Jump to content

Archived

This topic is now archived and is closed to further replies.

phpshrew

Login Script

Recommended Posts

Ok I have a login script that I made, it used to work but now it doesn't. It still sets the session variable and everything, but I use a function to log in, and everything works but the header location to transfer to the main admin page. I can't find out why it's not working..

The Log in Function(Database connect info removed).
[code]
<?php
function aLogin($user, $pass) {
$dbname = "";
$dbuser = "";
$dbpass = "";
$dbhost = "";
$connection = @mysql_connect ($dbhost, $dbuser, $dbpass) or die("Error Connecting: ".mysql_error());
@mysql_select_db($dbname, $connection) or die("Error Selecting Database:".mysql_error());
$query = "SELECT * FROM admin_user WHERE name = '".$user."'";
$result = @mysql_query($query) or die ("Error Retrieving Data: ".mysql_error());
while($data = mysql_fetch_assoc($result)){
$ulvl = $data['ulvl'];
$usern = $data['name'];
$pass1 = $data['pass'];}
if(!$usern) {
echo "Invalid username or password! Press back and try again!";}
else {
if($pass==$pass1) {
session_start();
  session_register('usern');
session_register('ulvl');
$_SESSION['usern']=$usern;
$_SESSION['ulvl']=$ulvl;
header("Location: main.php" );                    <------------------DOESNT WORK HERE
  //we will redirect the user to another page where we will make sure they're logged in
  } else { echo "Invalid Password!";
}}} ?>[/code]
Index.php
[code]<?php
$id = $_GET['id'];
include("../db.php");
include("../functions.php");
echo "<link rel=\"stylesheet\" href=\"../style/id1.css\" />";
if(!$id){
?>
<div align="center">
  <p>RSLegion Admin Login Page<br />
   
    <a href="../">Back to Website</a>
  <p>&nbsp;</p>
  <form name="form1" method="post" action="index.php?id=1">
    <p>Username:
      <input name="user" type="text" id="user" size="20" maxlength="20">
    </p>
    <p>
      Password:
      <input name="pass" type="password" id="pass" size="20" maxlength="20">   
    </p>
    <p>
      <input type="submit" name="Submit" value="Log In">
    </p>
  </form>
  <p>&nbsp; </p>
</div>
<?php
}
else {
$user = $_POST['user'];
$pass = $_POST['pass'];
aLogin($user, $pass);
}
?>[/code]

Share this post


Link to post
Share on other sites
Try this. Note that I made your code look more nice.

Login function: [code]<?php
function aLogin($user, $pass)
{
$dbname = "";
$dbuser = "";
$dbpass = "";
$dbhost = "";

$connection = @mysql_connect($dbhost, $dbuser, $dbpass) or die("Error Connecting: ".mysql_error());
@mysql_select_db($dbname, $connection) or die("Error Selecting Database:".mysql_error());

$result = @mysql_query("SELECT * FROM admin_user WHERE name='{$user}'") or die ("Error Retrieving Data: ".mysql_error());
while($data = mysql_fetch_assoc($result))
{
$ulvl = $data['ulvl'];
$usern = $data['name'];
$pass1 = $data['pass'];
}
if(!$usern)
{
echo "Invalid username or password! Press back and try again!";
}
else {
if($pass == $pass1)
{
$_SESSION['usern'] = $usern;
$_SESSION['ulvl'] = $ulvl;
header("Location: main.php");
  //we will redirect the user to another page where we will make sure they're logged in
}
else {
echo "Invalid Password!";
}
}
}
?>[/code]

index.php: [code]<?php
session_start();
include("../db.php");
include("../functions.php");
echo '<link rel="stylesheet" href="../style/id1.css" />';
if(!$_GET['id'])
{
echo <<<EOF
<div align="center">
<p>RSLegion Admin Login Page</p>

<p><a href="../">Back to Website</a></p>

<p>&nbsp;</p>
<form name="form1" method="post" action="index.php?id=1">
<p>Username: <input name="user" type="text" id="user" size="20" maxlength="20" /></p>
<p>Password: <input name="pass" type="password" id="pass" size="20" maxlength="20"></p>
<p><input type="submit" name="Submit" value="Log In"></p>
</form>
<p>&nbsp;</p>
</div>
EOF;
}
else {
aLogin($_POST['user'], $_POST['pass']);
}
?>[/code]

Share this post


Link to post
Share on other sites
Try this for the function then: [code]<?php
function aLogin($user, $pass)
{
$dbname = "";
$dbuser = "";
$dbpass = "";
$dbhost = "";

$connection = @mysql_connect($dbhost, $dbuser, $dbpass) or die("Error Connecting: ".mysql_error());
@mysql_select_db($dbname, $connection) or die("Error Selecting Database:".mysql_error());

$result = @mysql_query("SELECT * FROM admin_user WHERE name='{$user}' LIMIT 1") or die ("Error Retrieving Data: ".mysql_error());
if(mysql_num_rows($result) <= 0)
{
echo "The user '{$user}' do not exist!";
}
else {
$udata = mysql_fetch_assoc($result);

if($udata['name'] != $user || $udata['pass'] != $pass)
{
echo "Invalid username or password! Press back and try again!";
}
else {
$_SESSION['usern'] = $udata['usern'];
$_SESSION['ulvl'] = $udata['ulvl'];
header("Location: main.php" );
die();
}
}
}
?>
[/code]

Share this post


Link to post
Share on other sites
I changed the code to this:
Now it works, thanks for your help though, I like that echo <<<EOF deal, gonna use that now :-) well thanks a lot!

index.php
[code]<?php
session_start();
include("../db.php");
include("../functions.php");
if(!$_GET['id'])
{
echo '<link rel="stylesheet" href="../style/id1.css" />';
echo <<<EOF
<div align="center">
<p>RSLegion Admin Login Page</p>

<p><a href="../">Back to Website</a></p>

<p>&nbsp;</p>
<form name="form1" method="post" action="index.php?id=1">
<p>Username: <input name="user" type="text" id="user" size="20" maxlength="20" /></p>
<p>Password: <input name="pass" type="password" id="pass" size="20" maxlength="20"></p>
<p><input type="submit" name="Submit" value="Log In"></p>
</form>
<p>&nbsp;</p>
</div>
EOF;
}
else {
aLogin($_POST['user'], $_POST['pass']);
}
?>[/code]

Share this post


Link to post
Share on other sites
Yeah. Just note that EOF; has to be on a line for it self. There may not be any whitespaces on the line EOF; is on (that also means no idendtion).

Share this post


Link to post
Share on other sites
also to add

echo<<<you_can use_any_name_you_want_not_just_eof

html code here.

you_can use_any_name_you_want_not_just_eof;

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.