BelovedDoll Posted January 26, 2011 Share Posted January 26, 2011 Building a website for work. I am struggling with the login for some reason. I`m using a lot of the same code as I did for my personal site and a few other websites I`ve programmed which has always worked. But for some reason, it isn`t working now. I`ve already told it to display to me the information that`s being processed and that is all correct (it even updates the database like it`s supposed to). It just won`t show the person being logged in, which defeats the purpose of logging in, yanno? Here are all the files in question. login.php <?php include "file_calls.php"; $title = "Business Name (Beta): Log In"; include "functions.php"; session_start(); echo "$title"; echo "<p>"; echo "Log into the Business Name website. Only authorized members of the Business Name Staff can log into the website."; echo "<p>"; include "login_form.php"; ?> login_form.php <?php echo "<form action='logging.php' method='post'>"; echo "E-Mail Address:"; echo "<br><input type='text' name='email' size=60 maxlength=100>"; echo "<p>"; echo "Password:"; echo "<br><input type='password' name='pass' size=60 maxlength=25>"; echo "<p>"; $buttonlabel = "Log In"; include "formbutton_format.php"; echo "</form>"; ?> logging.php <?php include "file_calls.php"; $title = "Business Name (Beta): Logging In"; include "functions.php"; session_start(); echo "$title"; echo "<p>"; echo "Logging into the Business Name website. Only authorized members of the Business Name Staff can log into the website."; echo "<p>"; $email = $_POST['email']; $pass = $_POST['pass']; $entry_date = strftime("%B\ %e\,\ %Y %I:%M:%S %p", time()); $res = mysql_query("SELECT id, memlev, pwd1, pwd2, email, name FROM user_data WHERE email='$email'"); $by = mysql_fetch_row($res); mysql_free_result($res); $log = $by[4]; $pas = $by[2]; $pas2 = $by[3]; if ($email && $pass) { if ($by[0]) { if ($by[1] == 2) { $passwd = crypt($_REQUEST['pass'],$by[5]); if ($pass == $pas2) { mysql_query("UPDATE user_data SET lastlogin='$entry_date' WHERE email='$email'"); mysql_close($con); header("Location: index.php"); } elseif ($passwd != $pas) { header("Location: nolog.php?logout=1&m=4"); } } elseif ($by[1] == 1) { header("Location: nolog.php?logout=1&m=2"); } elseif ($by[1] == 0) { header("Location: nolog.php?logout=1&m=3"); } } elseif (!$by[0]) { header("Location: nolog.php?logout=1&m=1"); } } elseif (!$email || !$pass) { echo "<b>Error:</b> Both username and password must be entered in order to log in."; echo "<p>"; include "login_form.php"; } ?>[/php index.php [code=php:0]<?php include "file_calls.php"; $title = "Business Name (Beta)"; include "functions.php"; session_start(); echo "$title"; echo "<p>"; echo "This website is currently under construction. Thank you for your patience."; echo "<p>"; if ($lev > 1) { echo "Hello, $loggeduser !"; } elseif ($lev < 2) { echo "Not logged in."; } echo "<p>"; echo "$lev"; echo "<br>$loggeduser<br>$email"; ?> auth.php <?php // Defines DEFINE('SESSION_MAGIC','sadhjasklsad2342'); // Initialization @session_start(); @ob_start(); /* Redirects to another page */ function Redirect($to) { @session_write_close(); @ob_end_clean(); @header("Location: $to"); } /* Deletes existing session */ function RemoveSession() { $_SESSION = array(); if (isset($_COOKIE[session_name()])) { @setcookie(session_name(), '', time()+(60*60*24*365), '/'); } } /* Checks if user is logged in */ function isLoggedIn() { return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)); } /* read message count */ function CountMessages($id) { if ($res=mysql_query("SELECT * FROM user_data WHERE email='$email'")) { $count=mysql_num_rows($res); mysql_free_result($res); return($count); } return 0; } /* Go login go! */ function Login($email,$pass) { global $nmsg, $rows; $ok=false; if ($res=mysql_query("SELECT id, email, name, pwd1, pwd2, memlev FROM user_data WHERE email='$email' AND pwd2='$pass'")) { if ($rows=mysql_fetch_row($res)) { $_SESSION['sess_name'] = $rows[2]; $_SESSION['pass'] = $pass; $_SESSION['gal'] = $rows[0]; $_SESSION['level2'] = $rows[5]; $_SESSION['email'] = $rows[1]; $_SESSION['magic'] = SESSION_MAGIC; $nmsg = CountMessages($rows[0]); $ok=true; } else { include('login_failed.php'); } mysql_free_result($res); } return($ok); } /* Terminates an existing session */ function Logout() { @RemoveSession(); @session_destroy(); } /* Escape array using mysql */ function Escape(&$arr) { if (Count($arr)>0) { foreach($arr as $k => $v) { if (is_array($v)) { Escape($arr[$k]); } else { if (function_exists('get_magic_quotes')) { if(!get_magic_quotes_gpc()) { $arr[$k] = stripslashes($v); } } $arr[$k] = mysql_real_escape_string($v); } } } } // ----------------------------------------------- // Main // ----------------------------------------------- Escape($_POST); Escape($_GET); Escape($_COOKIE); Escape($_REQUEST); Escape($_GLOBALS); Escape($_SERVER); ?> file_calls.php <?php include "info_con.php"; include "auth.php"; ?> functions.php <?php echo "<title>$title</title>"; $lev=isset($_SESSION['level2'])?$_SESSION['level2']:0; $logged=isset($_SESSION['gal'])?$_SESSION['gal']:0; $loggeduser=$_SESSION['sess_name']; $nmsg = 0; $rows = isset($_SESSION['rows'])?$_SESSION['rows']:array(); $email = isset($_SESSION['email'])?$_SESSION['email']:''; $pass = isset($_SESSION['pass'])?$_SESSION['pass']:''; function rand_chars($c, $l, $u = FALSE) { if (!$u) for ($s = '', $i = 0, $z = strlen($c)-1; $i < $l; $x = rand(0,$z), $s .= $c{$x}, $i++); else for ($i = 0, $z = strlen($c)-1, $s = $c{rand(0,$z)}, $i = 1; $i != $l; $x = rand(0,$z), $s .= $c{$x}, $s = ($s{$i} == $s{$i-1} ? substr($s,0,-1) : $s), $i=strlen($s)); return $s; } function ShowLoggedInBar() { global $email,$pass,$rows,$logid; $nmes=""; if($nmsg){ $nmes="($nmsg New)"; } echo "Hello, $loggeduser !"; } /* check if we are logging out */ if (isset($_REQUEST['logout'])) { Logout(); } /* check if already logged in */ if (isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)) { ShowLoggedInBar(); } else { /* not logged in, is it a form post? */ if (isset($_REQUEST['email']) && isset($_REQUEST['pass'])) { $email = $_REQUEST['email']; $pass = crypt($_REQUEST['pass'],$email); Login($email,$pass); } else { } } ?> Can anyone see why it works on everything but getting the person logged in? Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/ Share on other sites More sharing options...
BlueSkyIS Posted January 26, 2011 Share Posted January 26, 2011 i would first remove every @ in the code. then i would add this at the top of the primary scripts: error_reporting(E_ALL); ini_set("display_errors", -1); then fix the notices and warnings until there are none. Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1165493 Share on other sites More sharing options...
BelovedDoll Posted January 26, 2011 Author Share Posted January 26, 2011 One of the errors is that it`s complaining about sess_name not being defined, but it is defined in auth.php: <?php $_SESSION['sess_name'] = $rows[2]; ?> Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1165510 Share on other sites More sharing options...
BelovedDoll Posted January 26, 2011 Author Share Posted January 26, 2011 Still need help. Been fighting with this for 2 days now and it`s holding things up. Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1165685 Share on other sites More sharing options...
Pikachu2000 Posted January 26, 2011 Share Posted January 26, 2011 What is the actual error that is returned? Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1165695 Share on other sites More sharing options...
