DeeAy Posted February 16, 2011 Share Posted February 16, 2011 Hi all, Sorry to be a pain, but I've been out of the php game for quite a few years and have just come back to it briefly to help someone out. I've been using an old admin auth script that I used to use a long time ago but it's not working, and I can't for the life of me work it out :/ I apologise for the noobishness of the code, but as I said, it's been a long time. Any and all help would be very greatly appreciated. Here is the code: <? require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'"); $data = @mysql_fetch_array($req); $member_name = $data["username"]; $member_pass = $data["mempass"]; $member_userlevel = $data["level"]; if($member_pass == $admin_pass) { SetCookie("mgdwebby","$member_name:$member_pass:$member_userlevel"); } include("header.php"); ?> <? if($action=="login") { if($admin_login==""){ echo"Wrong info. "; } elseif($admin_pass==""){ echo"Wrong info. "; } else{ require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login'"); $data = @mysql_fetch_array($req); $member_name = $data["username"]; $member_pass = $data["mempass"]; if($member_pass == $admin_pass) { echo"<head><meta http-equiv=\"refresh\" content=\"2;URL=admin.php\"></head><br><center>Please Wait.</center><br>"; $auth = explode(":",$HTTP_COOKIE_VARS["mgdwebby"]); if(empty($auth[0]) || empty($auth[1])) { } else { echo"Welcome<br>"; include("admin_left.php"); } } else { echo"Wrong info. "; } } } else { echo"<form method='post' action='?action=login'> <table width='307' align='center' cellspacing='0' cellpading='0' border='0'> <tr> <td width='200'> Login : </td> <td> <input type='text' name='admin_login'></td> </tr> <tr> <td width='200'> Password : </td> <td> <input type='password' name='admin_pass'></td> </tr> <tr> <td colspan='2' align='center'><center><input type='submit' value='Login'></center></td> </table> "; } ?> <? include("footer.php"); ?> Quote Link to comment Share on other sites More sharing options...
litebearer Posted February 16, 2011 Share Posted February 16, 2011 username and password should simply be normal usage - ig login password and username = database info they are logged in - LEVELL should be the determining factor ie 1 = normal user, 2 = admin then store into a session variable. --- user can view, add, edit --- admin can view, add, edit, delete, change user status etc etc Quote Link to comment Share on other sites More sharing options...
DeeAy Posted February 16, 2011 Author Share Posted February 16, 2011 The problem that i've got is that when attempting to log in with a correct user id and password, the input fields are cleared, the address updates to include "?action=login" at the end (e.g. admin/?action=login) but what should happen is that the page should refresh and redirect to the admin.php page using the login credentials (username, password and level) for the logged in user where they are presented with the options that their level gives them access to. It's as if the page refresh isn't working, or the cookie isn't being created with the credentials. Unfortunately i'm not certain about what exactly is wrong, which is why i'm here really The same script (with a different cookie name) and the same database entries worked for me a few years ago, but for some reason now they're not, and I haven't got a clue why :/ Quote Link to comment Share on other sites More sharing options...
litebearer Posted February 16, 2011 Share Posted February 16, 2011 Un-tested, un-proofe-read; however, I think you will get the drift... <? session_start(); if(isset($_POST['admin_pass']) AND isset($_POST['admin_login'])){ $admin_pass = trim($_POST['admin_pass']); $admin_login = trim($_POST['admin_login']); if($admin_pass != "" AND $admin_login != "") { require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login' AND mempass = '$admin_pass'"); if(mysql_num_rows>0){ $data = mysql_fetch_array($req); $_SESSION[member_name] = $data['username']; $_SESSION[member_pass] = $data['mempass']; $_SESSION[member_userlevel] = $data['level']; /* redirect to whatever page */ exit(); }else{ unset($_POST['admin_pass']); unset($_POST['admin_login']); /* redirect to self */ exit(); } }else{ unset($_POST['admin_pass']); unset($_POST['admin_login']); /* redirect to self */ exit(); } }else{ include("header.php"); ?> <form method='post' action=''> <table width="307" align="center" cellspacing="0" cellpading="0" border="0"> <tr> <td width="200"> Login : </td> <td> <input type="text" name="admin_login"></td> </tr> <tr> <td width="200"> Password : </td> <td> <input type="password" name="admin_pass"></td> </tr> <tr> <td colspan="2" align="center"><input type="submit" value="Login"></td> </tr> </table> <?PHP include("footer.php"); } ?> Quote Link to comment Share on other sites More sharing options...
