simcoweb Posted September 18, 2006 Share Posted September 18, 2006 I have a login page with the following code:[code]<?// Declare loginError so a value is always available$loginError = "";// Enable sessions// Set Session Value$_SESSION['loggedin'] = @$eg_Result1['username']; // Turn on magic quotes to prevent SQL injection attacksif(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); include 'dbconfig.php';// Connect to database$eg_objConn1 = mysql_connect($dbhost, $dbuser, $dbpass);mysql_select_db($dbname, $eg_objConn1);// Validate users inputif(!empty($_POST)){ // Check username has a value if(empty($_POST['username'])) $eg_error['username'] = "Please enter a user name!"; // Check password has a value if(empty($_POST['password'])) $eg_error['password'] = "Please enter a password!"; // Check if any errors were returned and run relevant code if(empty($eg_error)) { // Get Record Set $eg_recResult1 = mysql_query("SELECT `plateau_pros`.`memberid` FROM `plateau_pros` WHERE `plateau_pros`.`username` = '".@$_POST['username']."' AND `plateau_pros`.`password` = '".@$_POST['password']."'", $eg_objConn1); $eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC); // Conditional statement //if(!empty($eg_Result1['memberid'])) //{ // Go to page header("Location: members.php"); exit; } else { $loginError = "Your user name and password do not match any in our database!"; }}?>[/code]The problem is that once the person enters username/password and hits submit it winds up right back at the login.php page instead of forwarding (upon successful validation) to the members.php page as instructed. My eyes are bugging out trying to spot the problem. So, perhaps some 'new eyes' could help me out here ? :P Quote Link to comment Share on other sites More sharing options...
paul2463 Posted September 18, 2006 Share Posted September 18, 2006 Hi Simcowebjust did some looking around and found this page http://php.about.com/od/learnphp/ht/phpredirection.htm with reference to the header() constructtake a look and have a look at "heres how" number 2, it mentions that header wont work if any text has been sent to the browser before the header() is called. maybe thats your problemhope that has shed some light, if thats not the problem...i am no help at all and I shall crawl back under my stone without a coffee...Paul Quote Link to comment Share on other sites More sharing options...
simcoweb Posted September 18, 2006 Author Share Posted September 18, 2006 Hi Paul:Thanks for the post. I'm aware of that aspect of the headers but normally that would produce a 'Premature end to script headers' error message which would indicate some HTML has been passed before the header. In this case everything is working except the redirection to the member's page after the login attempt. It's got to be something in the if/else statements that i'm not spotting. Some sort of syntax error or bad logic in my code. Quote Link to comment Share on other sites More sharing options...
karthikeyan_coder Posted September 18, 2006 Share Posted September 18, 2006 find: <?After add this:session_start();Desc:You have to start the session; every where you want to use session vars.Thank you,http://TopLancers.com Quote Link to comment Share on other sites More sharing options...
simcoweb Posted September 18, 2006 Author Share Posted September 18, 2006 I wish I could say that took care of it :( Unfortunately it didn't. Still just comes right back to the login page after submit. Quote Link to comment Share on other sites More sharing options...
simcoweb Posted September 19, 2006 Author Share Posted September 19, 2006 Still looking for a resolution on this one. Once again, after entering username/password it just returns to the login page. Not sure why. Quote Link to comment Share on other sites More sharing options...
paul2463 Posted September 19, 2006 Share Posted September 19, 2006 Hi Simcowebspotted you probelm I think. look at your code here[code]//if(!empty($eg_Result1['memberid'])) //{ // Go to page header("Location: members.php"); exit; } else { $loginError = "Your user name and password do not match any in our database!"; }[/code]you have commented out the if statement and the starting '{' of the if/else statement. dont know if you meant to do this but there we go, i have a feeling that you did mean to do it because when you un-comment them, there is not enough closing '}', it requires one more at the end. Quote Link to comment Share on other sites More sharing options...
