Jump to content

Recommended Posts

Hello again!

 

I've been working on a login script for a while, adn new problems keep popping up. Currently, something odd is going on when I try to execute my script.

 

<?php
session_start();

if($_SESSION['pleaselogin'] == 1) {
$message = '<div class=red><b>An error has occured.</b> You must be logged in to view this page. Please login below.</div>';
$_SESSION['pleaselogin'] = '0';
}

if($_SESSION['loggedin'] == 1) {
header('Location: home');
} 

//This code runs if the form has been submitted
if (isset($_POST['submit'])) { 

include("includes/dbconnect.php"); 

// Define $username and $password 
$username= $_POST['username']; 
$password= md5($_POST['password']); 

// To protect MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

// Retrieve username and password
$sql="SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row

if($count == 1){


// retrieve userid from database 
$sql = "SELECT id FROM users WHERE username = '$username' AND password = '$password'"; 
$result = mysql_query($sql);

while ($row = mysql_fetch_assoc($result)) {
$userid = $row["id"];
}

// update lastlogin
$llsql = "UPDATE users SET lastlogin = now() WHERE id = '$userid' AND username = '$username'";
$llresult = mysql_query($llsql);

$_SESSION['loggedin'] = '1';
$_SESSION['userid'] = $userid;
$_SESSION['username'] = $username;

header("Location: home");
unset($_POST['username']);
}else {
$message = '<div class=red><b>An error has occured.</b> Please check that you are using a valid username/password combination.</div>';
}
}

include ("includes/nologin.php");
include ("includes/header.php");
?>

<img src="i/titles/login.png"><br>
Please login to your account to participate in our plot, <i>'the Mutated Moach'</i>. If you do not have an account and would like to participate, feel free to <a href="register">create</a> one.<br>
<div class="regvalidate"><?php print $message; ?></div>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

<center><div class="logtable logfont"><table><br>
<div style="text-align:left;">Username:</div>
<input name="username" type="text" value="<?php echo $_POST['username'];?>" class="regbox"><br><br>
<div style="text-align:left;">Password:</div>
<input name="password" type="password" class="regbox"><br>
<input type="submit" name="submit" class="regsend" value="Login" style="margin: 25px 35px;">
</table></div>

</form></center>

<?php include ("includes/footer.php"); ?>

 

I don't get any php or mysql errors, but, for some reason, whenever I try to log in. I get the error message I wrote that appears directly above the login form. (An error has occured. You must be logged in to view this page. Please login below.) But when I try to log in with, with the message still being displayed, it works fine. This happens every time I try to log in.

 

I just can't figure out what is wrong with the code. I tried removing the if statement that writes the error message, but then the page just refreshes and won't log me in.

 

Can anyone offer me some suggestiosn as to what I did wrong? Also, if you need me to specify the code in some of the files I've included in this one, I will gladly do so.

 

Thanks in advance!

Link to comment
https://forums.phpfreaks.com/topic/164727-solved-login-form-not-working/
Share on other sites

Could you explain to me what you mean by that?

 

So you want me to echo the form statement using php?

 

I am saying your form actions and the echo statements inside your form are faulty and may be potentially identifying incorrectly if the statements do not match the variables.

heres one problem i found,

 

if($_SESSION['loggedin'] == 1) {
   header('Location: home');
} 

 

$_SESSION['loggedin'] is not even set yet so its going to default to NULL and later on in the code it is set to 1,

that is why it gives you an error message first and then lets you log in....try this:

 

<?php
session_start();


//This code runs if the form has been submitted
if (isset($_POST['submit'])) { 

include("includes/dbconnect.php"); 

// Define $username and $password 
$username= $_POST['username']; 
$password= md5($_POST['password']); 

// To protect MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

// Retrieve username and password
$sql="SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysql_query($sql);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row

if($count == 1){


// retrieve userid from database 
$sql = "SELECT id FROM users WHERE username = '$username' AND password = '$password'"; 
$result = mysql_query($sql);

while ($row = mysql_fetch_assoc($result)) {
   $userid = $row["id"];
}

// update lastlogin
$llsql = "UPDATE users SET lastlogin = now() WHERE id = '$userid' AND username = '$username'";
$llresult = mysql_query($llsql);