BelovedDoll Posted January 26, 2011 Author Share Posted January 26, 2011 Notice: Undefined index: sess_name in /home1/pesterad/public_html/header.php on line 10 Which is: $loggeduser=$_SESSION['sess_name']; In which was defined in auth.php: if ($res=mysql_query("SELECT id, memlev, email, name FROM user_data WHERE email='$email' AND pwd2='$pass'")) { if ($rows=mysql_fetch_row($res)) { $_SESSION['sess_name'] = $email; $_SESSION['pass'] = $pass; $_SESSION['gal'] = $rows[0]; $_SESSION['level2'] = $rows[1]; $_SESSION['email'] = $rows[2]; $_SESSION['name'] = $rows[3]; $_SESSION['magic'] = SESSION_MAGIC; $nmsg = CountMessages($rows[0]); $ok=true; } else { include('login_failed.php'); } mysql_free_result($res); } Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1165699 Share on other sites More sharing options...
Pikachu2000 Posted January 26, 2011 Share Posted January 26, 2011 You haven't posted the header.php file. Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1165701 Share on other sites More sharing options...
BelovedDoll Posted January 26, 2011 Author Share Posted January 26, 2011 header.php <?php include "info_con.php"; include "auth.php"; include "functions.php"; echo "<title>$title</title>"; $lev=isset($_SESSION['level2'])?$_SESSION['level2']:0; $logged=isset($_SESSION['gal'])?$_SESSION['gal']:0; $loggeduser=$_SESSION['sess_name']; $nmsg = 0; $rows = isset($_SESSION['rows'])?$_SESSION['rows']:array(); $email = isset($_SESSION['email'])?$_SESSION['email']:''; echo "<img src='logo.jpg'>"; echo "<p>"; ?> Some of the stuff in header.php were in functions.php but then I moved them to header.php. I did away with file_calls.php and moved it`s content to header.php. Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1165702 Share on other sites More sharing options...
BlueSkyIS Posted January 26, 2011 Share Posted January 26, 2011 are you sure this line is reached before you reference $_SESSION['sess_name'], and have you checked the value of $rows[2]? $_SESSION['sess_name'] = $rows[2]; Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1165732 Share on other sites More sharing options...
BelovedDoll Posted January 27, 2011 Author Share Posted January 27, 2011 I have all of my code posted in the first post. I can`t get anything about the logged in user to show up since the page is not even allowing the user to be logged in. Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1165737 Share on other sites More sharing options...
BelovedDoll Posted January 27, 2011 Author Share Posted January 27, 2011 Hmm, I guess no one can figure out this hard puzzle either? Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1165960 Share on other sites More sharing options...
BlueSkyIS Posted January 27, 2011 Share Posted January 27, 2011 are you sure this line is reached before you reference $_SESSION['sess_name'], and have you checked the value of $rows[2]? $_SESSION['sess_name'] = $rows[2]; Did you add echo's after the condition to see if it is ever reached? Debugging is tedious, not magical. Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1166004 Share on other sites More sharing options...