DeeAy Posted February 16, 2011 Author Share Posted February 16, 2011 Thanks for that. I've given it a go but not had any joy with it. I'm starting to think that i've really been out of the game for too long and should stop offering to help people out haha. I "think" the issue with my originally posted script could be that the cookie isn't being created. I'm not sure why I can't utilise what you've posted, probably stupidity on my part. I think that this is going to result in a lot of banging my head against the wall :/ Quote Link to comment Share on other sites More sharing options...
litebearer Posted February 17, 2011 Share Posted February 17, 2011 When you tried it, what error messages (if any ) did you get? Quote Link to comment Share on other sites More sharing options...
DeeAy Posted February 17, 2011 Author Share Posted February 17, 2011 After entering a valid username and password then clicking on the login button, the page just went all white. No error message or anything. Quote Link to comment Share on other sites More sharing options...
litebearer Posted February 17, 2011 Share Posted February 17, 2011 Silly question I know, but... You DID make the changeS where it says /* Redirect ... */ Quote Link to comment Share on other sites More sharing options...
DeeAy Posted February 17, 2011 Author Share Posted February 17, 2011 Yeah, however, I'm not entirely certain that I did it the right way :/ Quote Link to comment Share on other sites More sharing options...
litebearer Posted February 17, 2011 Share Posted February 17, 2011 post your most recent code Quote Link to comment Share on other sites More sharing options...
DeeAy Posted February 17, 2011 Author Share Posted February 17, 2011 <? session_start(); if(isset($_POST['admin_pass']) AND isset($_POST['admin_login'])){ $admin_pass = trim($_POST['admin_pass']); $admin_login = trim($_POST['admin_login']); if($admin_pass != "" AND $admin_login != "") { require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login' AND mempass='$admin_pass'"); if(mysql_num_rows>0){ $data = mysql_fetch_array($req); $_SESSION[member_name] = $data['username']; $_SESSION[member_pass] = $data['mempass']; $_SESSION[member_userlevel] = $data['level']; $URL = "admin.php"; header ("Location: $URL"); exit(); }else{ unset($_POST['admin_pass']); unset($_POST['admin_login']); $URL="index2.php"; header ("Location: $URL"); exit(); } }else{ unset($_POST['admin_pass']); unset($_POST['admin_login']); $URL="index2.php"; header ("Location: $URL"); exit(); } }else{ include("header.php"); ?> <form method='post' action=''> <table width="307" align="center" cellspacing="0" cellpading="0" border="0"> <tr> <td width="200"> Login : </td> <td> <input type="text" name="admin_login"></td> </tr> <tr> <td width="200"> Password : </td> <td> <input type="password" name="admin_pass"></td> </tr> <tr> <td colspan="2" align="center"><input type="submit" value="Login"></td> </tr> </table> <?PHP include("footer.php"); } ?> Quote Link to comment Share on other sites More sharing options...
