'wadzaa');
                $query = "SELECT COUNT(user_id) FROM users WHERE user_name = '$username' AND user_pass='$password'";
        $result = mysql_query($query) or die("SQL Error: SQL: {$query}<br /> mySql error: " . mysql_error());
        list($count) = mysql_fetch_row($result);
                if($count == 1) {
				$query = "SELECT user_id FROM users WHERE user_name = '$username' AND user_pass = '$password'";
				$result = mysql_query($query);
				list($id) = mysql_fetch_row($result);
                        $_SESSION['username'] = $_POST['username'];
                        $query = "UPDATE users SET last_login = NOW() WHERE user_name = '$username' AND user_pass = '$password'";
                        $result = mysql_query($query)  or die("SQL Error: SQL: {$query}<br /> mySql error: " . mysql_error());
							header('location:gedichten/gedichten.php');
                } else {
					$color = "red";
                        $echo = 'There is no username/password combination like that in the database.';
                }
}

?>
<html dir="ltr">
    <head>
        <title>Login</title>
        <link href="../../standard.css" type="text/css" rel="stylesheet" />
<link href='natuur.css' type='text/css' rel="stylesheet" />
    </head>
    <body>
        <table class="look" height="100%" width="100%" border="1">
            <tbody>
                <tr>
                    <td width="10%" height="100%"><iframe class="frames" src="../../functieknoppen/functieknoppennatuur.htm" frameborder="0" width="100%" height="100%" scrolling="no"></iframe>
                    </td>
                    <td><center>
				<font color="<?php echo $color; ?>"><?php echo $echo; ?></font><br>
					<form action="" method="post">
						Username: <input type="text" name="username" id="username"><br>
						Password: <input type="password" name="password"><br>
						<input type="submit" value="login"> -- <input type="reset" value="reset">
					</form>
					<script type="text/Javascript">
						document.getElementById("username").focus();
					</script>
				</td>
			</tr>
		</tbody>
	</table>
</body>
</html>

Link to comment
https://forums.phpfreaks.com/topic/146836-login-check-problem/
Share on other sites

Ok I found the bug, thanks, but now it always redirects me to the login page even if you're logged in.

 

ADD.php code:

<?php
session_start();
/*DATABASE SETTINGS */
$username = mysql_real_escape_string($_SESSION['username']);
$query = "SELECT user_id FROM users WHERE user_name = '$username'";
$result = mysql_query($query);
list($userID) = mysql_fetch_row($result);
if(!$userID) {
        // not logged in!
        header('Location: ../../login.php');
}

?>
<html>
<head><title>Gedichten</title>
        <link href='../../standard.css' type='text/css' rel='stylesheet' />
<link href='natuur.css' type='text/css' rel="stylesheet" />
</head>
<body>
<table class='look' height='100%' width='100%' border='1'>
            <tbody>
                <tr>
                    <td width='10%' height='100%'><iframe class='frames' src='../../functieknoppen/functieknoppennatuur.htm' frameborder='0' width='100%' height='100%' scrolling='no'></iframe>
                    </td>
                    <td><center>
                    <?php
print "<form action='' method='POST'>
		Jou Naam: <input type='text' maxlength='35' Name='UName'><br>
		Gedicht Naam: <input type='text' maxlength='35' Name='PName'><br>
		Auteur Naam: <input type='text' maxlength='35' Name='Auteur'><br>
		bundel: <input type='text' maxlength='35' Name='bundel'><br>
		Jaartal: <input type='text' maxlength='35' Name='jaartal'><br>
		Poem Text: <textarea COLS='60' ROWS='5' Name='PText'></textarea>
		<input type='submit' Value='Add!' name='submit'> <input type='reset'>
	</form>";
$query = sprintf("SELECT COUNT(DISTINCT poem_id) FROM poems");
$result = mysql_query($query);
list($id) = mysql_fetch_row($result);

$query = sprintf("SELECT COUNT(DISTINCT user_id) FROM users");
$result = mysql_query($query);
list($userid) = mysql_fetch_row($result);

$query = sprintf("SELECT COUNT(DISTINCT book_id) FROM books");
$result = mysql_query($query);
list($bookid) = mysql_fetch_row($result);

$query = sprintf("SELECT COUNT(DISTINCT author_id) FROM authors");
$result = mysql_query($query);
list($authorid) = mysql_fetch_row($result);

