offdarip Posted August 3, 2009 Share Posted August 3, 2009 When I attempt to login, none of the user pages recognize that i am logged in. I am getting the Access Denied Error from the auth.php...Please Help This is the login page login.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login to your profile</title> <script type="text/javascript"> <!-- Form Validation --> function validate_form ( ) { valid = true; if ( document.logform.email.value == "" ) { alert ( "Please enter your Email Address" ); valid = false; } if ( document.logform.pass.value == "" ) { alert ( "Please enter your password" ); valid = false; } return valid; } <!-- Form Validation --> </script> <style type="text/css"> <!-- .bodytext { color: #6F0; } .pgset { background-color: #000; } body { background-color: #000; } --> </style> </head> <body> <div align="center"> <h3><span class="bodytext"><br /> <br /> Log in to your account here</span><br /> <br /> </h3> </div> <table align="center" cellpadding="5"> <form action="login-exec.php" method="post" enctype="multipart/form-data" name="logform" id="logform" onsubmit="return validate_form ( );"> <tr> <td class="bodytext"><div align="right">Email Address:</div></td> <td><input name="email" type="text" id="email" size="30" maxlength="64" /></td> </tr> <tr> <td class="bodytext"><div align="right">Password:</div></td> <td><input name="password" type="password" id="password" size="30" maxlength="24" /></td> </tr> <tr> <td class="bodytext">Remember me <label> <input type="checkbox" name="remember" id="remember" value="yes" /> </label></td> <td><input name="Submit" type="submit" value="Login" /></td> </tr> </form> </table> </body> </html> Login Execution page login-exec.php <?php //Start session session_start(); include_once "connect_to_mysql.php"; $remember = $_POST['remember']; // Added for the remember me feature $email = strip_tags($email); $password = strip_tags($password); $email = mysql_real_escape_string($email); $password = mysql_real_escape_string($password); $email = eregi_replace("`", "", $email); $password = eregi_replace("`", "", $password); //Create query $qry="SELECT * FROM myMembers WHERE email='$email' AND password='".md5($_POST['password'])."' AND email_activated='1'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['ID'] = $member['id']; $_SESSION['EMAIL'] = $member['email']; $_SESSION['FULLNAME'] = $member['fullname']; $_SESSION['USERNAME'] = $member['username']; session_write_close(); header("location: member-index.php"); mysql_query("UPDATE myMembers SET last_log_date=now() WHERE id='$id'"); // Remember Me Section Addition... if member has chosen to be remembered in the system if($remember == "yes"){ setcookie("idCookie", $id, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs setcookie("usernameCookie", $username, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs setcookie("emailCookie", $email, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs setcookie("passwordCookie", $password, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs } exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> member page member-index.php <?php require_once('auth.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Member Index</title> <link href="loginmodule.css" rel="stylesheet" type="text/css" /> </head> <body> <h1>Welcome <?php echo $_SESSION['FULLNAME'];?></h1> <a href="member-profile.php">My Profile</a> | <a href="logout.php">Logout</a> <p>This is a password protected area only accessible to members. </p> </body> </html> auth.php <?php //Start session session_start(); //Check whether the session variable SESS_ID is present or not if(!isset($_SESSION['ID']) || (trim($_SESSION['ID']) == '')) { header("location: access-denied.php"); exit(); } ?> These are my SQL Tables names id username fullname password last_log_date email_activated Please help.. Thanks in advance Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/ Share on other sites More sharing options...
offdarip Posted August 4, 2009 Author Share Posted August 4, 2009 and I know it's connecting to the database because i have a last log in row that that php form is updating... please please help me get the sessions working Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-890617 Share on other sites More sharing options...
watsmyname Posted August 4, 2009 Share Posted August 4, 2009 and I know it's connecting to the database because i have a last log in row that that php form is updating... please please help me get the sessions working well try to echo ID session in member-index.php before the included auth.php file and see if you can get session value. Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-890623 Share on other sites More sharing options...