litebearer Posted February 17, 2011 Share Posted February 17, 2011 My personal way of testing ... <? session_start(); if(isset($_POST['admin_pass']) AND isset($_POST['admin_login'])){ $admin_pass = trim($_POST['admin_pass']); $admin_login = trim($_POST['admin_login']); if($admin_pass != "" AND $admin_login != "") { require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login' AND mempass='$admin_pass'"); if(mysql_num_rows>0){ $data = mysql_fetch_array($req); $_SESSION[member_name] = $data['username']; $_SESSION[member_pass] = $data['mempass']; $_SESSION[member_userlevel] = $data['level']; $URL = "admin.php"; /* ADDED THESE LINE TO TEST */ echo "Here 1"; exit(); header ("Location: $URL"); exit(); }else{ unset($_POST['admin_pass']); unset($_POST['admin_login']); $URL="index2.php"; /* ADDED THESE LINE TO TEST */ echo "Here 2"; exit(); header ("Location: $URL"); exit(); } }else{ unset($_POST['admin_pass']); unset($_POST['admin_login']); $URL="index2.php"; header ("Location: $URL"); exit(); } }else{ include("header.php"); ?> <form method='post' action=''> <table width="307" align="center" cellspacing="0" cellpading="0" border="0"> <tr> <td width="200"> Login : </td> <td> <input type="text" name="admin_login"></td> </tr> <tr> <td width="200"> Password : </td> <td> <input type="password" name="admin_pass"></td> </tr> <tr> <td colspan="2" align="center"><input type="submit" value="Login"></td> </tr> </table> <?PHP include("footer.php"); } ?> Quote Link to comment Share on other sites More sharing options...
DeeAy Posted February 17, 2011 Author Share Posted February 17, 2011 Hey, sorry for the late reply. I've used the new version of your code with the comments in now and even though i'm using a valid username and password it's displaying the white page with "Here 2" on it :/ Quote Link to comment Share on other sites More sharing options...
litebearer Posted February 17, 2011 Share Posted February 17, 2011 We'll solve this yet! New test... <? session_start(); if(isset($_POST['admin_pass']) AND isset($_POST['admin_login'])){ $admin_pass = trim($_POST['admin_pass']); $admin_login = trim($_POST['admin_login']); if($admin_pass != "" AND $admin_login != "") { require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); /* added the following test */ $query = "SELECT * FROM members"; $result = mysql_query($query); while($row=mysql_fetch_array($result)) { echo $admin_pass . " - " . $admin_login . " x " $row['mempass'] . " - " . $row['username'] . "<br/>"; } echo "the password is " . $admin_pass; exit(); /* end of this test */ $req = mysql_query("SELECT username,mempass,level FROM members WHERE username='$admin_login' AND mempass='$admin_pass'"); if(mysql_num_rows>0){ $data = mysql_fetch_array($req); $_SESSION[member_name] = $data['username']; $_SESSION[member_pass] = $data['mempass']; $_SESSION[member_userlevel] = $data['level']; $URL = "admin.php"; /* ADDED THESE LINE TO TEST */ echo "Here 1"; exit(); header ("Location: $URL"); exit(); }else{ unset($_POST['admin_pass']); unset($_POST['admin_login']); $URL="index2.php"; header ("Location: $URL"); exit(); } }else{ unset($_POST['admin_pass']); unset($_POST['admin_login']); $URL="index2.php"; header ("Location: $URL"); exit(); } }else{ include("header.php"); ?> <form method='post' action=''> <table width="307" align="center" cellspacing="0" cellpading="0" border="0"> <tr> <td width="200"> Login : </td> <td> <input type="text" name="admin_login"></td> </tr> <tr> <td width="200"> Password : </td> <td> <input type="password" name="admin_pass"></td> </tr> <tr> <td colspan="2" align="center"><input type="submit" value="Login"></td> </tr> </table> <?PHP include("footer.php"); } ?> Quote Link to comment Share on other sites More sharing options...
DeeAy Posted February 17, 2011 Author Share Posted February 17, 2011 Hehe Here's what i'm getting now: Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';' in index.php on line 15 :/ Quote Link to comment Share on other sites More sharing options...
litebearer Posted February 17, 2011 Share Posted February 17, 2011 perhaps my typo - let me check Quote Link to comment Share on other sites More sharing options...
litebearer Posted February 17, 2011 Share Posted February 17, 2011 Yep, I missed a . in the echo line echo $admin_pass . " - " . $admin_login . " x " . $row['mempass'] . " - " . $row['username'] . "<br/>"; Quote Link to comment Share on other sites More sharing options...