BelovedDoll Posted January 27, 2011 Author Share Posted January 27, 2011 I`ve already said that it didn`t return anything. I also ran a bunch of echos on each and every little step with the actual login process and it was returning things just fine and verified information in the database just fine. But it just won`t have the person logged in. logging.php <?php // June 19 2009 require_once "header.php"; session_start(); $Title = "PET: Logging In"; echo "<title>$Title</title>"; echo "$Title"; echo "<p>"; $log = $_POST['log']; $pass = $_POST['pass']; $id = $_SESSION['gal']; $entry_date = strftime("%B\ %e\,\ %Y %I:%M:%S %p", time()); $res = mysql_query("SELECT id, memlev FROM user_data WHERE id='$id'"); $by = mysql_fetch_row($res); mysql_free_result($res); $res = mysql_query("SELECT id, memlev, pwd1, pwd2, name, email FROM user_data WHERE email='$log'"); $by2 = mysql_fetch_row($res); mysql_free_result($res); echo "$log <br>$pass <br>$entry_date"; echo "<p>"; echo "$by2[0] || $by2[1] || $by2[2] || $by2[3] || $by2[4] || $by2[5]"; $log2 = $by2[5]; $pass2 = $by2[2]; if ($log && $pass) { echo "<p>Part 1 Done"; if ($by2[0]) { echo "<p>Part 2 Done"; if ($by2[1] == 2) { echo "<p>Part 3 Done"; $passwd = crypt($_REQUEST['pass'],$by2[4]); echo "<br>$passwd || $pass2"; echo "<p>"; if ($passwd == $pass2) { mysql_query("UPDATE user_data SET lastlogin='$entry_date' WHERE id='$id'"); mysql_close($con); echo "$log <br>$pass <br>$entry_date"; echo "<p>You are logged in! <a href='index.php'>Main Page</a>."; } elseif ($passwd != $pass2) { echo "Error with password."; } } elseif ($by2[1] == 0) { echo "Error: Your application has not been accepted."; } } elseif (!$by2[0]) { echo "Error User doesnt exist."; } } else { echo "<span class='emph'>Error:</span> Both username and password must be entered in order to log in."; echo "<p>"; include "log.php"; } ?> Every bit of that is working perfectly. What isn`t working is when we go to any pages, the person is not logged in. Here are the other pages again: header.php <?php include "info_con.php"; include "auth2.php"; include "designpoints.php"; include "parsecomment.php"; ?> <META NAME="keywords" CONTENT=""> <META NAME="description" CONTENT=""> <body onLoad="if (self != top) top.location = self.location"> <link REL="SHORTCUT ICON" HREF="favicon.ico"> <?php echo "<a href='index.php'><img src='logo.jpg' border=0></a>"; echo "<br>"; include "log.php"; if ($lev < 1) { echo "<br><br><br>"; } $log = isset($_SESSION['sess_name'])?$_SESSION['sess_name']:''; $pass = isset($_SESSION['pass'])?$_SESSION['pass']:''; $nmsg = 0; $rows = isset($_SESSION['rows'])?$_SESSION['rows']:array(); $logid = isset($_SESSION['gal'])?$_SESSION['gal']:''; /* ========================================================================== */ function ShowLoggedInBar() { global $log,$pass,$nmsg,$rows,$logid; $nmes=""; if($nmsg){ $nmes="($nmsg New)"; } $res = mysql_query("SELECT name FROM user_data WHERE id='$logged'"); $loggeduser = mysql_fetch_row($res); mysql_free_result($res); $url = $_SERVER['SERVER_NAME']; echo "<p>"; echo "<b><a href='trancer.php?g=$logid'>$log</a></b>"; echo "<br><br>"; echo "<font size=2><a href='logout.php?logout=1'>Logout</a></font>"; } /* check if we are logging out */ if (isset($_REQUEST['logout'])) { Logout(); } /* check if already logged in */ if (isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)) { ShowLoggedInBar(); } else { /* not logged in, is it a form post? */ if (isset($_REQUEST['log']) && isset($_REQUEST['pass'])) { $log = $_REQUEST['log']; $pass = crypt($_REQUEST['pass'],$log); Login($log,$pass); } else { } } ?> designpoints.php <?php include("info_con.php"); $lev=isset($_SESSION['level2'])?$_SESSION['level2']:0; $logged=isset($_SESSION['gal'])?$_SESSION['gal']:0; $loggeduser=$_SESSION['sess_name']; ?> auth2.php <?php // Defines DEFINE('SESSION_MAGIC','sadhjasklsad2342'); // Initialization @session_start(); @ob_start(); /* Redirects to another page */ function Redirect($to) { @session_write_close(); @ob_end_clean(); @header("Location: $to"); } /* Deletes existing session */ function RemoveSession() { $_SESSION = array(); if (isset($_COOKIE[session_name()])) { @setcookie(session_name(), '', time()+(60*60*24*365), '/'); } } /* Checks if user is logged in */ function isLoggedIn() { return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)); } /* read message count */ function CountMessages($id) { if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1")) { $count=mysql_num_rows($res); mysql_free_result($res); return($count); } return 0; } /* Go login go! */ function Login($username,$password) { global $nmsg, $rows; $ok=false; if ($res=mysql_query("SELECT id, memlev, email, name FROM user_data WHERE email='$username' AND