offdarip Posted August 4, 2009 Author Share Posted August 4, 2009 I tried that and when I log in It displays "welcome" and seems to die after the php script starts Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-890649 Share on other sites More sharing options...
offdarip Posted August 4, 2009 Author Share Posted August 4, 2009 and with it like that, when i am not logged in and go to the member-index.php, it does the same thing.. Just displays "welcome" and blank after that... n Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-890653 Share on other sites More sharing options...
watsmyname Posted August 4, 2009 Share Posted August 4, 2009 and with it like that, when i am not logged in and go to the member-index.php, it does the same thing.. Just displays "welcome" and blank after that... n try using include('auth.php') instead of require_once('auth.php'); Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-890663 Share on other sites More sharing options...
offdarip Posted August 4, 2009 Author Share Posted August 4, 2009 It's still going to access denied with the include also... Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-890666 Share on other sites More sharing options...
offdarip Posted August 4, 2009 Author Share Posted August 4, 2009 and I know it's connecting to the database because i have a last log in row that that php form is updating... please please help me get the sessions working Actually, I thought it was updating but its not now.. Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-890684 Share on other sites More sharing options...
watsmyname Posted August 4, 2009 Share Posted August 4, 2009 and I know it's connecting to the database because i have a last log in row that that php form is updating... please please help me get the sessions working Actually, I thought it was updating but its not now.. check if session is set in login-exec.php, echo session instead of redirecting to members page and see. Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-890691 Share on other sites More sharing options...
offdarip Posted August 4, 2009 Author Share Posted August 4, 2009 kinda new to this as you can probably tell.. can you help me out changing it to echo session? Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-890722 Share on other sites More sharing options...
offdarip Posted August 5, 2009 Author Share Posted August 5, 2009 Please Help I can't figure out the problem Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-891384 Share on other sites More sharing options...
alex3 Posted August 5, 2009 Share Posted August 5, 2009 On this section of your code: $email = strip_tags($email); $password = strip_tags($password); $email = mysql_real_escape_string($email); $password = mysql_real_escape_string($password); $email = eregi_replace("`", "", $email); $password = eregi_replace("`", "", $password); I can't see where you're actually giving $email it's proper value, you're stripping it right away. Surely $email = eregi_replace(strip_tags($_POST['email'])); Would be better? It's just that I can't see where you're using the POSTed variables, apart from hashing the password. Echo your $result variable to check you're connecting to your DB. With out using the POSTed values, I'd guess you won't find an entry because $email will be blank. Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-891401 Share on other sites More sharing options...
offdarip Posted August 5, 2009 Author Share Posted August 5, 2009 i replaced $email = strip_tags($email); $password = strip_tags($password); $email = mysql_real_escape_string($email); $password = mysql_real_escape_string($password); $email = eregi_replace("`", "", $email); $password = eregi_replace("`", "", $password); with $email = eregi_replace(strip_tags($_POST['email'])); $password = eregi_replace(strip_tags($_POST['password'])); now i'm getting a login failed and i'm not quite sure how to write the script to echo $result, please help... Thanks I really appreciate it Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-891429 Share on other sites More sharing options...
alex3 Posted August 5, 2009 Share Posted August 5, 2009 First of all I'd try removing the enctype attribute from your form. I only use that attribute on upload forms. Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-891459 Share on other sites More sharing options...
offdarip Posted August 5, 2009 Author Share Posted August 5, 2009 ok, I took that off.. still login failed Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-891468 Share on other sites More sharing options...
