Jump to content

Account Authentication not working


offdarip

Recommended Posts

When I attempt to login, none of the user pages recognize that i am logged in. I am getting the Access Denied Error from the auth.php...Please Help  This is the login page login.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login to your profile</title>
<script type="text/javascript">
<!-- Form Validation -->
function validate_form ( ) { 
valid = true; 
if ( document.logform.email.value == "" ) { 
alert ( "Please enter your Email Address" ); 
valid = false;
}
if ( document.logform.pass.value == "" ) { 
alert ( "Please enter your password" ); 
valid = false;
}
return valid;
}
<!-- Form Validation -->
</script>
<style type="text/css">
<!--
.bodytext {
color: #6F0;
}
.pgset {
background-color: #000;
}
body {
background-color: #000;
}
-->
</style>
</head>
<body>
<div align="center">
<h3><span class="bodytext"><br />
<br />
Log in to your account here</span><br /> 
<br />
</h3>
</div>
<table align="center" cellpadding="5">
<form action="login-exec.php" method="post" enctype="multipart/form-data" name="logform" id="logform" onsubmit="return validate_form ( );">
<tr>
<td class="bodytext"><div align="right">Email Address:</div></td>
<td><input name="email" type="text" id="email" size="30" maxlength="64" /></td>
</tr> 
<tr>
<td class="bodytext"><div align="right">Password:</div></td>
<td><input name="password" type="password" id="password" size="30" maxlength="24" /></td>
</tr>
<tr>
<td class="bodytext">Remember me
  <label>
    <input type="checkbox" name="remember" id="remember" value="yes" />
  </label></td>
<td><input name="Submit" type="submit" value="Login" /></td>
</tr>
</form>
</table>
</body>
</html>

Login Execution page login-exec.php

<?php

//Start session
session_start();
include_once "connect_to_mysql.php";

$remember = $_POST['remember']; // Added for the remember me feature

$email = strip_tags($email);
$password = strip_tags($password);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
$email = eregi_replace("`", "", $email);
$password = eregi_replace("`", "", $password);



//Create query
$qry="SELECT * FROM myMembers WHERE email='$email' AND password='".md5($_POST['password'])."' AND email_activated='1'";
$result=mysql_query($qry);

//Check whether the query was successful or not
if($result) {
	if(mysql_num_rows($result) == 1) {
		//Login Successful
		session_regenerate_id();
		$member = mysql_fetch_assoc($result);
		$_SESSION['ID'] = $member['id'];
		$_SESSION['EMAIL'] = $member['email'];
		$_SESSION['FULLNAME'] = $member['fullname'];
		$_SESSION['USERNAME'] = $member['username'];
		session_write_close();
		header("location: member-index.php");

         
        mysql_query("UPDATE myMembers SET last_log_date=now() WHERE id='$id'");  

// Remember Me Section Addition... if member has chosen to be remembered in the system
    if($remember == "yes"){
      setcookie("idCookie", $id, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
      setcookie("usernameCookie", $username, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
      setcookie("emailCookie", $email, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
      setcookie("passwordCookie", $password, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
    }	

		exit();
	}else {
		//Login failed
		header("location: login-failed.php");
		exit();
	}
}else {
	die("Query failed");
}
?>

 

member page member-index.php

<?php
require_once('auth.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Member Index</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
</head>
<body>
<h1>Welcome <?php echo $_SESSION['FULLNAME'];?></h1>
<a href="member-profile.php">My Profile</a> | <a href="logout.php">Logout</a>
<p>This is a password protected area only accessible to members. </p>
</body>
</html>

 

auth.php

<?php
//Start session
session_start();

//Check whether the session variable SESS_ID is present or not
if(!isset($_SESSION['ID']) || (trim($_SESSION['ID']) == '')) {
	header("location: access-denied.php");
	exit();
}
?>

 

These are my SQL Tables names

id

username

fullname

password

last_log_date

email_activated

Please help.. Thanks in advance

Link to comment
Share on other sites

and I know it's connecting to the database because i have a last log in row that that php form is updating... please please help me get the sessions working

well try to echo ID session in member-index.php before the included auth.php file and see if you can get session value.

Link to comment
Share on other sites

and I know it's connecting to the database because i have a last log in row that that php form is updating... please please help me get the sessions working

Actually, I thought it was updating but its not now..

check if session is set in login-exec.php,

echo session instead of redirecting to members page and see.

Link to comment
Share on other sites

On this section of your code:

 

$email = strip_tags($email);
$password = strip_tags($password);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
$email = eregi_replace("`", "", $email);
$password = eregi_replace("`", "", $password);

 

I can't see where you're actually giving $email it's proper value, you're stripping it right away. Surely

 

$email = eregi_replace(strip_tags($_POST['email']));

 

Would be better? It's just that I can't see where you're using the POSTed variables, apart from hashing the password. Echo your $result variable to check you're connecting to your DB. With out using the POSTed values, I'd guess you won't find an entry because $email will be blank.