DeeAy Posted February 17, 2011 Author Share Posted February 17, 2011 Okie dokie, here's the output: testpass1 - testname1 x testpass1 - testname1 testpass1 - testname1 x testpass2 - testname2 the password is testpass1 I have 2 test accounts in the database at the mo. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 17, 2011 Share Posted February 17, 2011 It's on this line: echo $admin_pass . " - " . $admin_login . " x " $row['mempass'] . " - " . $row['username'] . "<br/>";, you're missing a concatenation operator, but you really don't need to be using all that concatenation. You can just echo it in double quotes like so. echo "$admin_pass - $admin_login x {$row['mempass']} - {$row['username']}<br/>"; Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted February 17, 2011 Share Posted February 17, 2011 Concatenation of php variables usually results in typos and resulting syntax errors. Much simpler to just put the php variables inside of a double-quoted string - echo "$admin_pass - $admin_login x {$row['mempass']} - {$row['username']}<br />"; Quote Link to comment Share on other sites More sharing options...
litebearer Posted February 18, 2011 Share Posted February 18, 2011 Modified the test portion... EDITED /* added the following test */ $query = "SELECT * FROM members"; $result = mysql_query($query); while($row=mysql_fetch_array($result)) { if($admin_pass == $row['mempass']) { echo "Passwords match"; } } exit(); /* end of this test */ Quote Link to comment Share on other sites More sharing options...
DeeAy Posted February 18, 2011 Author Share Posted February 18, 2011 Oki, got the "Passwords match" output now. Quote Link to comment Share on other sites More sharing options...
litebearer Posted February 18, 2011 Share Posted February 18, 2011 Grrrrrrrrrrrr Need to eat more carrots!!! Think I found it... <? session_start(); if(isset($_POST['admin_pass']) AND isset($_POST['admin_login'])){ $admin_pass = trim($_POST['admin_pass']); $admin_login = trim($_POST['admin_login']); if($admin_pass != "" AND $admin_login != "") { require("config.php"); mysql_connect($server,$login,$password) or die('Error connecting to server'); mysql_select_db($base) or die('Error connecting to database'); $query = SELECT username,mempass,level FROM members WHERE username='$admin_login' AND mempass='$admin_pass'"; $req = mysql_query($query); if(mysql_num_rows($req) > 0){ $data = mysql_fetch_array($req); $_SESSION[member_name] = $data['username']; $_SESSION[member_pass] = $data['mempass']; $_SESSION[member_userlevel] = $data['level']; $URL = "admin.php"; /* ADDED THESE LINE TO TEST */ echo "Here 1"; exit(); header ("Location: $URL"); exit(); }else{ unset($_POST['admin_pass']); unset($_POST['admin_login']); $URL="index2.php"; header ("Location: $URL"); exit(); } }else{ unset($_POST['admin_pass']); unset($_POST['admin_login']); $URL="index2.php"; header ("Location: $URL"); exit(); } }else{ include("header.php"); ?> <form method='post' action=''> <table width="307" align="center" cellspacing="0" cellpading="0" border="0"> <tr> <td width="200"> Login : </td> <td> <input type="text" name="admin_login"></td> </tr> <tr> <td width="200"> Password : </td> <td> <input type="password" name="admin_pass"></td> </tr> <tr> <td colspan="2" align="center"><input type="submit" value="Login"></td> </tr> </table> <?PHP include("footer.php"); } ?> Quote Link to comment Share on other sites More sharing options...
DeeAy Posted February 18, 2011 Author Share Posted February 18, 2011 Parse error: syntax error, unexpected T_STRING in index.php on line 10 Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 18, 2011 Share Posted February 18, 2011 And what do you see wrong with line 10? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.