webguync Posted May 13, 2010 Share Posted May 13, 2010 I have a login script using JQuery with PHP and MySQL back-end which seems to work, but the secure page that should be directing to when login successful directs me right back to the login script. I believe this was working ok, prior to adding the JQuery. The variable not holding is for username. The login success/fail part works fine, so only the displaying the secure page when login is successful is not working. How can I debug? Code below. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US" dir="ltr"> <head> <meta http-equiv="Content-type" content="text/html; charset=ISO-8859-1" /> <title> ETSI Editor Candidate Test </title> <link href="style.css" rel="stylesheet" type="text/css" /> <script type="text/javascript" src="js/niceforms.js"></script> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script> <script language="javascript"> $(document).ready(function() { $("#login_form").submit(function() { //remove all the class add the messagebox classes and start fading $("#msgbox").removeClass().addClass('messagebox').text('Validating....').fadeIn(1000); //check the username exists or not from ajax $.post("login.php",{ username:$('#username').val(),password:$('#password').val(),rand:Math.random() } ,function(data) { alert(data); if(data==1) //if correct login detail { $("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox { //add message and change the class of the box and start fading $(this).html('Success!..Logging in.....').addClass('messageboxok').fadeTo(900,1, function() { //redirect to secure page document.location='EditorExam.php'; }); }); } else { $("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox { //add message and change the class of the box and start fading $(this).html('You have entered an incorrect login, please try again!').addClass('messageboxerror').fadeTo(900,1); }); } }); return false; //not to post the form physically }); //now call the ajax also focus move from $("#password").blur(function() { $("#login_form").trigger('submit'); }); }); </script> </head> <body> <div id="LoginContainer"> <h1 class="login">Login Page</h1> <div id="form_align"> <form enctype="multipart/form-data" method="post" action="" id="login_form" class="niceform"> <fieldset> <legend>Please enter your email address and password to login to your test.</legend> <div class="loginwrapper"> <label for="username">Username:<span class='red_small'> (email address) </span></label><br /> <input type="text" name="username" id="username" size="20"><br /><br /> <label for="password">Password:<span class='red_small'> (you should have been given this)</span> </label><br /> <input type="password" name="password" id="password" size="20"><br /><br /> <div class="buttondiv"> <input class="button" type="submit" name="submit" value="Login" /><span id="msgbox" style="display:none"></span> </div> </div><!--end login wrapper--> </form> </fieldset> </div> </div><!--end container div--> </body> </html> <?php $db_user = "username"; $db_pass = "pw"; $db = "DBName"; mysql_connect('localhost',$db_user,$db_pass); mysql_select_db($db); $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string(md5($_POST['password'])); $sql= "SELECT * FROM tablename WHERE username = '$username' AND password = '$password'"; $query = mysql_query($sql); $num_rows = mysql_num_rows($query); $query = mysql_query($sql) or die("Query Failed: $sql - " . mysql_error()); if ($num_rows == '1') { setcookie("logged_in", $username, time()+3600); echo '1'; } else { echo '0'; } ?> and the secured page <?php session_start(); $db_user = "username"; $db_pass = "password"; $db = "DBName"; mysql_connect('localhost',$db_user,$db_pass); mysql_select_db($db); $_SESSION['editor_name'] = $row->editor_name; $_SESSION['username'] = $username; $_SESSION['sid'] = session_id(); // Make it more secure by storing the user's IP address. $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; // Now give the success message. // $_SESSION['username'] should print out your username. //move this to after your redirect further below.. //Update record with current time IF the account has never logged in before $dat = time() + 3600; $query = "UPDATE table SET login_timestamp = DATE_ADD(NOW(), INTERVAL 2 HOUR) WHERE username = '$username' AND password = '$password'"; //echo $query; //for debugging test $result = mysql_query($query) or die(mysql_error()); // Start a session. If not logged in will be redirected back to login screen. // if session is not set redirect the user if(empty($_SESSION['username'])) header("Location:login.php"); ?> <head>Secured Page</head> <body> Secured content page goes here </body> </html> Link to comment https://forums.phpfreaks.com/topic/201663-session-variable-not-holding-need-to-figure-out-why/ Share on other sites More sharing options...
Asheeown Posted May 13, 2010 Share Posted May 13, 2010 Where is your secured page getting all of its variables? $username, $row? The order of your pages doesn't make sense and none of them link together. I see you set a cookie after logging in and then the user data in session variables in the secured page, but if the secured page doesn't know where to get that information it can't set it. Link to comment https://forums.phpfreaks.com/topic/201663-session-variable-not-holding-need-to-figure-out-why/#findComment-1057891 Share on other sites More sharing options...
webguync Posted May 13, 2010 Author Share Posted May 13, 2010 well in the JQuery it's saying if login is successful go to secure page. if(data==1) //if correct login detail { $("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox { //add message and change the class of the box and start fading $(this).html('Success!..Logging in.....').addClass('messageboxok').fadeTo(900,1, function() { //redirect to secure page document.location='securepage.php'; }); }); } and on the secure page I am trying to retrieve session var from login page $_SESSION['username'] = $username; the middle part of the code I posted checks the database for the username and password and if ==1 is redirecting to secure page. This part appears to be working fine. Link to comment https://forums.phpfreaks.com/topic/201663-session-variable-not-holding-need-to-figure-out-why/#findComment-1057899 Share on other sites More sharing options...
webguync Posted May 13, 2010 Author Share Posted May 13, 2010 Since I am setting a COOKIE with successful login, I tried doing this, but doesn't work either. if(!isset($_COOKIE['username'])){ header("Location:secure_page.php"); exit; } when I do this... print_r($_COOKIE); the username is successfully being set as a cookie from here. if ($num_rows == '1') { setcookie("logged_in",$password, time()+3600); echo '1'; } else { echo '0'; } Link to comment https://forums.phpfreaks.com/topic/201663-session-variable-not-holding-need-to-figure-out-why/#findComment-1057972 Share on other sites More sharing options...
webguync Posted May 17, 2010 Author Share Posted May 17, 2010 any ideas on why my setting a cookie isn't allowing me to go to secured page? Link to comment https://forums.phpfreaks.com/topic/201663-session-variable-not-holding-need-to-figure-out-why/#findComment-1059544 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.