Authentication error

paddyhaig · May 8, 2010

I am receiving an error see below (This script used to work on the system I had before this one) I am grateful of any help that I might get.

Here is the error that I am receiving, this used to work fine on another system!

"Notice: Undefined variable: submit in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 7"

The are 2 scripts being used, one is an authentication input interface. index.php

And the other is the authentication processing script. auth.php

See scripts below:

------------------------------------------------------------------------------------------

index.php:

------------------------------------------------------------------------------------------

<html>

<head>

<title>Concierge</title>

<!--

@import url(layout/style.css);

-->

<!--

body,td,th {

color: #283A86;

}

-->

</style></head>

<body>

<tr>

</tr>

<tr>

<tr>

</tr>

<tr>

</tr>

<tr>

<td align="left" height="13"><font color="#FFFFFF"><b> Password

</b></font> </td>

</tr>

<tr>

</tr>

<tr>

</td>

</tr>

</table></td>

</center>

</tr>

<tr>

</tr>

</table>

</center> </div>

</form>

<tr>

<td align="center"><font color="#808080" size="2">Concierge System </font></td>

</tr>

<tr>

<td align="center"><font color="#808080" size="2">Powered by</font></td>

</tr>

<tr>

<td align="center"><a href="http://www.onina.net" target="_blank"><font size="2" color="#0000FF">Onina</font></a></td>

</tr>

</table>

</center>

</div>

</body>

</html>

------------------------------------------------------------------------------------------

auth.php

------------------------------------------------------------------------------------------

<?php

/* Seems to be a problem right here, it looks like I am trying to submit an undefined variable that does not exist but it does, as it should be being passed from the index,php form.

*/

////////////////

if ($submit)

///////////////

{$db = mysql_connect("localhost", "example", "example");

mysql_select_db("concierge", $db);

$sql = "

SELECT privilage

FROM auth

WHERE login = '$login'

AND password = '$password'

";

$result = mysql_query($sql);

while ($row = mysql_fetch_array($result)) {

$privilage = $row["privilage"];

}

if (!mysql_num_rows($result)) {

header("Location: ../../index.php");

// if the information doesn't match, i.e. returns

// no records, then they shouldn't be there.

} else {

setcookie('username', $_POST['username'], (time()-2592000), '/', '', 0);

setcookie('privilage', $_POST['privilage'], (time()-2592000), '/', '', 0);

}

// Receptionist level

if ($privilage == "receptionist") {

header("Location: ../../employees/receptionist/index2.htm");

// Managers level

} elseif ($privilage == "manager") {

header("Location: ../../employees/managers/index1.htm");

// Administrator level

} elseif ($privilage == "administrator") {

header("Location: ../../admin/index.php");

}

// for each access level, the level is displayed

// as well as the link to the next.php script.

// For expansion, the access level displayed could

// also be stored in a database for dynamic retrieval.

} else {

// if they haven't submitted their username and

// password, then the original form is displayed

?>

<?php

}

?>

JAY6390 · May 8, 2010

clearly the system you have now has full error reporting on now. You can disable it by putting

error_reporting(E_ALL ^ E_NOTICE);

at the top of your php scripts (after the <?php on a new line)

paddyhaig · May 8, 2010

That's handy to know! But it doesn't fix my authentication script situation any. I am running the script on my Windows laptop via WAMPserver. The shouldn't be a problem, as I am running a number of other authentication based web apps on the same setup with out issue. If any one can look over the script and tell me if they see any issues, I would be grateful. If it's not the script, I will look else where.

ignace · May 8, 2010

clearly the system you have now has full error reporting on now. You can disable it by putting
error_reporting(E_ALL ^ E_NOTICE);
at the top of your php scripts (after the <?php on a new line)

How about just solving the error instead of excluding it?

