Jump to content

[SOLVED] Login Script Issues

timecatcher

By timecatcher
in PHP Coding Help

 Share

Recommended Posts

timecatcher Member

timecatcher

Posted
Posted

Hey Im working on the login script for my website, however its not working and it wont check the username/pass neither will it set the cookies due to headers.

 

Heres the code:

<?php
require("include/database.php");
//Database information is stored here, don't forget to use the $db -> command.
//Sets all the automatic information. (User info like cookies ect, will be stored in config.php.
require ( "config.php" );
echo"<head><title>Login</title></head>";
echo"$openHTML";
/*Login processer, checks if the fields are empty, and if the password and username are correct
then logs the user in setting the cookies in the process in the config.php file.*/
if(isset($_POST['submit'])){
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$query1 = mysql_query ( "SELECT * FROM users WHERE username !='".$_POST['username']."'" );
$query2 = mysql_query ( "SELECT * FROM users WHERE username ='".$_POST['username']."' && password!='".$_POST['password']."'" );
if(empty($_POST['username'])){
$error = 1;
$error2 .= "<li>Please enter your username.</li>";
}
elseif(mysql_num_rows($query1) < 1){
$error = 1;
$error2 .= "<li>Please enter the correct username.</li>";
}
if(empty($_POST['password'])){
$error = 1;
$error2 .= "<li>Please enter your password.</li>";
}
elseif(mysql_num_rows($query2) < 1){
$error = 1;
$error2 .= "<li>Please enter the correct password.</li>";
}
if(!$error){
//Set cookies.
$username = $_POST['username'];
$password = $_POST['password'];
setcookie('username','$username');
setcookie('password','$password');
}
}
//Login Form. (Allows for user data input.)
echo<<<echo
Please enter your user details here.
<form action="$PHP_SELF" method="post">
Username: <input type="text" name="username">
<br>
Password: <input type="password" name="password">
<br>
<input type="submit" name="submit" value="Login">
</form>
echo;
if($error == 1){
echo"$error2";
}
echo"$closeHTML";
//Closes all the layout data.
?>

 

Thanks for your help.

 

TC.

Link to comment
https://forums.phpfreaks.com/topic/147540-solved-login-script-issues/
Share on other sites
Adam Advanced Member

Adam

Posted
Posted

Okay the cookies are failing because you have to set them with the headers, ie. before any HTML is printed out.

 

Don't quite know why you need two queries? Could remove $query1 and just use $query2 to determine if they were logged in successfully - probs considered bad security to tell them if they entered the wrong username anyway!

 

Add "or die('Error: ' . mysql_error());" to the end of your query to give you mire insight as to why it's not working. Like:

 

$query2 = mysql_query ( "SELECT * FROM users WHERE username ='".$_POST['username']."' && password!='".$_POST['password']."'" ) or die('Error: ' . mysql_error());

 

Then tell us the errors you get..

 

Adam

phant0m Member

phant0m

Posted
Posted

Just use ob_start() and ob_end_flush()

 

Read here:

http://ch2.php.net/manual/en/function.ob-start.php

 

No, processing the data doesn't have to happen after the form, because:

1st: The user accesses your page, enters some info and then submits the info to your server. Then, your php script is invoked, from where you can access the POST data using $_POST from the very beginning of your script.

Simply check whether the information entered matches the ones stored in your database at the very beginning of your script, i.e. before there is any output that the client receives(e.g. HTML)

If you do that, you won't need ob_start() etc anymore.

jackpf Member

jackpf

Posted
Posted

Something like:

 

<?php
if(isset($_POST['username']) || isset($_POST['password']))
{
setcookie(...
}
else
{
echo '<form...>';//form stuff
}
?>

 

That way the cookies are being set before anything is even considered being sent to the page.

