Jump to content

Simple login script does not work


Gruzin

Recommended Posts

Hi everybody,
Here is my little script, which checks the user and pass from db, I don't know what's wrong it does nto work, if you will be so kind to look at it, I'll really appreciate that, thanks.

[code]<?php
session_start();
$user_form = $_POST["user"];
$pass_form = $_POST["pass"];

require ("config.php");

$result = mysql_query("SELECT * FROM test WHERE user='$user_form'");
while($row = mysql_fetch_array($result)){
$row_user = $row['user'];
$row_pass = $row['pass1'];
$row_id = $row['id'];
}
if($user_form == $row_user && $pass_form == $row_pass){
  $_SESSION['user'] = $row_user;
  $_SESSION['id'] = $row_id;
  header ('location: profile.php');
}
else{
  header ('Location: index.php');
}
?>[/code]
Link to comment
Share on other sites

this looks like an old fashioned manual debug job

I have added some echos in places, to show the vars, make sure they are being parsed

and I added a row to check if there are results in the DB

I also commented a header
To check the Row Values

[code]
<?php
session_start();
$user_form = $_POST["user"];
$pass_form = $_POST["pass"];
echo "POst values User is ".$user_form." AND Pass is ".$pass_form."<br />\n";
require ("config.php");

$result = mysql_query("SELECT * FROM test WHERE user='$user_form'");
if(mysql_num_rows($result) != 0){
while($row = mysql_fetch_array($result)){

$row_user = $row['user'];
$row_pass = $row['pass1'];
$row_id = $row['id'];
}
}else{
echo "No Results found in the table<br />\n";
}

if($user_form == $row_user && $pass_form == $row_pass){
  $_SESSION['user'] = $row_user;
  $_SESSION['id'] = $row_id;
  header ('location: profile.php');
}
else{
  //header ('Location: index.php');
  echo "Row User is ".$row_user." AND Row Pass is ".$row_pass."<br />\n";
}
?>
[/code]

Try this, and see what outputs

Link to comment
Share on other sites

Here is the code you've modified, I've checked the directory where login.php file should be and it's correct, so I don't really know what's wrong  :(

[code]<?php
session_start();
$user_form = $_POST["user"];
$pass_form = $_POST["pass"];
echo "POst values User is ".$user_form." AND Pass is ".$pass_form."<br />\n";
require ("config.php");

$result = mysql_query("SELECT * FROM test WHERE user='$user_form'");
if(mysql_num_rows($result) != 0){
while($row = mysql_fetch_array($result)){

$row_user = $row['user'];
$row_pass = $row['pass1'];
$row_id = $row['id'];
}
}else{
echo "No Results found in the table<br />\n";
}

if($user_form == $row_user && $pass_form == $row_pass){
  $_SESSION['user'] = $row_user;
  $_SESSION['id'] = $row_id;
  header ('location: profile.php');
}
else{
  //header ('Location: index.php');
  echo "Row User is ".$row_user." AND Row Pass is ".$row_pass."<br />\n";
}
?>[/code]
Link to comment
Share on other sites

ok

comment
header ('location: profile.php');
Add under that line
echo "Everything matches, lets direct to profile.php

Cos you might have something on profile.php, which is diverting it to index.php

All these echos is a visual for you to see what is happening
By removing all header redirects, you can see what sections your script is going through
Link to comment
Share on other sites

Here is the profile.php:

[code]<?php
session_start();
if(isset($_SESSION['user'])){
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Picture Manager</title>
<link href="css/style.css" rel="stylesheet" type="text/css">
</head>

<body>
<table width="600" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr>
    <td align="center" bgcolor="#FF6600" class="style1"><strong>Welocome <?php echo $_SESSION['user'];?></strong></td>
  </tr>
</table>
<table width="600" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr>
    <td bgcolor="#EAEAEA">&nbsp;</td>
  </tr>
  <tr>
    <td align="center" bgcolor="#FFD1B3"><table width="400" border="0" cellpadding="0" cellspacing="0" id="reg">
      <tr>
        <td width="100" align="center"><a href="profile.php">Home</a></td>
        <td width="100" align="center"><a href="edit_profile.php">Edit Profile</a> </td>
        <td width="100" align="center"><a href="#">Change Password </a></td>
        <td width="100" align="center"><a href="logout.php">Log Out</a></td>
      </tr>
    </table></td>
  </tr>
</table>
<table width="600" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr>
    <td bgcolor="#EAEAEA">&nbsp;</td>
  </tr>
  <tr>
    <td align="center" bgcolor="#EAEAEA"><table width="400" border="0" cellpadding="0" cellspacing="2" bgcolor="#FFD1B3">
      <tr>
        <td width="150" align="center" valign="top" bgcolor="#EAEAEA"><?php
require ("config.php");
        $query = "SELECT * FROM test WHERE id=$user_id ORDER BY id";
        $result = mysql_query($query) or die("Error: " . mysql_error());
        while($row = mysql_fetch_array($result))
$imageArr = "uploads/".$row['pic'];
        echo '<img alt="" src="'.$imageArr.'">';
        ?></td>
        <td width="250" align="left" valign="top"><table width="250" border="0" cellspacing="0" cellpadding="0">
          <tr>
            <td width="10" align="left" bgcolor="#EAEAEA" class="style2">&nbsp;</td>
            <td width="70" align="left" bgcolor="#EAEAEA" class="style2"><strong>Username:</strong></td>
            <td width="170" align="left" valign="top" bgcolor="#EAEAEA" class="style2"><?php
$query = "SELECT * FROM test WHERE id=$user_id ORDER BY id";
            $result = mysql_query($query) or die("Error: " . mysql_error());
            while($row = mysql_fetch_array($result))
echo $row['user']; ?></td>
          </tr>
          <tr>
            <td align="left" bgcolor="#EAEAEA" class="style2">&nbsp;</td>
            <td align="left" bgcolor="#EAEAEA" class="style2"><strong>E-mail:</strong></td>
            <td align="left" valign="top" bgcolor="#EAEAEA" class="style2"><?php
$query = "SELECT * FROM test WHERE id=$user_id ORDER BY id";
            $result = mysql_query($query) or die("Error: " . mysql_error());
            while($row = mysql_fetch_array($result))
echo $row['mail']; ?></td>
          </tr>
          <tr>
            <td bgcolor="#EAEAEA" class="style2">&nbsp;</td>
            <td align="left" valign="top" bgcolor="#EAEAEA" class="style2"><strong>Info:</strong></td>
            <td align="left" valign="top" bgcolor="#EAEAEA" class="style2"><?php
$query = "SELECT * FROM test WHERE id=$user_id ORDER BY id";
            $result = mysql_query($query) or die("Error: " . mysql_error());
            while($row = mysql_fetch_array($result))
echo $row['info']; ?></td>
          </tr>
        </table></td>
      </tr>
    </table></td>
  </tr>
  <tr>
    <td align="center" bgcolor="#EAEAEA">&nbsp;</td>
  </tr>
</table>
</body>
</html>
<?php
}
else{
header ('Location: index.php');
}
?>[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.