simcoweb Posted September 19, 2006 Author Share Posted September 19, 2006 Hi Paul:Thanks for your post and for spotting that missing element. I did change the code to this:[code]<?// Enable sessionssession_start();// Set Session Value$_SESSION['loggedin'] = @$eg_Result1['username'];// Declare loginError so a value is always available$loginError = ""; // Turn on magic quotes to prevent SQL injection attacksif(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); include 'dbconfig.php';// Connect to database$eg_objConn1 = mysql_connect($dbhost, $dbuser, $dbpass);mysql_select_db($dbname, $eg_objConn1);// Validate users inputif(!empty($_POST)){ // Check username has a value if(empty($_POST['username'])) $eg_error['username'] = "Please enter a user name!"; // Check password has a value if(empty($_POST['password'])) $eg_error['password'] = "Please enter a password!"; // Check if any errors were returned and run relevant code if(empty($eg_error)) { // Get Record Set $eg_recResult1 = mysql_query("SELECT `plateau_pros`.`memberid` FROM `plateau_pros` WHERE `plateau_pros`.`username` = '".@$_POST['username']."' AND `plateau_pros`.`password` = '".@$_POST['password']."'", $eg_objConn1); $eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC); // Conditional statement if(!empty($eg_Result1['memberid'])) { // Go to page header("Location: members.php"); exit; } else { $loginError = "Your user name and password do not match any in our database!"; } }}?>[/code]Which reinstates that 'if' statement. I originally disabled it as one of the many experiements to get the redirection to work. Even with the reinstating and repairing of the code (as above) the redirection still doesn't work (*sigh*). Perhaps with this revised code there's still something missing? Quote Link to comment Share on other sites More sharing options...
paul2463 Posted September 19, 2006 Share Posted September 19, 2006 Hi simcowebtry this one for size[quote]$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC);[/quote]is your line, you are preventing any errors in this query, maybe thats your problem try this one[code]$eg_Result1 = mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());[/code]let me know and I will make something else up to throw at you.... Quote Link to comment Share on other sites More sharing options...
simcoweb Posted September 19, 2006 Author Share Posted September 19, 2006 heh... no errors displayed. Figures. It appears it's making the query without a hitch. Then it either hits a spot that tells it to quit or it's quitting on its own. Obviously it should query the database, check the username/password to make sure they exist, then if successful redirect to the stated page. If error, it would return to the login page and show the errors. Only no errors are being shown. Quote Link to comment Share on other sites More sharing options...
paul2463 Posted September 19, 2006 Share Posted September 19, 2006 something else that may be causeing somethingin your origonal query you SELECT plateau_pros.memberid FROM plateau_prosbut in your if statement you only used the memberid to see if its empty, it will be, because memberid on its own is not in the results set, it should be looking for [code]if(!empty($eg_Result1['plateau_pros.memberid'])) { // Go to page header("Location: members.php"); exit; } else { $loginError = "Your user name and password do not match any in our database!"; }[/code]told you i could come up with something else... Quote Link to comment Share on other sites More sharing options...
paul2463 Posted September 19, 2006 Share Posted September 19, 2006 do you echo out $loginError anywhere to see if that is being set during this if/else statement to see whether the failing side of the if/else is working OK??? Quote Link to comment Share on other sites More sharing options...
simcoweb Posted September 19, 2006 Author Share Posted September 19, 2006 heh..well, at least that produced an error. Unfortunately it's an error that the username doesn't exist in my database. But, I know it does cuz i'm looking right at it. Me thinks there's a problem with the query. Quote Link to comment Share on other sites More sharing options...
paul2463 Posted September 19, 2006 Share Posted September 19, 2006 try this then, first assign the posted variables to normal variables before putting them in the query construct[code]$uname = $_POST['username'];$pword = $_POST['password'];$eg_recResult1 = mysql_query("SELECT memberid FROM plateau_pros WHERE username = '$uname' AND password = '$pword'", eg_objConn1);$eg_Result1 = mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());if(!empty($eg_Result1['memberid'])) { // Go to page header("Location: members.php"); exit; } else { $loginError = "Your user name and password do not match any in our database!"; }[/code] Quote Link to comment Share on other sites More sharing options...
simcoweb Posted September 19, 2006 Author Share Posted September 19, 2006 Hmmm...here's what I noticed. My validation is checking the entry of something into the fields. However, there's nothing checking the posted info with the data in the database. Right now i'm getting 'User not found' errors no matter what I type in even though the user IS in the database. I need some authentication code to use the SELECT data against a comparison. Not sure how to do that. Quote Link to comment Share on other sites More sharing options...
simcoweb Posted September 19, 2006 Author Share Posted September 19, 2006 I've modified the code a bit to include a check against the results:[code]$username = $_POST['username'];$password = $_POST['password']; // Get Record Set $eg_recResult1 = mysql_query("SELECT `plateau_pros`.`memberid` FROM `plateau_pros` WHERE `plateau_pros`.`username` = '$username' AND `plateau_pros`.`password` = '$password'", $eg_objConn1); $eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error()); if (mysql_num_rows($eg_recResult1) == 1) { // the user id and password match, // set the session $_SESSION['loggedin'] = true; // Conditional statement // if(!empty($eg_Result1['plateau_pros.username'])) // Go to page header("Location: members.php"); exit; } else { $loginError = "Your user name and password do not match any in our database!"; }[/code]STILL it won't redirect. ARRGGGGGGGGGGGH! Quote Link to comment Share on other sites More sharing options...