 

Also, you'll probably need to define what domain and directory the cookies have access to, aswell as an expiry time. Have a look here http://php.net/setcookie

jackpf Member

jackpf

Posted
Posted

Lol yeah. I've been looking into output buffering to help me with my header('location:...etc where I've already sent stuff to the page.

 

But it seems rather complicated, so I just used javascript instead, which isn't as reliable, but it's more versatile. :D

timecatcher Member

timecatcher

Posted
  • Author
Posted

Ok Im confused here is the script as it looks at the moment, I wouuld appreciate a visual of how I should set it all up please. Thanks. TC.

 

<?php
require("include/database.php");
//Database information is stored here, don't forget to use the $db -> command.
//Sets all the automatic information. (User info like cookies ect, will be stored in config.php.
/*Login processer, checks if the fields are empty, and if the password and username are correct
then logs the user in setting the cookies in the process in the config.php file.*/
if(isset($_POST['submit'])){
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$username = $_POST['username'];
$password = md5($_POST['password']);
$query2 = mysql_query ( "SELECT * FROM users WHERE username ='".$username."' && password!='".$password."'" );
if(empty($username)){
$error = 1;
$error2 .= "<li>Please enter your username.</li>";
}
if(empty($password)){
$error = 1;
$error2 .= "<li>Please enter your password.</li>";
}
elseif(mysql_num_rows($query2) > 0){
$error = 1;
$error2 .= "<li>Please enter the correct username or password.</li>";
}
if(!$error){
//Set cookies.
setcookie('username','$username');
setcookie('password','$password');
}
}
require ( "config.php" );
echo"<head><title>Login</title></head>";
echo"$openHTML";
//Login Form. (Allows for user data input.)
echo<<<echo
Please enter your user details here.
<form action="$PHP_SELF" method="post">
Username: <input type="text" name="username">
<br>
Password: <input type="password" name="password">
<br>
<input type="submit" name="submit" value="Login">
</form>
echo;
if($error == 1){
echo"$error2";
}
echo"$closeHTML";
//Closes all the layout data.
?>

Adam Advanced Member

Adam

Posted
Posted

Give this a whirl..

 

<?php
require("include/database.php");
//Database information is stored here, don't forget to use the $db -> command.
//Sets all the automatic information. (User info like cookies ect, will be stored in config.php.
/*Login processer, checks if the fields are empty, and if the password and username are correct
then logs the user in setting the cookies in the process in the config.php file.*/
if (isset($_POST['submit'])) {
    $username = mysql_real_escape_string($_POST['username']);
    $password = md5($_POST['password']);

    $query = mysql_query("
        SELECT * FROM users
        WHERE username = '".$username."'
        AND password = '".$password."'
    ") or die('Error: ' . mysql_error());

    if (empty($username)) {
        $error = 1;
        $error2 .= "<li>Please enter your username.</li>";
    }

    if (empty($password)) {
        $error = 1;
        $error2 .= "<li>Please enter your password.</li>";
    }
    
    if (mysql_num_rows($query) != 1) {
        $error = 1;
        $error2 .= "<li>Please enter the correct username or password.</li>";
    }

    if (!$error) {
        //Set cookies.
        setcookie('username', '$username', time()+60*60*24*30);
        setcookie('password', '$password', time()+60*60*24*30);
        header("Location: logged_in.php");
    }
}

require("config.php");

echo "<head><title>Login</title></head>";
echo "$openHTML";

if ($_POST['submit'] && $error == 1) {
    echo "<ul>$error2</ul>";
}

//Login Form. (Allows for user data input.)
?>
Please enter your user details here.
<form action="$PHP_SELF" method="post">
Username: <input type="text" name="username">
<br>
Password: <input type="password" name="password">
<br>
<input type="submit" name="submit" value="Login">
</form>
<?php

//Closes all the layout data.
echo "$closeHTML";
?>

 

That will redirect on success, display errors and form on fail .. else just the form.

 

(Note that it's far easier to read when the code is indented..)

 

Adam

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.