Jump to content

Authentication error


paddyhaig

Recommended Posts

I am receiving an error see below (This script used to work on the system I had before this one) I am grateful of any help that I might get.

 

Here is the error that I am receiving, this used to work fine on another system!

 

"Notice: Undefined variable: submit in C:\wamp\www\concierge\scripts\authenticate\auth.php  on line 7"

 

The are 2 scripts being used, one is an authentication input interface. index.php

 

And the other is the authentication processing script. auth.php

 

 

See scripts below:

 

------------------------------------------------------------------------------------------

index.php:

------------------------------------------------------------------------------------------

<html>

 

<head>

<meta http-equiv="Content-Language" content="en-us">

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<title>Concierge</title>

 

<!--

@import url(layout/style.css);

-->

 

 

<style type="text/css">

<!--

body,td,th {

color: #283A86;

}

-->

</style></head>

<body>

 

<form method="POST" action="scripts/authenticate/auth.php">

 

<p> </p>

<p> </p>

  <div align="center"> <center>

    <table border="0" cellpadding="0" cellspacing="0" bgcolor="#283A86">

      <tr>

        <td align="center"><img border="0" src="graphics/framing/ltc.gif" width="91" height="91"></td>

        <td align="center"><img border="0" src="graphics/framing/top_whole.gif" width="200" height="91"></td>

        <td align="center"><img border="0" src="graphics/framing/rtc.gif" width="91" height="91"></td>

      </tr>

      <tr>

        <td align="center"><img border="0" src="graphics/framing/left_whole.gif" width="91" height="171"></td>

        <td align="center"> <table border="0" cellpadding="0" cellspacing="0" height="62" bgcolor="#283A86">

            <tr>

              <td align="center" height="25"> <p align="center"><font color="#FFFFFF"><b>User</b></font></p></td>

              <td align="center" height="25"><input type="text" name="login" size="14"></td>

            </tr>

            <tr>

              <td align="center" height="12">_________</td>

              <td align="center" height="12"> </td>

            </tr>

            <tr>

              <td align="left" height="13"><font color="#FFFFFF"><b> Password

                </b></font> </td>

              <td align="center" height="13"><input type="password" name="password" size="14"></td>

            </tr>

            <tr>

              <td align="center" height="6" colspan="2">  </td>

            </tr>

            <tr>

              <td align="center" height="6">  </td>

              <td align="center" height="6"> <p align="left">

                  <input type="submit" value="Login" name="submit">

              </td>

            </tr>

          </table></td>

        <center>

          <td align="center"><img border="0" src="graphics/framing/right_whole.gif" width="91" height="171"></td>

        </center>

      </tr>

      <tr>

        <td align="center"><img border="0" src="graphics/framing/blc.gif" width="91" height="91"></td>

        <td align="center"><img border="0" src="graphics/framing/bottom_whole.gif" width="200" height="91"></td>

        <td align="center"><img border="0" src="graphics/framing/brc.gif" width="91" height="91"></td>

      </tr>

    </table>

    </center> </div>

 

</form>

<div align="center">

  <center>

  <table border="0" cellpadding="0" cellspacing="0">

    <tr>

      <td align="center"><font color="#808080" size="2">Concierge System </font></td>

    </tr>

    <tr>

      <td align="center"><font color="#808080" size="2">Powered by</font></td>

    </tr>

    <tr>

      <td align="center"><a href="http://www.onina.net" target="_blank"><font size="2" color="#0000FF">Onina</font></a></td>

    </tr>

  </table>

  </center>

</div>

<p align="center"> </p>

 

 

</body>

 

</html>

 

------------------------------------------------------------------------------------------

auth.php

------------------------------------------------------------------------------------------

<?php

 

/* Seems to be a problem right here, it looks like I am trying to submit an undefined variable that does not exist but it does, as it should be being passed from the index,php form.

*/

 

////////////////

if ($submit)

///////////////

 

{$db = mysql_connect("localhost", "example", "example");

    mysql_select_db("concierge", $db);

 

 

    $sql = "

SELECT privilage

FROM auth

WHERE login = '$login'

AND password = '$password'

";

 

    $result = mysql_query($sql);

    while ($row = mysql_fetch_array($result)) {

        $privilage = $row["privilage"];

    }

   

    if (!mysql_num_rows($result)) {

        header("Location: ../../index.php");

       

        // if the information doesn't match, i.e. returns

        // no records, then they shouldn't be there.