$submit = $_POST['submit'];

/////////////////

if ($submit) {

/////////////////

@paddyhaig:

don't rely on register_globals

setcookie('username', $_POST['username'], (time()-2592000), '/', '', 0);

setcookie('privilage', $_POST['privilage'], (time()-2592000), '/', '', 0);

This is not a good idea, use session's instead.

Your error_reporting should be set to error_reporting(E_ALL); and ini_set('display_errors', 'Off'); These should be set in your php.ini for your production and development server (development server display_errors = On)

paddyhaig · May 8, 2010

I originally wrote this script 7 years ago and haven't been near php since, it worked then on both my Windows box running a WAMP kit and also on my Linux server. I am wondering if it has something to do with php being updated?

Pikachu2000 · May 8, 2010

Try if( isset($_POST['submit']) ) instead.

ignace · May 8, 2010

I am wondering if it has something to do with php being updated?

No, ever since you quit PHP it's development halted. Wishing for your return.

paddyhaig · May 8, 2010

Thank you 'Ignace', I am not to hot at php programming. Some of the stuff, like changing the php.ini file I can do, The other suggestions you made will take me a while to figure out.

paddyhaig · May 8, 2010

Ok, I tried 'if( isset($_POST['submit']) ) ' and I am no longer getting the error! I am still not logging in as yet, but that could be something else. Yikes!!!

[08-May-2010 16:53:12] PHP Notice: Undefined variable: login in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 19

[08-May-2010 16:53:12] PHP Notice: Undefined variable: password in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 20

[08-May-2010 16:53:12] PHP Notice: Undefined variable: privilage in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 41

[08-May-2010 16:53:12] PHP Notice: Undefined variable: privilage in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 47

[08-May-2010 16:53:12] PHP Notice: Undefined variable: privilage in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 53

Why did it work before and now it does not??? I am not kidding ya, it worked just fine.

God need's to do more than just listen!

paddyhaig · May 8, 2010

register_globals is turned off in the php.ini

How would I use session's instead?

ignace · May 8, 2010

I'm pretty sure it worked (with register_globals = On) That's why you can't rely on it, if it's off your @#!$ed

Here I rewrote your script:

if (isset($_POST['submit'])) {
  $db = mysql_connect('localhost', 'example', 'example');
  mysql_select_db('concierge', $db);
  
  $login = mysql_real_escape_string($_POST['login'], $db);
  $password = mysql_real_escape_string($_POST['password'], $db);
  
  $query = "SELECT privilage FROM auth WHERE login = '$login' AND password = '$password'";
  $result = mysql_query($query, $db);
  if (0 === mysql_num_rows($result)) {
    header('Location: ../../index.php');
    exit(0);
  }
  
  $row = mysql_fetch_assoc($result);
  $privilage = $row['privilage'];
  
  session_start();
  $_SESSION['username'] = $login;
  $_SESSION['privilage'] = $privilage;
  
  if ('receptionist' === $privilage) {
    header('Location: ../../employees/receptionist/index2.htm');
    exit(0);
  }

  if ('manager' === $privilage) {
    header('Location: ../../employees/managers/index1.htm');
    exit(0);
  }

  if ('administrator' === $privilage) {
    header('Location: ../../admin/index.php');
    exit(0);
  }
}

paddyhaig · May 8, 2010

So I turned on register_globals = On Just to see what would happena and got all this stuff in my php_log

[08-May-2010 17:12:15] PHP Notice: Undefined variable: login in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 19

[08-May-2010 17:12:15] PHP Notice: Undefined variable: password in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 20

[08-May-2010 17:12:15] PHP Notice: Undefined variable: privilage in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 41

[08-May-2010 17:12:15] PHP Notice: Undefined variable: privilage in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 47

[08-May-2010 17:12:15] PHP Notice: Undefined variable: privilage in C:\wamp\www\concierge\scripts\authenticate\auth.php on line 53

paddyhaig · May 8, 2010

ignace, apart from putting a <?php at the begging and a ?> at the end of the script. I have to say that you got yourself a believer. Thank you, thank you, thank you, I guess I don't have to say it now works!