Link to comment
Share on other sites

i replaced

$email = strip_tags($email);
$password = strip_tags($password);
$email = mysql_real_escape_string($email);
$password = mysql_real_escape_string($password);
$email = eregi_replace("`", "", $email);
$password = eregi_replace("`", "", $password);

 

with

$email = eregi_replace(strip_tags($_POST['email']));
$password = eregi_replace(strip_tags($_POST['password']));

 

now i'm getting a login failed

 

and i'm not quite sure how to write the script to echo $result, please help... Thanks I really appreciate it

Link to comment
Share on other sites

I've got the script working fine locally. I've commented it, make sure you compare it with yours so you know what's been changed. The glaring mistake I saw was that you referenced an email row in your SQL statement, but you don't say in your post that your DB actually has an email row, so your trying to compare a value against a row that isn't there.

 

Login page

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login to your profile</title>
<script type="text/javascript">
<!-- Form Validation -->
function validate_form() { 
valid = true; 
if ( document.logform.email.value == "" ) { 
	alert ( "Please enter your Email Address" ); 
	valid = false;
}
if ( document.logform.pass.value == "" ) { 
	alert ( "Please enter your password" ); 
	valid = false;
}
return valid;
}
<!-- Form Validation -->
</script>
<style type="text/css">
<!--
.bodytext {
color: #6F0;
}
.pgset {
background-color: #000;
}
body {
background-color: #000;
}
-->
</style>
</head>
<body>

<div align="center">
	<h3>
		<span class="bodytext">
			<br /><br /><br />Log in to your account here<br />
		</span>		
	</h3>
</div>

<table align="center" cellpadding="5">	
	<form action="login-exec.php" method="post" id="logform" onsubmit="return validate_form();">
		<tr>	
			<td class="bodytext">
				<div align="right">Email Address:</div>
			</td>
			<td>
				<input name="email" type="text" id="email" size="30" maxlength="64" />
			</td>
		</tr> 
		<tr>
			<td class="bodytext">
				<div align="right">Password:</div>
			</td>
			<td>
				<input name="password" type="password" id="password" size="30" maxlength="24" />
			</td>
		</tr>
		<tr>
			<td class="bodytext">Remember me
		    	<input type="checkbox" name="remember" id="remember" value="yes" />
			</td>
			<td>
				<input name="Submit" type="submit" value="Login" />
			</td>
		</tr>
	</form>		
</table>

</body>
</html>

 

Processing page:

<?php

//Start session
session_start();

$remember = $_POST['remember']; // Added for the remember me feature

// Make the posted variable SQL safe
$email = eregi_replace("`", "", mysql_real_escape_string(strip_tags($_POST['email'])));
$password = md5(eregi_replace("`", "", mysql_real_escape_string(strip_tags($_POST['password']))));

// Create query. !! You need to rename your 'username' column in your database to 'email' !!
$qry = "SELECT * FROM members WHERE email='$email' AND password='$password' AND email_activated='1'";
// Run query
$result = mysql_query($qry);

//Check whether the query was successful or not
if($result) {
	// If one row was returned (if there was a match)
	if(mysql_num_rows($result) == 1) {
		// Login Successful
		// Get a new session ID
		session_regenerate_id();
		// Get the row as an array
		$member = mysql_fetch_assoc($result);
		// Create session variables
		$_SESSION['ID'] = $member['id'];
		$_SESSION['EMAIL'] = $member['email'];
		$_SESSION['FULLNAME'] = $member['fullname'];
		// Stop writing to the session
		session_write_close();

		// Create a variable for the member ID, you can't include $member['id'] in the SQL statement
		$id = $member['id'];		

		// Update the table with the current time
		mysql_query("UPDATE members SET last_log_date=NOW() WHERE id='$id'"); 

		// Remember Me Section Addition... if member has chosen to be remembered in the system
	    if($remember == "yes") {
	      setcookie("idCookie", $id, time()+60*24*60*60, "/");
	      setcookie("usernameCookie", $username, time()+60*24*60*60, "/");
	      setcookie("emailCookie", $email, time()+60*24*60*60, "/");
	      setcookie("passwordCookie", $password, time()+60*24*60*60, "/");
	    }	

	// Redirect to the members only page
	header("location: member-index.php");

	exit(); } else {		
	// Login failed, redirect back to the login page
	header("location: login.html");
	exit(); }

} else {
	die("Query failed");
}

 

Member's only page (authentication):

<?php
//Start session
session_start();

//Check whether the session variable SESS_ID is present or not
if(!isset($_SESSION['FULLNAME'])) {
	header("location: login.html");
	exit();
}
?>

 

Log out page:

<?php

session_start();

session_destroy();

header('Location: login.html');

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.