graham23s Posted January 19, 2010 Share Posted January 19, 2010 Hi Guys, Something seems to be up with my login script, once the credentials are put in it doesn't seem to goto the protected page which is: account.php code: <?php ob_start(); session_start(); include("inc/inc-dbconnection.php"); include("inc/inc-online.php"); include("inc/inc-functions.php"); include("inc/inc-header.php"); ?> <div class="fcp-main-content-area"> <div class="fcp-breadcrumb"> <ul> <li><a href="index.php">Home</a></li> >> <li><a href="javascript:history.go(-1)">Previous Page</a></li> >> <li>Login in to your account.</li> </ul> </div> <div id="div-regForm"> <div class="form-title">Log In</div> <div class="form-sub-title">Login & see your points score!</div> <form id="regForm" action="login.php" method="post"> <table> <tbody> <tr> <td><label for="fname">Email:</label></td> <td><div class="input-container"><input name="user" id="user" type="text" /></div></td> </tr> <tr> <td><label for="lname">Password:</label></td> <td><div class="input-container"><input name="pass" id="pass" type="text" /></div></td> </tr> <tr> <td> </td> <td><input type="submit" class="greenButton" name="submitLogin" value="Sign Up" /> </td> </tr> </tbody> </table> </form> <?php if (isset($_POST['submitLogin'])) { $user = $_POST['user']; $pass = $_POST['pass']; $errors = array(); // Potential errors // Empty fields if (empty($user) || empty($pass)) { $errors[] = "You never filled in all the fields above."; } // Does user exist? $qU = "SELECT * FROM `fso_users` WHERE `user_name`='$user' AND `user_password`='$pass' LIMIT 1"; $rU = mysql_query($qU); if (mysql_num_rows($rU) < 1) { $errors[] = "Those login details are in-correct."; } // Count the errors if (count($errors > 0)) { foreach($errors as $error) { print "<div id=\"error\">$error</div>\n"; } } else { // Update the login timer and redirect $timer = mysql_query("UPDATE `fso_users` SET `user_last_login`=NOW() WHERE `user_name`='$user' AND `user_password`='$pass'"); // Array() $aU = mysql_fetch_array($rU); // Credentials $_SESSION['logged_in'] = 1; $_SESSION['user_id'] = $aU['user_id']; // Lastly redirect to the account page header("Location: account.php"); ob_clean(); } } // End main isset ?> </div> <?php include("inc/inc-footer.php"); ?> I have something similar on another site and that seems to work i can't figure it out any help would be appreciated cheers Graham Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted January 19, 2010 Share Posted January 19, 2010 Your logic is backwards. Always put form processing before displaying the form. Quote Link to comment Share on other sites More sharing options...
graham23s Posted January 19, 2010 Author Share Posted January 19, 2010 Hi Mate, ah ok, i'll use that as a rule of thumb for all forms i moved the PHP code to the top but this else code doesn't seem to be executed: } else { // Update the login timer and redirect $timer = mysql_query("UPDATE `fso_users` SET `user_last_login`=NOW() WHERE `user_name`='$user' AND `user_password`='$pass'"); the credentials are definately correct i can't see what's wrong. cheers mate Graham Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted January 19, 2010 Share Posted January 19, 2010 Try taking out the ` marks. Quote Link to comment Share on other sites More sharing options...
graham23s Posted January 19, 2010 Author Share Posted January 19, 2010 Hi Mate, Still never worked, the thing is if i do this: <?php ob_start(); session_start(); include("inc/inc-dbconnection.php"); include("inc/inc-online.php"); include("inc/inc-functions.php"); include("inc/inc-header.php"); ?> <div class="fcp-main-content-area"> <div class="fcp-breadcrumb"> <ul> <li><a href="index.php">Home</a></li> >> <li><a href="javascript:history.go(-1)">Previous Page</a></li> >> <li>Login in to your account.</li> </ul> </div> <?php if (isset($_POST['submitLogin'])) { // POST vars $user = $_POST['user']; $pass = $_POST['pass']; // Errors array() $errors = array(); // Potential errors // Empty fields if (empty($user) || empty($pass)) { $errors[] = "You never filled in all the fields above."; } // Does user exist? $qU = "SELECT * FROM `fso_users` WHERE `user_email`='$user' AND `user_password`='$pass' LIMIT 1"; $rU = mysql_query($qU); if (mysql_num_rows($rU) < 1) { $errors[] = "We don't recognise those login details, have you typed them correctly?"; } // Count the errors and display if (count($errors > 0)) { print "<div id=\"error\">"; foreach($errors as $error) { print "<b>></b> $error<br />"; } print "</div>"; } // Update the login timer and redirect $timer = mysql_query("UPDATE `fso_users` SET `user_last_login`=NOW() WHERE `user_email`='$user' AND `user_password`='$pass'"); // Array() $aU = mysql_fetch_array($rU); // $_SESSION['']; $_SESSION['loggedIn'] = 1; $_SESSION['user_id'] = $aU['user_id']; // Lastly redirect to the account page header("Location: account.php"); ob_clean(); } ?