paddyhaig · May 8, 2010

I uploaded it to my Linux server and:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home1/oninacom/public_html/concierge/scripts/authenticate/auth.php on line 12

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home1/oninacom/public_html/concierge/scripts/authenticate/auth.php on line 17

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home1/oninacom/public_html/concierge/scripts/authenticate/auth.php:12) in /home1/oninacom/public_html/concierge/scripts/authenticate/auth.php on line 20

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home1/oninacom/public_html/concierge/scripts/authenticate/auth.php:12) in /home1/oninacom/public_html/concierge/scripts/authenticate/auth.php on line 20

paddyhaig · May 9, 2010

Help! :'(

kenrbnsn · May 9, 2010

Put an "or die" clause after every MySQL function call. Something like this:

<?php
if (isset($_POST['submit'])) {
  $db = mysql_connect('localhost', 'example', 'example') or die("Couldn't connect to the database<br>" . mysql_error());
  mysql_select_db('concierge', $db) or die("Couldn't select<br>" . mysql_error());
  
  $login = mysql_real_escape_string($_POST['login'], $db);
  $password = mysql_real_escape_string($_POST['password'], $db);
  
  $query = "SELECT privilage FROM auth WHERE login = '$login' AND password = '$password'";
  $result = mysql_query($query, $db) or die("Problem with the query: $query<br>" . mysql_error());
  if (0 === mysql_num_rows($result)) {
    header('Location: ../../index.php');
    exit(0);
  }
  
  $row = mysql_fetch_assoc($result);
  $privilage = $row['privilage'];
  
  session_start();
  $_SESSION['username'] = $login;
  $_SESSION['privilage'] = $privilage;
  
  if ('receptionist' === $privilage) {
    header('Location: ../../employees/receptionist/index2.htm');
    exit(0);
  }

  if ('manager' === $privilage) {
    header('Location: ../../employees/managers/index1.htm');
    exit(0);
  }

  if ('administrator' === $privilage) {
    header('Location: ../../admin/index.php');
    exit(0);
  }
}
?>

One of these should throw an error and from there you should be able to determine what's wrong.

Ken

paddyhaig · May 9, 2010

Dude!!! That did it, it exposed the fact that my databases names are changed automatically by my hosting provider. I didn't take this into account when I uploaded my scripts. Thank you so very much.

As it is, I have a number of CSS issues that I would also like to fix. I suppose this is the wrong place. But If anyone knows where I can get help regarding CSS I would be so very grateful of their suggestions.

ignace · May 9, 2010

CSS Help?

paddyhaig · May 12, 2010

I done it again, I wanted to use a graphic instead of a normal form submit button, and I also wanted to add an additional 'Account' field to the form. The Account field is not actually being processed on the back end as of yet. Is it possible to get this script working and logging in despite the additional field?

<html>

<head>

<title>Concierge Login</title>

#blue-box {

position: relative;

width: 384px;

height: 357px;

margin: 0 auto;

background-image: url(graphics/small_backdrop.jpg);

color: #FFF;

font-family: Helvetica, Arial, Verdana, sans-serif;

}

form {

position: absolute;

top: 143px;

left: 182px;

margin-top: -55px;

margin-left: -65px;

width: 145px;

height: 149px;

}

form label {

font-weight: bold;

}

</style>

</head>

<div>

<label for="username">Account:</label>

</div>

<div>

<label for="username">Username:</label>

</div>

<div>

<label for="password">Password:</label>

</div>

<p>

</p>

</p></form>

</div>

<div style="text-align:center">Concierge system powered by <a href="http://www.">Oninka</a><a href="#"></a></div>

</body>

</html>

ignace · May 12, 2010

Sure change

if (isset($_POST['submit']))

to

if (isset($_POST['username']) && isset($_POST['password']))

Sign In

Authentication error

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information