lAZLf Posted December 13, 2009 Share Posted December 13, 2009 dbConfig.php <? // Replace the variable values below // with your specific database information. $host = "localhost"; $user = "username"; $pass = "password"; $db = "annarbo1_Archives"; // This part sets up the connection to the // database (so you don't need to reopen the connection // again on the same page). $ms = mysql_pconnect($host, $user, $pass); if ( !$ms ) { echo "Error connecting to database.\n"; } // Then you need to make sure the database you want // is selected. mysql_select_db($db); ?> login.php <?php // dBase file include "dbConfig.php"; session_start(); if ($_GET["op"] == "login") { if (!$_POST["username"] || !$_POST["password"]) { die("You need to provide a username and password."); } // Create query $q = "SELECT * FROM `people` " ."WHERE `username`='".$_POST["username"]."' " ."AND `password`=PASSWORD('".$_POST["password"]."') " ."LIMIT 1"; // Run query $r = mysql_query($q); if ( $obj = @mysql_fetch_object($r) ) { // Login good, create session variables $_SESSION["valid_user"] = $_POST["username"]; // Redirect to member page Header("Location: index.php"); } else { // Login not successful die("Sorry, could not log you in. Wrong login information."); } } ?> when I run this online i get this error: "Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home4/annarbo1/public_html/login.php:2) in /home4/annarbo1/public_html/login.php on line 4" I have yet to figure out what's wrong Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/ Share on other sites More sharing options...
teamatomic Posted December 13, 2009 Share Posted December 13, 2009 start your session above the include. HTH Teamatomic Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-976558 Share on other sites More sharing options...
lAZLf Posted December 13, 2009 Author Share Posted December 13, 2009 Thanks, I don't get that error anymore, but even when I enter in the correct name and password I can't get in. I changed a the code a bit: <?php session_start(); // dBase file include "dbConfig.php"; // Create query $q = "SELECT * FROM `people` " ."WHERE `username`='".$_POST["username"]."' " ."AND `password`=PASSWORD('".$_POST["password"]."') " ."LIMIT 1"; // Run query $r = mysql_query($q); if ( $obj = @mysql_fetch_object($r)) { // Login good, create session variables $_SESSION["valid_user"] = $_POST["username"]; // Redirect to member page header ("location: index.php"); } else { // Login not successful die("Sorry, could not log you in. Wrong login information."); } ?> I'm gonna guess the problem is with the if statement (well, it always go to the else statement). What's wrong with it. (try to explain it if you can, i'm still learning about PHP) Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-976574 Share on other sites More sharing options...
mrMarcus Posted December 13, 2009 Share Posted December 13, 2009 change: $r = mysql_query($q); to: $r = mysql_query($q) or trigger_error (mysql_error()); see if errors come up. as well, echo your query: <?php // Create query $q = "SELECT * FROM `people` " ."WHERE `username`='".$_POST["username"]."' " ."AND `password`=PASSWORD('".$_POST["password"]."') " ."LIMIT 1"; echo '<pre>Query: '. $q .'</pre>'; // Run query $r = mysql_query($q) or trigger_error (mysql_error()); see if (when you echo the query), your username and password match from what's in the query to what's in the database. EDIT: i don't know much about the PASSWORD() function in mysql, but consider using MD5() instead. hash your password before inserting variable into query, and make sure that passwords in db are also hashed (hash them upon creation of the account(s)). Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-976581 Share on other sites More sharing options...
lAZLf Posted December 14, 2009 Author Share Posted December 14, 2009 I changed "login.php" again, and now i'm sure that the "if" statement isn't working right, I enter in the correct information and it always sais I didn't. Should I change something in the "if" statement? <?php session_start(); // dBase file include "dbConfig.php"; // Create query $q = "SELECT * FROM people WHERE username='".$_POST["username"]."' AND password = PASSWORD('".$_POST["password"]."')"; // Run query $r = mysql_query($q, $ms); $rowCheck = mysql_num_rows($r); if($rowCheck > 0){ while($row = mysql_fetch_array($r)){ // Login good, create session variables $_SESSION["valid_user"] = $_POST["username"]; // Redirect to member page header ("location: index.php"); } } else { //if nothing is returned by the query, unsuccessful login code goes here... echo 'Incorrect login name or password. Please try again.'; } ?> Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-976687 Share on other sites More sharing options...
mrMarcus Posted December 14, 2009 Share Posted December 14, 2009 did you try my suggestions? please give the results. and, are you aware that you are using mysql_pconnect to connect to your database? if so, understand that this opens a persistent connection to the db which is not terminated when the script has finished executing. this can lead to (upon heavy traffic), database connectivity issues by having too many open connections at any given time. if you were not aware of the difficulties that could ensue, consider using mysql_connect instead. now, add trigger_error() to your query: $r = mysql_query($q) or trigger_error (mysql_error()); and try echo'ing out $q to see if the query is what you think it is. do that first, and then we can move on from there. but i will not offer any more help until i know that information has been exercised. Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-976690 Share on other sites More sharing options...
