Jump to content

Archived

This topic is now archived and is closed to further replies.

Drezard

Script annoying me

Recommended Posts

I really cant get these two scripts to work together to give me the output i want.

Here are the two scripts:

login_form.php:

[CODE]
<?php
// initialize a session
session_start();
?>
<html>
<head></head>
<body>

<?php
if (!isset($_SESSION['login']) && !isset($_POST['user'])) {
    // if no data, print the form
?>
    <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
      Username:<input type="text" name="user"><br>
  Password:<input type="password" name="pass"><br>
        <input type="submit" name="submit">
    </form>
<?php
}
if (!isset($_SESSION['login'])) {

include('connect.php');
    // if a session does not exist but the form has been submitted
    // check to see if the form has all required values
    // create a new session
$user = empty($_POST['user']) ? die ("Please Enter A Username") : mysql_escape_string($_POST['user']);
$pass = empty($_POST['pass']) ? die ("Please Enter A Password") : mysql_escape_string($_POST['pass']);
$sql = "SELECT * FROM users WHERE user='$user' AND pass='$pass'";
$result = mysql_query($sql);
$count=mysql_num_rows($result);

if($count==1){

$_SESSION['userinfo'] = $user;
?>

<meta http-equiv="refresh" content="0;url=login_sucess.php">;

<?php
}

if ($count == 0) {

echo "Username or password are incorrect";

}

}
?>
</body>
</html>
[/CODE]

login_sucess.php:

[CODE]
<?php
session_start();
$user = $_SESSION['username'];
setcookie('user', $user, time()+36000*24*365);
session_destroy();
?>

<head>

</head>

<body>

<?php

if (isset($_COOKIE['user'])) {
echo "Login Complete";
}
else {
echo "$user";
}
?>

</body>
</html>
[/CODE]

Thanks, Daniel

Share this post


Link to post
Share on other sites
perhaps your problem lies:
[code]
if (isset($_COOKIE['user'])) {
echo "Login Complete";
}
else {
echo "$user";
}[/code]

how is $user set if they couldnt log in??

Share this post


Link to post
Share on other sites
There's actually quite a bit wrong with this code, but don't worry, we can fix it :)

I'll ask you a few questions, when you know the answers they'll help you to realise the mistakes.

1. If I go to login_form.php and my cookie is already set, what happens?
2. If I go to login_form.php with no cookie set, what parts of your code are going to run?

As a side note, on login_success.php, you're setting the cookie and checking it on the same page.  That's not possible.  Until the page is reloaded (either refrshed, or revisited), the cookie won't be registered.

Regards
Huggie

Share this post


Link to post
Share on other sites
Thanks Huggie. Ill have a look at those two problems. I didnt know you couldnt check whether a cookie was set on a page after creating it.

Thanks, Daniel

Share this post


Link to post
Share on other sites
Okay I changed the scripts and they started working. Except, it keep displaying "Please Enter A Username". So i changed something else and now it doesnt work at all and i tried to change the script back but it still doesnt work. I cant work out the problem. Theres no error it just doesnt display the form at all.

New login_form.php:

[CODE]
<?php
// initialize a session
session_start();
?>
<html>
<head></head>
<body>

<?php
if (!isset($_SESSION['userinfo']) && !isset($_POST['user']) && !isset($_COOKIE['user'])) {
    // if no data, print the form
?>
    <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
      Username:<input type="text" name="user"><br>
  Password:<input type="password" name="pass"><br>
        <input type="submit" name="submit">
    </form>
<?php
}
if (!isset($_SESSION['userinfo']) && !isset($_COOKIE['user'])) {

include('connect.php');
    // if a session does not exist but the form has been submitted
    // check to see if the form has all required values
    // create a new session
$user = empty($_POST['user']) ? die ("Please Enter A Username") : mysql_escape_string($_POST['user']);
$pass = empty($_POST['pass']) ? die ("Please Enter A Password") : mysql_escape_string($_POST['pass']);
$sql = "SELECT * FROM users WHERE user='$user' AND pass='$pass'";
$result = mysql_query($sql);
$count=mysql_num_rows($result);

if($count==1){

$_SESSION['userinfo'] = $user;
?>

<meta http-equiv="refresh" content="0;url=login_sucess.php">;

<?php
}

if ($count == 0) {

echo "Username or password are incorrect";

}

}
?>
</body>
</html>
[/CODE]

Heres the new login_sucess.php

[CODE]
<?php
session_start();
$user = $_SESSION['userinfo'];
setcookie('user', $user, time()+36000*24*365);
session_destroy();
?>

<head>

</head>

<body>

<?php

if (isset($_COOKIE['user'])) {
echo "Login Complete";
}
else {
echo "$user";
}
?>

</body>
</html>
[/CODE]

Thanks, Daniel

Share this post


Link to post
Share on other sites
you dont seem to use a database connection do you?

post what you got now please cheers.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.