pwd1='$password'")) { if ($rows=mysql_fetch_row($res)) { $_SESSION['sess_name'] = $username; $_SESSION['pass'] = $password; $_SESSION['gal'] = $rows[0]; $_SESSION['level2'] = $rows[1]; $_SESSION['magic'] = SESSION_MAGIC; $nmsg = CountMessages($rows[0]); $ok=true; } else { } mysql_free_result($res); } return($ok); } /* Terminates an existing session */ function Logout() { @RemoveSession(); @session_destroy(); } /* Escape array using mysql */ function Escape(&$arr) { if (Count($arr)>0) { foreach($arr as $k => $v) { if (is_array($v)) { Escape($arr[$k]); } else { if (function_exists('get_magic_quotes')) { if(!get_magic_quotes_gpc()) { $arr[$k] = stripslashes($v); } } $arr[$k] = mysql_real_escape_string($v); } } } } // ----------------------------------------------- // Main // ----------------------------------------------- Escape($_POST); Escape($_GET); Escape($_COOKIE); Escape($_REQUEST); Escape($_GLOBALS); Escape($_SERVER); ?> These are all files I have used on many other website projects and they work perfectly. The only thing I changed are names of tables and fields to match what`s being used for this current project and yet it doesn`t work. This is very frustrating. This work -has- to get done for work and this is day 3 of trying to get this simple function to work. Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1166021 Share on other sites More sharing options...
BlueSkyIS Posted January 27, 2011 Share Posted January 27, 2011 I`ve already said that it didn`t return anything. Sorry, I don't see a reply to my post about echoing values to see if they are set. I don't know what you mean by "I`ve already said that it didn`t return anything." i see you also ignored my suggestion to remove @ and add error_reporting. I won't bother you any more. Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1166024 Share on other sites More sharing options...
BelovedDoll Posted January 27, 2011 Author Share Posted January 27, 2011 I did remove the @ but it did not make a difference in how the code was functioning so I put them back in. Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1166028 Share on other sites More sharing options...
phpSensei Posted January 27, 2011 Share Posted January 27, 2011 Why do you have so many useless includes? It seems like your are just making things more complicated, just trying to figure things out for your makes my head spin, some pages dont even have the session_start() properly. auth1.php auth2.php login_form.php I dont see the point of this. Reorganized your code. Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1166032 Share on other sites More sharing options...
BelovedDoll Posted January 27, 2011 Author Share Posted January 27, 2011 I apologize for not clarifying myself. auth.php was replaced with auth2.php, so auth.php is no longer in the workings of the code, there is only auth2.php. login_form.php is the form for logging in. It is used in a few different pages and I felt it easier to have one file to edit when I want/need to make changes to the login form instead of having to try to remember which files have the form and update multiple files. That`s what a lot of these file calls are, calling on a file that has information in it that will be used on multiple pages and I just want to update only one file when changes are made. Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1166037 Share on other sites More sharing options...
phpSensei Posted January 29, 2011 Share Posted January 29, 2011 I apologize for not clarifying myself. auth.php was replaced with auth2.php, so auth.php is no longer in the workings of the code, there is only auth2.php. login_form.php is the form for logging in. It is used in a few different pages and I felt it easier to have one file to edit when I want/need to make changes to the login form instead of having to try to remember which files have the form and update multiple files. That`s what a lot of these file calls are, calling on a file that has information in it that will be used on multiple pages and I just want to update only one file when changes are made. Ah that makes more sense. Alright, Output every variable that is being used in a IF/ELSE condition, see if the variables are passing the validation, then MAKE SURE EVERYPAGE where a session is called upon you have session_start(); before any HTML ... just put it at the first line of your page, easier this way. Reorganize your coding, add comments and proper indents so seperate the functions/operations performed in the script... Debug every way possible, and if you still have trouble come back herer <3 Link to comment https://forums.phpfreaks.com/topic/225737-log-in-trouble/#findComment-1167106 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.