alex3 Posted August 6, 2009 Share Posted August 6, 2009 I've got the script working fine locally. I've commented it, make sure you compare it with yours so you know what's been changed. The glaring mistake I saw was that you referenced an email row in your SQL statement, but you don't say in your post that your DB actually has an email row, so your trying to compare a value against a row that isn't there. Login page <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login to your profile</title> <script type="text/javascript"> <!-- Form Validation --> function validate_form() { valid = true; if ( document.logform.email.value == "" ) { alert ( "Please enter your Email Address" ); valid = false; } if ( document.logform.pass.value == "" ) { alert ( "Please enter your password" ); valid = false; } return valid; } <!-- Form Validation --> </script> <style type="text/css"> <!-- .bodytext { color: #6F0; } .pgset { background-color: #000; } body { background-color: #000; } --> </style> </head> <body> <div align="center"> <h3> <span class="bodytext"> <br /><br /><br />Log in to your account here<br /> </span> </h3> </div> <table align="center" cellpadding="5"> <form action="login-exec.php" method="post" id="logform" onsubmit="return validate_form();"> <tr> <td class="bodytext"> <div align="right">Email Address:</div> </td> <td> <input name="email" type="text" id="email" size="30" maxlength="64" /> </td> </tr> <tr> <td class="bodytext"> <div align="right">Password:</div> </td> <td> <input name="password" type="password" id="password" size="30" maxlength="24" /> </td> </tr> <tr> <td class="bodytext">Remember me <input type="checkbox" name="remember" id="remember" value="yes" /> </td> <td> <input name="Submit" type="submit" value="Login" /> </td> </tr> </form> </table> </body> </html> Processing page: <?php //Start session session_start(); $remember = $_POST['remember']; // Added for the remember me feature // Make the posted variable SQL safe $email = eregi_replace("`", "", mysql_real_escape_string(strip_tags($_POST['email']))); $password = md5(eregi_replace("`", "", mysql_real_escape_string(strip_tags($_POST['password'])))); // Create query. !! You need to rename your 'username' column in your database to 'email' !! $qry = "SELECT * FROM members WHERE email='$email' AND password='$password' AND email_activated='1'"; // Run query $result = mysql_query($qry); //Check whether the query was successful or not if($result) { // If one row was returned (if there was a match) if(mysql_num_rows($result) == 1) { // Login Successful // Get a new session ID session_regenerate_id(); // Get the row as an array $member = mysql_fetch_assoc($result); // Create session variables $_SESSION['ID'] = $member['id']; $_SESSION['EMAIL'] = $member['email']; $_SESSION['FULLNAME'] = $member['fullname']; // Stop writing to the session session_write_close(); // Create a variable for the member ID, you can't include $member['id'] in the SQL statement $id = $member['id']; // Update the table with the current time mysql_query("UPDATE members SET last_log_date=NOW() WHERE id='$id'"); // Remember Me Section Addition... if member has chosen to be remembered in the system if($remember == "yes") { setcookie("idCookie", $id, time()+60*24*60*60, "/"); setcookie("usernameCookie", $username, time()+60*24*60*60, "/"); setcookie("emailCookie", $email, time()+60*24*60*60, "/"); setcookie("passwordCookie", $password, time()+60*24*60*60, "/"); } // Redirect to the members only page header("location: member-index.php"); exit(); } else { // Login failed, redirect back to the login page header("location: login.html"); exit(); } } else { die("Query failed"); } Member's only page (authentication): <?php //Start session session_start(); //Check whether the session variable SESS_ID is present or not if(!isset($_SESSION['FULLNAME'])) { header("location: login.html"); exit(); } ?> Log out page: <?php session_start(); session_destroy(); header('Location: login.html'); Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-892286 Share on other sites More sharing options...
offdarip Posted August 10, 2009 Author Share Posted August 10, 2009 Sorry, I haven't logged in, in a few days... Thanks for your help and research.. now i'm getting Query failed the only change i made to your script was adding the include for my connecting to mysql.. did i do something wrong? Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-894900 Share on other sites More sharing options...
offdarip Posted August 10, 2009 Author Share Posted August 10, 2009 I figured it out.. i had to change the database names back to myMembers... Thank you soooo much!!!!!!!! I've been trying to figure this out forever literally... Thanks again Link to comment https://forums.phpfreaks.com/topic/168675-account-authentication-not-working/#findComment-894911 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.