[SOLVED] Login Help

[BlackWidow]

I have having problems with the following code, sometimes it will login and carry the session to the next page, sometimes it logs in but doesnt carry the session to the next page.  Can anyone see why?  It has me flumuxed.

<?php
//$uname = "";
//$pword = "";
//$errorMessage = "";
//==========================================
//	ESCAPE DANGEROUS SQL CHARACTERS
//==========================================
function quote_smart($value, $handle) {

   if (get_magic_quotes_gpc()) {
       $value = stripslashes($value);
   }

   if (!is_numeric($value)) {
       $value = "'" . mysql_real_escape_string($value, $handle) . "'";
   }
   return $value;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$uname = $_POST['username'];
$pword = $_POST['password'];

$uname = htmlspecialchars($uname);
$pword = htmlspecialchars($pword);

//==========================================
//	CONNECT TO THE LOCAL DATABASE
//==========================================
$hostname = "removed";
	$username = "removed";
  	$password = "removed";
  	$database = "removed";

$db_handle = mysql_connect("$hostname", "$username", "$password");
$db_found = mysql_select_db("$database", $db_handle);

if ($db_found) {

	//$uname = quote_smart($uname, $db_handle);
	//$pword = quote_smart($pword, $db_handle);

	$sql = "SELECT * FROM user 
                                 WHERE uname = '$uname' 
                                 AND pword = '$pword'";

	$result = mysql_query($sql, $db_handle);

	if ($result) {
		$num_rows = mysql_num_rows($result);

		if ($num_rows > 0) {

			//$db_field = mysql_fetch_assoc($result);
			//$uname = $db_field['uname'];
			session_start();
			$_SESSION['uname'] = $uname;
			$_SESSION['pword'] = $pword;

			header ("Location: loggon.php");

		}else {

			$errorMessage = "Invalid Login.";

			session_start();
			$_SESSION['uname'] = '';
			$_SESSION['pword'] = '';

			//==========================================
			//	YOUR SIGNUP PAGE HERE
			//==========================================
			header ("Location: test_reg.php");
		}	
	}
	else {
		$errorMessage = "Error logging on - no results";
                        //header ("Location: reg.php");
	}


}

else {
	$errorMessage = "Error logging on - last error";
}

}


?>

<?php include("member_header.php"); ?>
<?php include("member_menu.php"); ?> 


<div id="content1">


<form name ="form1" method ="post" action ="logv1.php">
<fieldset>
Username: <input type = "text" name ="username"  value="<?php print $uname;?>" maxlength="20"><br /><br />
Password:   <input type = "text" name ="password"  value="<?php print $pword;?>" maxlength="16"><br />

<p>
<input type = "submit" name = "submit"  value = "Login">
</p>
</fieldset>
</form>

<?php print $errorMessage;?>

</div>

</body>
</html>

[Ken2k7]

   $uname = htmlspecialchars($uname);
   $pword = htmlspecialchars($pword);

Why?

 

   $db_handle = mysql_connect("$hostname", "$username", "$password");
   $db_found = mysql_select_db("$database", $db_handle);

You don't have to wrap variables in quote tags like that.

 

            session_start();

That line should be at the very top.

 

            $_SESSION['pword'] = $pword;

Is there a need to store a password?

[BlackWidow]

Hi, Done what you suggested, it is working now.  Why has it worked sometimes ang not other times though?

[Ken2k7]

session_start() has to be the first line if you were to use $_SESSION. I assume that's the problem. But really, you shouldn't htmlspecialchars($uname) and same goes for password. I don't understand that.

[revraz]

You may not have error display or reporting turned on, so you probably never seen the HEADER errors you were getting.

 

Hi, Done what you suggested, it is working now.  Why has it worked sometimes ang not other times though?

[BlackWidow]

hi ken2k7 thank you for your kelp it appears to be working now.