Buddski Posted December 14, 2009 Share Posted December 14, 2009 Just having a stab in the dark here, forgive me if it sounds stupid, but are you being redirected or are you receiving your error message 'Incorrect login name or password. Please try again.' Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-976691 Share on other sites More sharing options...
lAZLf Posted December 14, 2009 Author Share Posted December 14, 2009 I'm receiving the actual message. If I was being redirected, it would be to the homepage where it checks if the session variable is stored and displays content accordingly. Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-976696 Share on other sites More sharing options...
Buddski Posted December 14, 2009 Share Posted December 14, 2009 Well in that case I would strongly suggest doing what MrMarcus has posted.. It will help you find any errors that could be springing up.. Let us know of the resulted output. Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-976698 Share on other sites More sharing options...
lAZLf Posted December 14, 2009 Author Share Posted December 14, 2009 Alright I did what mrMarcus said. I got back: "Incorrect login name or password. Please try again. Query: SELECT * FROM people WHERE username='username' AND password = PASSWORD('password')" It all matches up. Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-976707 Share on other sites More sharing options...
mrMarcus Posted December 14, 2009 Share Posted December 14, 2009 Alright I did what mrMarcus said. I got back: "Incorrect login name or password. Please try again. Query: SELECT * FROM people WHERE username='username' AND password = PASSWORD('password')" It all matches up. so, when you echo out the password, it's hashed in the db the same way as it is in the query? using PASSWORD()? Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-976714 Share on other sites More sharing options...
lAZLf Posted December 14, 2009 Author Share Posted December 14, 2009 What do you mean by hash? And how would I do it? Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-976718 Share on other sites More sharing options...
Buddski Posted December 14, 2009 Share Posted December 14, 2009 when he says 'hashed' he is talking about md5 encryption.. When you create a user is their password stored in the database as plain text or is it encrypted? Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-976753 Share on other sites More sharing options...
lAZLf Posted December 14, 2009 Author Share Posted December 14, 2009 I just figured out that meant using the sha1(); function. So yes, it's hashed. Now that i've hashed it, it works. Now I have a new problem, which is probably a newby mistake. When it goes back to the previous page via header location, I noticed that either the login.php page didn't set the session, or the index.php page didn't check for it properly. login.php: <?php session_start(); // dBase file include "dbConfig.php"; // Create query $q = "SELECT * FROM people WHERE username='".$_POST["username"]."' AND password = sha1('".$_POST["password"]."')"; // Run query $r = mysql_query($q,$ms) or trigger_error (mysql_error()); $rowCheck = mysql_num_rows($r); if($rowCheck > 0){ while($row = mysql_fetch_array($r)){ // Login good, create session variables $_SESSION["valid_user"] = $_POST["username"]; // Redirect to member page header ("location: index.php"); } } else { //if nothing is returned by the query, unsuccessful login code goes here... echo 'Incorrect login name or password. Please try again.'; } echo '<pre>Query: '. $q .'</pre>'; ?> index.php: <?php if (!$_SESSION['valid_user']) { echo' <form action="login.php" method="post"> <table cellspacing="0"> <tr><td><input type="text" name="username"width="300" value="username"/></td></tr> <tr><td><input type="password" name="password"width="300" value="password"/></td></tr> <tr><td><input type="submit" value="login"/></td></tr> </table> </form> '; } else { echo"Welcome".$_SESSION['valid_user']; } ?> Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-976769 Share on other sites More sharing options...
Buddski Posted December 14, 2009 Share Posted December 14, 2009 Do you have session_start(); at the top of your index page? Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-976770 Share on other sites More sharing options...
mrMarcus Posted December 14, 2009 Share Posted December 14, 2009 PASSWORD() was hashing the password going into the database. what i was asking you is when you look at the password in your database, is it plain text (joe blow), or is it hashed (asdf786sa87df678as6fd786asd87f6a87sfd6)? when you register an account, you must also hash the password going in, so when you go to login, the passwords will match: if i register an account on your site, and you're not hashing the password up registration and my password goes in as plain text (joe blow), and then when i try and login, you are now hashing the password i entered to login, and checking tmy plain-text password in the db against the hashed password i just entered in the login form, they will obviously not match, which will then tell me that i entered invalid information. register.php <?php //code... $password = md5 ($_POST['password']); //password from register form; //your insert query with a hashed $password going into `password` field. ?> login.php <?php //code... $username = $mysql_real_escape_string (_POST["username"]); $password = md5 ($_POST['password']); //password from login form; $q = "SELECT * FROM `people` WHERE `username` = '".$username."' AND `password` = '".$password."'"; ?> you get it? don't use the MySQL hashing functions, just do your hashing with PHP. Link to comment https://forums.phpfreaks.com/topic/184991-login-script-probably-a-simple-error/#findComment-977078 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.