paul2463 Posted September 20, 2006 Share Posted September 20, 2006 in your modified code you have two conditional statements doing the same thing[quote]if (mysql_num_rows($eg_recResult1) == 1) { <---------------this one checks to see if one row is returned(i.e user ok) // the user id and password match, // set the session $_SESSION['loggedin'] = true; // Conditional statement // if(!empty($eg_Result1['plateau_pros.username'])) <-----and this one checks thats its not empty // Go to page header("Location: members.php"); exit; } else { $loginError = "Your user name and password do not match any in our database!"; }[/quote]can you not[code]if (mysql_num_rows($eg_recResult1) == 1) { //checks that a valid row is returned and only one so it must be the user in question. // set the session $_SESSION['loggedin'] = true; // Go to page header("Location: members.php"); break; //try break; instead of exit, exit; tries to output a message } else { $loginError = "Your user name and password do not match any in our database!"; }[/code]and if you are only calling data from one table - plateau_pros, I dont think you need the plateau_pros.column_name only the column name, just copy and paste this query in a see what ahppens[code]$eg_recResult1 = mysql_query("SELECT memberid FROM plateau_pros WHERE username = '$username' AND password = '$password'", eg_objConn1);[/code] Quote Link to comment Share on other sites More sharing options...
simcoweb Posted September 20, 2006 Author Share Posted September 20, 2006 Hi Paul:Thanks for your persistence! I'm sure we'll nail this eventually.Ok, regarding the two conditional statements, if you notice the lower one is commented out while replacing it with the one above. I was experimenting to see if perhaps the check for a valid member was not working with the lower statement. I utilized your modified query statement and upon submit got this error:[quote]Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home2/wwwxxxx/public_html/login.php on line 31Error in query: $eg_Result1.[/quote]Line 31 is the query. I've made no other changes in the code except to actually delete the 2nd conditional statement that was previously commented out. Quote Link to comment Share on other sites More sharing options...
paul2463 Posted September 20, 2006 Share Posted September 20, 2006 the only line that we know throws a "Named Error" is[code]$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());[/code]the last part tells it to tell us " Error in query: $eg_result1." if there is a problem with it...and voila it worked just got to figure out exactly what this means[quote]Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource[/quote] Quote Link to comment Share on other sites More sharing options...
simcoweb Posted September 20, 2006 Author Share Posted September 20, 2006 This is a baffler to say the least. I can't imagine what the problem is with the query. It's the right database, the right table and the right fields. I don't see a syntax error. I rewrote it slightly to see if that fixed it. The 'resource' reference went away but the sql error persists. Here's the new snippet:[code]// Get Record Set$eg_recResult1 = ("SELECT * FROM plateau_pros WHERE username = '$username' AND password = '$password'");mysql_query($eg_recResult1);$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());[/code] Quote Link to comment Share on other sites More sharing options...
paul2463 Posted September 20, 2006 Share Posted September 20, 2006 please give this a try.... copy and paste it where it needs to go ...as is...[code]//build the query and run it - assign it to variable called query$query = mysql_query("SELECT * FROM plateau_pros WHERE username = '$username' AND password = '$password'") or die ('Error in query: $query. ' . mysql_error());// call for the result set - assign it to variable called $result$result = mysql_fetch_assoc($query) or die ('Error in query: $result. ' . mysql_error());//count the rows in the resultant results set if (mysql_num_rows($result) == 1) { //if a row exists i.e username and password match a person, start a session and re-direct, the break out of if statement $_SESSION['loggedin'] = true; header("Location: members.php"); exit; } else { //otherwise $loginError becomes the string below $loginError = "Your user name and password do not match any in our database!"; }[/code]I think I found another problem in your code, thats the problem with things looking the same...see if I spotted it right.... you had a query called "$eg_recResult1" then you had a variable calling the result set called "$eg_Result1" you then in the IF statement tried to count the lines in "$eg_recResult1" when the resultant rows are actually held by "$eg_Result1" so I have changed the names completley in the above................it changed on the first post on this page after you made some changes, from then on all other changes will not have workedif the query throws an error is will say "Error in query: $query"if calling the result set throws an error it will say "Error in query: $result" Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.