$_SESSION['loggedin'] = '1';
$_SESSION['userid'] = $userid;
$_SESSION['username'] = $username;

header("Location: home");
unset($_POST['username']);
}else {
$message = '<div class=red><b>An error has occured.</b> Please check that you are using a valid username/password combination.</div>';
}

if($_SESSION['pleaselogin'] == 1) {
   $message = '<div class=red><b>An error has occured.</b> You must be logged in to view this page. Please login below.</div>';
   $_SESSION['pleaselogin'] = '0';
}

if($_SESSION['loggedin'] == 1) {
   header('Location: home');
} 
}

include ("includes/nologin.php");
include ("includes/header.php");
?>

<img src="i/titles/login.png"><br>
Please login to your account to participate in our plot, <i>'the Mutated Moach'</i>. If you do not have an account and would like to participate, feel free to <a href="register">create</a> one.<br>
<div class="regvalidate"><?php print $message; ?></div>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

<center><div class="logtable logfont"><table><br>
<div style="text-align:left;">Username:</div>
<input name="username" type="text" value="<?php echo $_POST['username'];?>" class="regbox"><br><br>
<div style="text-align:left;">Password:</div>
<input name="password" type="password" class="regbox"><br>
<input type="submit" name="submit" class="regsend" value="Login" style="margin: 25px 35px;">
</table></div>

</form></center>

<?php include ("includes/footer.php"); ?>

Actually the code,

if($_SESSION['loggedin'] == 1) {
   header('Location: home');
} 

is supposed to be there, at least I'm pretty sure.

 

So when a user signs in using the right credentials, a session is started (loggedin) and it is set to '1' or true. So, if the user tries to view the login page again, and they are logged in, they will be automatically redirected to the home page.

 

The error message that is appearing is one that I wrote.

if($_SESSION['pleaselogin'] == 1) {
$message = '<div class=red><b>An error has occured.</b> You must be logged in to view this page. Please login below.</div>';
$_SESSION['pleaselogin'] = '0';
}

 

This one is set on every protected page. The code on those pages check to see if $_SESSION['loggedin'] is set and equals 1 and if it doesn't sets $_SESSION['pleaselogin'] to one and redirects back to the login page.

 

@The Eagle: I'm really sorry, but I am still unsure of what you are telling me to do.

 

Edit: I executed the code you suggested, Northern Flame, and there doesn't seem to be any difference in what is happening.

$_SESSION['loggedin'] and $_SESSION['pleaselogin'] are complements of each other and at the point you do log in, you are not setting $_SESSION['pleaselogin'] to zero, so any page using $_SESSION['pleaselogin'] is not going to act corrrectly.

 

Just use one variable $_SESSION['loggedin']. If it is 1 you are logged in. If it is 0 (or non-existent) you are not logged in.

 

You also need an exit; statement after every header() redirect statement to prevent the remainder of the code on the page from being executed.

 

And the information The Eagle posted is just two different ways of accomplishing the same thing are are not relevant to the problem.

I see what you are saying, PFMaBiSmAd, but I believe that I do need both $_SESSION['loggedin'] and $_SESSION['pleaselogin'].

 

$_SESSION['loggedin'] identifies whether the user is logged in. It allows users to see (and to not see, such as the login page) certain pages. It is in use until the user logs out.

 

However, $_SESSION['pleaselogin'] is only in use when the user tries to access a page where $_SESSION['loggedin'] is needed. When that requirement is not fulfilled, $_SESSION['pleaselogin'] is created, set to 1, and the user is redirected to the login page.

 

If I only used one variable, $_SESSION['loggedin'], then whenever the user accessed the login form (through any means) they would get the red message. I only want them to see that when they try to access a protected page without logging in.

 

Or am I going about this the wrong way?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.