       

    } else {

        setcookie('username', $_POST['username'], (time()-2592000), '/', '', 0);

        setcookie('privilage', $_POST['privilage'], (time()-2592000), '/', '', 0);

    }

 

 

// Receptionist level

 

    if ($privilage == "receptionist") {

    header("Location: ../../employees/receptionist/index2.htm");

 

 

// Managers level

 

  } elseif ($privilage == "manager") {

    header("Location: ../../employees/managers/index1.htm");

 

 

// Administrator level

     

  } elseif ($privilage == "administrator") {

    header("Location: ../../admin/index.php");

 

    }

   

    // for each access level, the level is displayed

    // as well as the link to the next.php script.

    // For expansion, the access level displayed could

    // also be stored in a database for dynamic retrieval.

   

   

} else {

   

    // if they haven't submitted their username and

    // password, then the original form is displayed

   

?>

 

 

<?php

 

 

 

}

 

?>

 

 

 

 

 

Link to comment
Share on other sites

That's handy to know! But it doesn't fix my authentication script situation any. I am running the script on my Windows laptop via WAMPserver. The shouldn't be a problem, as I am running a number of other authentication based web apps on the same setup with out issue. If any one can look over the script and tell me if they see any issues, I would be grateful.  If it's not the script, I will look else where.

Link to comment
Share on other sites

clearly the system you have now has full error reporting on now. You can disable it by putting

error_reporting(E_ALL ^ E_NOTICE);

at the top of your php scripts (after the <?php on a new line)

 

How about just solving the error instead of excluding it?

 

$submit = $_POST['submit'];

/////////////////

if ($submit) {

/////////////////

 

@paddyhaig:

 

don't rely on register_globals

 

setcookie('username', $_POST['username'], (time()-2592000), '/', '', 0);

setcookie('privilage', $_POST['privilage'], (time()-2592000), '/', '', 0);

 

This is not a good idea, use session's instead.

 

Your error_reporting should be set to error_reporting(E_ALL); and ini_set('display_errors', 'Off'); These should be set in your php.ini for your production and development server (development server display_errors = On)

Link to comment
Share on other sites

I originally wrote this script 7 years ago and haven't been near php since, it worked then on both my Windows box running a WAMP kit and also on my Linux server. I am wondering if it has something to do with php being updated?

Link to comment
Share on other sites

Ok, I tried 'if( isset($_POST['submit']) ) ' and I am no longer getting the error! I am still not logging in as yet, but that could be something else. Yikes!!!

 

[08-May-2010 16:53:12] PHP Notice:  Undefined variable: login in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 19

 

[08-May-2010 16:53:12] PHP Notice:  Undefined variable: password in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 20

 

[08-May-2010 16:53:12] PHP Notice:  Undefined variable: privilage in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 41

 

[08-May-2010 16:53:12] PHP Notice:  Undefined variable: privilage in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 47

 

[08-May-2010 16:53:12] PHP Notice:  Undefined variable: privilage in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 53

 

Why did it work before and now it does not??? I am not kidding ya, it worked just fine.

God need's to do more than just listen!

Link to comment
Share on other sites

I'm pretty sure it worked (with register_globals = On) That's why you can't rely on it, if it's off your @#!$ed

 

Here I rewrote your script:

 

if (isset($_POST['submit'])) {
  $db = mysql_connect('localhost', 'example', 'example');
  mysql_select_db('concierge', $db);
  
  $login = mysql_real_escape_string($_POST['login'], $db);
  $password = mysql_real_escape_string($_POST['password'], $db);
  
  $query = "SELECT privilage FROM auth WHERE login = '$login' AND password = '$password'";
  $result = mysql_query($query, $db);
  if (0 === mysql_num_rows($result)) {
    header('Location: ../../index.php');
    exit(0);
  }
  
  $row = mysql_fetch_assoc($result);
  $privilage = $row['privilage'];
  
  session_start();
  $_SESSION['username'] = $login;
  $_SESSION['privilage'] = $privilage;
  
  if ('receptionist' === $privilage) {
    header('Location: ../../employees/receptionist/index2.htm');
    exit(0);
  }

  if ('manager' === $privilage) {
    header('Location: ../../employees/managers/index1.htm');
    exit(0);
  }

  if ('administrator' === $privilage) {
    header('Location: ../../admin/index.php');
    exit(0);
  }
}

Link to comment
Share on other sites

So I turned on register_globals = On Just to see what would happena and got all this stuff in my php_log

 

[08-May-2010 17:12:15] PHP Notice:  Undefined variable: login in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 19

 

[08-May-2010 17:12:15] PHP Notice:  Undefined variable: password in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 20

 

[08-May-2010 17:12:15] PHP Notice:  Undefined variable: privilage in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 41

 

[08-May-2010 17:12:15] PHP Notice:  Undefined variable: privilage in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 47

