Login Script Help

[Cetanu]

Hey all, I'm new here, but I really need some help. I have a very basic login script for my new website. It works when people register, and it works when I login with my username and password. BUT, on the home page it is supposed to say "Welcome, USERNAME", but it only shows "Welcome,".

No username. Below are the codes and stuff, I probably did something stupid to it. Please help 

Script for Login Form to Connect to!

<?php

include("config.php"); 

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

$match = "select id from $table where username = '".$_POST['username']."'
and password = '".$_POST['password']."';"; 

$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry); 

if ($num_rows <= 0) { 
echo "Sorry, there is no username $username with the specified password.<br/>";
echo "<a href=log.php>Try again</a>";
exit; 
} else {
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "$username");
header('Location:http://mythscape.freezoka.com/main.php');
die();
}
?>

 

Next, I will show some of the code for the LOGIN page.

<?php
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "$username");
?>
<html>
<head><title>Login or Register</title> 
<link rel="stylesheet" href="site.css" type="text/css" media="screen">
<script type="text/javascript">
function cacherVoir(theDIV){
leStyle = document.getElementById(theDIV).style ;
if(leStyle.display == "block") {
leStyle.display = "none";
}
else{
leStyle.display = "block";
}
}
</script> 
</head> 

<body><div id="whole"> 
<table> 
<tr><th><a href="#" onclick="cacherVoir('myDiv'); return false;"><p class="table">Register!</p></a></th></tr>
<tr><td class="content">
<div id="myDiv" style="display:none;"><form action="register.php" method="post">
Pick a Username: <input type="text" name="username" size="20"><br/>
Pick a Password: <input type="password" name="password" size="20"><br/>
Enter your Email: <input type="text" name="email" size="20"><br/>
<input type="submit" value="Sign Up">
</form></div></td></tr></table> 
<div id="mid"> 
<form action="login.php" method="post">
Username: <input type="text" name="username" size="20"><br/<br/>
Password: <input type="password" name="password" size="20"><br/>
<input type="submit" value="Log In">
</form>

</div> 


</body>
</html> 

 

Finally, I will show the script that is supposed to say "Welcome, username". This is on the homepage.

<?php if (!isset($_COOKIE['loggedin'])) {
$link_reg = '<a href="user_login.php">Register</a><br/>';
echo("You are not logged in!<br/>");
include "log.php";
echo $link_reg;
}
else{
$link_logout = '<a href="logout.php">Logout</a><br/>';
$mysite_username = $HTTP_COOKIE_VARS["mysite_username"]; 
echo ("Welcome, $mysite_username <br/>");
echo $link_logout; 
}
?>

 

 

 

 

Any help will be reeeeeally appreciated. Thanks

[Ken2k7]

Before I get into the issue, please address the following. They are important! If you don't believe me, ask a mod or admin here.

1. or die statement needs to die. Those are just bad practices.

2. Hash passwords!

3. SQL injection protection.

 

Now onto the issue.

 

In the quoted portion of the code below, see where you have $username? There are 2 instances of $username. Find them both. The problem is that the variable $username is undefined. You can fix that by defining it to equal $_POST['username'] or just change $username to {$_POST['username']} (yes with the curly braces due to variable interpolation).

<?php
if ($num_rows <= 0) { 
echo "Sorry, there is no username $username with the specified password.<br/>";
echo "<a href=log.php>Try again</a>";
exit; 
} else {
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "$username");
header('Location:http://mythscape.freezoka.com/main.php');
die();
}

 

Now in the login script, why are you setting the cookie again? Look at the quoted lines of code below. Not only does it not make sense to set the cookie again, but $username is also not defined there.

<?php
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "$username");
?>

 

In your last file, use $_COOKIE instead of $HTTP_COOKIE_VARS.

[Cetanu]

What do the things I need to address mean? I don't get that, pro'ly 'cause I'm new to PHP.

 

 

 

 

 

In the quoted portion of the code below, see where you have $username? There are 2 instances of $username. Find them both. The problem is that the variable $username is undefined. You can fix that by defining it to equal $_POST['username'] or just change $username to {$_POST['username']} (yes with the curly braces due to variable interpolation).

 

....

 

 

Now in the login script, why are you setting the cookie again? Look at the quoted lines of code below. Not only does it not make sense to set the cookie again, but $username is also not defined there.

<?php
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "$username");
?>

 

In your last file, use $_COOKIE instead of $HTTP_COOKIE_VARS.

 

Thanks!!!! I'll do those and get back to you.

[Cetanu]

Guys, this still doesn't work! I dunno why, either.

[Xyphon]

echo ("Welcome, $mysite_username <br/>");

 

Shouldnt this be something along the lines of..

 

echo "Welcome, " . $mysite_username . "<br />";

[Cetanu]

Thanks for all the help, guys! I, er, we fixed it!!