if(isset($_POST['submit'])) {
$id = $id + 1;
$userid = $userid + 1;
$bookid = $bookid + 1;
$authorid = $authorid + 1;
$pname = $_POST['PName'];
$uname = $_POST['UName'];
$ptext = $_POST['PText'];
$auteur = $_POST['Auteur'];
$bundel = $_POST['bundel'];
$jaartal = $_POST['jaartal'];
$ip = $_SERVER['REMOTE_ADDR'];
$added = date("d/m/y : H:i:s", time()) ;
	if(empty($_POST['PName'])) {
		print "<script type='text/javascript'>alert('Je hebt geen gedichten naam geschreven!');</script>";
	} elseif(empty($_POST['UName'])) {
		print "<script type='text/javascript'>alert('Je hebt je naam niet geschreven!');</script>";	
	} elseif(empty($_POST['PText'])) {
		print "<script type='text/javascript'>alert('je hebt geen gedicht geschreven!');</script>";
	} elseif(empty($_POST['Auteur'])) {
		print "<script type='text/javascript'>alert('Je hebt geen Auteur ingevuld, als je het niet weet, schrijf dan Onbekend of UnKnown!');</script>";
	} else {
		$query = sprintf("INSERT INTO poems(poem_id,poem_name,user_id,poem_text,category_id,book_id,poem_added) VALUES ('$id','$pname','$userid','$ptext','7','$bookid','$added')");
		$result = mysql_query($query);
		$query = sprintf("INSERT INTO users(user_id,user_name) VALUES ('$userid','$uname')");
		$result = mysql_query($query);
		$query = sprintf("INSERT INTO books(book_id,book_name,author_id) VALUES ('$bookid','$bundel','$authorid')");
		$result = mysql_query($query);
		$query = sprintf("INSERT INTO authors(author_id,author_name) VALUES ('$authorid','$auteur')");
		$result = mysql_query($query);
		print "<script type='text/javascript'>alert('Je gedicht is toegevoegd aan de 'Test' categorie);</script><a href='test.php'>Zie alle gedichten</a>";
	}
}
?>
                    </center></td>
                </tr>
            </tbody>
        </table>
</body>
</html>

 

login code:

<?php

// session_start();
if(isset($_POST)) {
/*DATABASE SETTINGS */
        $username = mysql_real_escape_string($_POST['username']);
    $password = md5('ssdùµDSFQ£Fµ^µùµùùù%%*¨£+£%£¨45ss68ee46"é435§(§è)' . $_POST['password'] . 'wadzaa');
                $query = "SELECT COUNT(user_id) FROM users WHERE user_name = '$username' AND user_pass='$password'";
        $result = mysql_query($query) or die("SQL Error: SQL: {$query}<br /> mySql error: " . mysql_error());
        list($count) = mysql_fetch_row($result);
                if($count == 1) {
				$query = "SELECT user_id FROM users WHERE user_name = '$username' AND user_pass = '$password'";
				$result = mysql_query($query);
				list($id) = mysql_fetch_row($result);
                        $_SESSION['username'] = $_POST['username'];
                        $query = "UPDATE users SET last_login = NOW() WHERE user_name = '$username' AND user_pass = '$password'";
                        $result = mysql_query($query)  or die("SQL Error: SQL: {$query}<br /> mySql error: " . mysql_error());
							header('location:gedichten/gedichten.php');
                } else {
					$color = "red";
                        $echo = 'There is no username/password combination like that in the database.';
                }
}

?>
<html dir="ltr">
    <head>
        <title>Login</title>
        <link href="../../standard.css" type="text/css" rel="stylesheet" />
<link href='natuur.css' type='text/css' rel="stylesheet" />
    </head>
    <body>
        <table class="look" height="100%" width="100%" border="1">
            <tbody>
                <tr>
                    <td width="10%" height="100%"><iframe class="frames" src="../../functieknoppen/functieknoppennatuur.htm" frameborder="0" width="100%" height="100%" scrolling="no"></iframe>
                    </td>
                    <td><center>
				<font color="<?php echo $color; ?>"><?php echo $echo; ?></font><br>
					<form action="" method="post">
						Username: <input type="text" name="username" id="username"><br>
						Password: <input type="password" name="password"><br>
						<input type="submit" value="login"> -- <input type="reset" value="reset">
					</form>
					<script type="text/Javascript">
						document.getElementById("username").focus();
					</script>
				</td>
			</tr>
		</tbody>
	</table>
</body>
</html>

Link to comment
https://forums.phpfreaks.com/topic/146836-login-check-problem/#findComment-771185
Share on other sites

Ok, I found the bug,

now there is still one problem, It shows from the beginning that there is no username/password combination,

even when there is nothing send yet.

What have I done wrong? I already tried the if(isset($count)) but it didn't work.

 

<?php

session_start();
if(isset($_POST)) {
        /* DATABASE SETTINGS */
        $username = mysql_real_escape_string($_POST['username']);
    $password = md5('ssdùµDSFQ£Fµ^µùµùùù%%*¨£+£%£¨45ss68ee46"é435§(§è)' . $_POST['password'] . 'wadzaa');
                $query = "SELECT COUNT(user_id) FROM users WHERE user_name = '$username' AND user_pass='$password'";
        $result = mysql_query($query) or die("SQL Error: SQL: {$query}<br /> mySql error: " . mysql_error());
        list($count) = mysql_fetch_row($result);
	if(isset($count)) {
                if($count == 1) {
				$query = "SELECT user_id FROM users WHERE user_name = '$username' AND user_pass = '$password'";
				$result = mysql_query($query);
				list($id) = mysql_fetch_row($result);
                        $_SESSION['username'] = $_POST['username'];
                        $query = "UPDATE users SET last_login = NOW() WHERE user_name = '$username' AND user_pass = '$password'";
                        $result = mysql_query($query)  or die("SQL Error: SQL: {$query}<br /> mySql error: " . mysql_error());
							header('location:gedichten/test/ADD.php');
                } else {
					$color = "red";
                        $echo = 'There is no username/password combination like that in the database.';
                }
	}
}

?>

Link to comment
https://forums.phpfreaks.com/topic/146836-login-check-problem/#findComment-773164
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.