 

[08-May-2010 17:12:15] PHP Notice:  Undefined variable: privilage in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 53

Link to comment
Share on other sites

ignace, apart from putting a <?php at the begging and a ?> at the end of the script. I have to say that you got yourself a believer. Thank you, thank you, thank you, I guess I don't have to say it now works!  :D

Link to comment
Share on other sites

I uploaded it to my Linux server and:

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home1/oninacom/public_html/concierge/scripts/authenticate/auth.php  on line 12

 

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home1/oninacom/public_html/concierge/scripts/authenticate/auth.php on line 17

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home1/oninacom/public_html/concierge/scripts/authenticate/auth.php:12) in /home1/oninacom/public_html/concierge/scripts/authenticate/auth.php on line 20

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home1/oninacom/public_html/concierge/scripts/authenticate/auth.php:12) in /home1/oninacom/public_html/concierge/scripts/authenticate/auth.php on line 20

Link to comment
Share on other sites

Put an "or die" clause after every MySQL function call. Something like this:

<?php
if (isset($_POST['submit'])) {
  $db = mysql_connect('localhost', 'example', 'example') or die("Couldn't connect to the database<br>" . mysql_error());
  mysql_select_db('concierge', $db) or die("Couldn't select<br>" . mysql_error());
  
  $login = mysql_real_escape_string($_POST['login'], $db);
  $password = mysql_real_escape_string($_POST['password'], $db);
  
  $query = "SELECT privilage FROM auth WHERE login = '$login' AND password = '$password'";
  $result = mysql_query($query, $db) or die("Problem with the query: $query<br>" . mysql_error());
  if (0 === mysql_num_rows($result)) {
    header('Location: ../../index.php');
    exit(0);
  }
  
  $row = mysql_fetch_assoc($result);
  $privilage = $row['privilage'];
  
  session_start();
  $_SESSION['username'] = $login;
  $_SESSION['privilage'] = $privilage;
  
  if ('receptionist' === $privilage) {
    header('Location: ../../employees/receptionist/index2.htm');
    exit(0);
  }

  if ('manager' === $privilage) {
    header('Location: ../../employees/managers/index1.htm');
    exit(0);
  }

  if ('administrator' === $privilage) {
    header('Location: ../../admin/index.php');
    exit(0);
  }
}
?>

 

One of these should throw an error and from there you should be able to determine what's wrong.

 

Ken

Link to comment
Share on other sites

Dude!!! That did it, it exposed the fact that my databases names are changed automatically by my hosting provider. I didn't take this into account when I uploaded my scripts. Thank you so very much.

As it is, I have a number of CSS issues that I would also like to fix. I suppose this is the wrong place. But If anyone knows where I can get help regarding CSS I would be so very grateful of their suggestions.

Link to comment
Share on other sites

I done it again, I wanted to use a graphic instead of a normal form submit button, and I also wanted to add an additional 'Account' field to the form. The Account field is not actually being processed on the back end as of yet. Is it possible to get this script working and logging in despite the additional field?

 

<html>

<head>

    <meta http-equiv="Content-Language" content="en-us">

    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

    <title>Concierge Login</title>

    <style type="text/css">

       

#blue-box {

      position: relative;

      width: 384px;

      height: 357px;

      margin: 0 auto;

      background-image: url(graphics/small_backdrop.jpg);

      color: #FFF;

      font-family: Helvetica, Arial, Verdana, sans-serif;

        }

       

form {

position: absolute;

top: 143px;

left: 182px;

margin-top: -55px;

margin-left: -65px;

width: 145px;

height: 149px;

        }

       

form label {

            font-weight: bold;

        }

 

    </style>

 

    <!--[if IE]><style type="text/css">body { text-align: center; } #blue-box { text-align: left; }</style><![endif]-->

 

</head>

 

<body onLoad="document.getElementById('account').focus()"><div id="blue-box">

 

    <form action="scripts/authenticate/auth.php" method="POST">

   

        <div>

            <label for="username">Account:</label>

            <input type="text" id="account" name="account">

        </div>

       

        <div>

            <label for="username">Username:</label>

            <input type="text" id="username" name="username">

        </div>

       

        <div>

            <label for="password">Password:</label>

            <input type="password" id="password" name="password">

        </div>

  <p>

      <input type="image" src="graphics/general/login_button.jpg" onClick="document.submit();> 

      <p><img src="graphics/general/login_button.jpg" width="150" height="28" alt="login">

  </p>

</p></form>

  </div>

 

<div style="text-align:center">Concierge system powered by <a href="http://www.">Oninka</a><a href="#"></a></div>

</body>

</html>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.