> <div id="div-regForm"> <div class="form-title">Log In</div> <div class="form-sub-title">Login & see your points score!</div> <form id="regForm" action="login.php" method="post"> <table> <tbody> <tr> <td><label for="fname">Email:</label></td> <td><div class="input-container"><input name="user" id="user" type="text" /></div></td> </tr> <tr> <td><label for="lname">Password:</label></td> <td><div class="input-container"><input name="pass" id="pass" type="text" /></div></td> </tr> <tr> <td> </td> <td><input type="submit" class="greenButton" name="submitLogin" value="Login" /> </td> </tr> </tbody> </table> </form> </div> <?php include("inc/inc-footer.php"); ?> The way it is above i can type anything in or even just hit the submit it logs in normally and even displays the proper data on the account page: <?php include("inc/inc-sessions-user.php"); include("inc/inc-dbconnection.php"); include("inc/inc-online.php"); include("inc/inc-functions.php"); include("inc/inc-header.php"); include("inc/inc-arrays.php"); ?> <div class="fcp-main-content-area"> <div class="fcp-breadcrumb"> <ul> <li><a href="index.php">Home</a></li> >> <li><a href="javascript:history.go(-1)">Previous Page</a></li> >> <li>My account - [<a href="logout.php">Logout</a>]</li> </ul> </div> <?php print $_SESSION['loggedIn'] . " + " . $_SESSION['user_id']; ?> <?php include("inc/inc-footer.php"); ?> I'm thinking it must be an error with my if/else code somewhere. cheers mate Graham Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted January 19, 2010 Share Posted January 19, 2010 Try: <?php session_start(); include("inc/inc-dbconnection.php"); include("inc/inc-online.php"); include("inc/inc-functions.php"); if (isset($_POST['submitLogin'])) { // POST vars $user = $_POST['user']; $pass = $_POST['pass']; // Errors array() $errors = array(); $errMsg = ''; // Potential errors // Empty fields if (empty($user) || empty($pass)) { $errors[] = "You never filled in all the fields below."; } // Does user exist? $qU = "SELECT * FROM fso_users WHERE user_email = '$user' AND user_password = '$pass' LIMIT 1"; $rU = mysql_query($qU); if (mysql_num_rows($rU) < 1) { $errors[] = "We don't recognise those login details, have you typed them correctly?"; } // Count the errors and display if (count($errors) > 0) { errMsg .= '<div id="error">'; foreach($errors as $error) { errMsg .= "<b>$error</b><br />"; } errMsg .= "</div>"; } else { // Update the login timer and redirect $timer = mysql_query("UPDATE fso_users SET user_last_login = NOW() WHERE user_email = '$user' AND user_password = '$pass'"); // Array() $aU = mysql_fetch_assoc($rU); // $_SESSION['']; $_SESSION['loggedIn'] = 1; $_SESSION['user_id'] = $aU['user_id']; // Lastly redirect to the account page header("Location: account.php"); } } ?> <?php include("inc/inc-header.php"); ?> <div class="fcp-main-content-area"> <?php if ($errMsg != '') { echo $errMsg; } ?> <div class="fcp-breadcrumb"> <ul> <li><a href="index.php">Home</a></li> >> <li><a href="javascript:history.go(-1)">Previous Page</a></li> >> <li>Login in to your account.</li> </ul> </div> <div id="div-regForm"> <div class="form-title">Log In</div> <div class="form-sub-title">Login & see your points score!</div> <form id="regForm" action="login.php" method="post"> <table> <tbody> <tr> <td><label for="fname">Email:</label></td> <td><div class="input-container"><input name="user" id="user" type="text" /></div></td> </tr> <tr> <td><label for="lname">Password:</label></td> <td><div class="input-container"><input name="pass" id="pass" type="text" /></div></td> </tr> <tr> <td> </td> <td><input type="submit" class="greenButton" name="submitLogin" value="Login" /> </td> </tr> </tbody> </table> </form> </div> <?php include("inc/inc-footer.php"); ?> To reiterate - the consensus on what proper PHP structure is has form processing happening before form display. It's done this way due to the nature of the HTTP request cycle and the fact that PHP is essentially a fire-once language. Once a script is run, nothing else is happening in the background. It also helps remove those pesky "Headers already sent" errors, makes it easier to edit/maintain scripts, and is a smart way to structure code regardless as it separates concerns. This code isn't tested, but it should give you a better idea of the approach to take, while hopefully fixing the errors you have. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.