Jump to content

Login returning blank page

INeedAGig

By INeedAGig
in PHP Coding Help

 Share

Recommended Posts

INeedAGig Member

INeedAGig

Posted
Posted

Hey there, have a small issue at hand. My login script keeps returning a blank page. It does a proper echo if you enter an incorrect username or password, but if you enter correct information is returns only a blank page. Here is the code from the php file that checks and processes the username and password the user enters in the form on the login page.

 


<?php

$host="removed_for_this_post"; // Host name 
$username="removed_for_this_post"; // Database Username 
$password="removed_for_this_post"; // Database password
$db_name="removed_for_this_post"; // Database Name 
$tbl_name="access"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("ALERT! Unable to connect to database!"); 
mysql_select_db("$db_name")or die("ALERT! Unable to select database!");

// Username and password sent from form 
$username=$_POST['username']; 
$pass=$_POST['pass'];

// To protect against MySQL injection
$username = stripslashes($username);
$pass = stripslashes($pass);
$username = mysql_real_escape_string($username);
$pass = mysql_real_escape_string($pass);

$query="SELECT * FROM $tbl_name WHERE username='$username' and password='$pass'";
$result=mysql_query($query);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

if($count==1){
// Register $username, $pass and redirect to main database page
session_register("username");
session_register("pass"); 
header("location: main_interface.php");
}
else {
echo "Wrong Username or Password, please check check your credentials.";
}
?>

 

Thank you in advance for your assistance! :)

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Your header() redirect is probably failing due to your script outputting some blank lines at the start of your file before the <?php tag.

 

Are you developing and debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON so that all the php detected errors will be reported and displayed? You will save a TON of time.

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Also, session_register() was depreciated almost 9 years ago and won't work on a majority of php installations today and is going to be removed in the next major php version release.

 

You should be setting and referencing $_SESSION variables and you will need a session_start() statement in your code before you output anything to the browser.

Link to comment
Share on other sites
INeedAGig Member

INeedAGig

Posted
  • Author
Posted

Okay, I went ahead and completely changed the coding for the login, but it is still returning a blank page. I have attached code for reference.

 

Login Page

<?php
session_start();
  // dBase file
include "dbConfig.php";

if ($_GET["op"] == "login")
  {
  if (!$_POST["username"] || !$_POST["password"])
  	{
  	die("Incorrect Username or Password, please check your credentials!");
  	}
  
  // Create query
  $q = "SELECT * FROM `access` "
  	."WHERE `username`='".$_POST["username"]."' "
  	."AND `password`=PASSWORD('".$_POST["password"]."') "
  	."LIMIT 1";
  // Run query
  $r = mysql_query($q);

  if ( $obj = @mysql_fetch_object($r) )
  	{
  	// Login successful, create session variables
  	$_SESSION["valid_id"] = $obj->id;
  	$_SESSION["valid_user"] = $_POST["username"];
  	$_SESSION["valid_time"] = time();

  	// Redirect to main database page
  	Header("Location: main_interface.php");
  	}
  else
  	{
  	// Login not successful
  	die("Unable to login, please verify your information.");
  	}
  }
else
  {
//If all went right the web form appears and users can log in
  echo "<form action=\"?op=login\" method=\"POST\">";
  echo "Username: <input name=\"username\" size=\"15\"><br />";
  echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
  echo "<input type=\"submit\" value=\"Login\">";
  echo "</form>";
  }
?>

 

This is the first code on 'main_interface.php'

session_start();
if (!$_SESSION["valid_user"])
{
// User not logged in, redirect to login page
header("Location: interface_login.php");
}

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Your main_interface.php code is NOT secure because if someone ignores the header() redirect, they can access your 'protected' pages the same as if that code wasn't even there.

 

You need an exit; statement after the header(); statement to prevent the remainder of the code on the page from running.

 

 

Link to comment
Share on other sites
chris.smith Newbie

chris.smith

Posted
Posted

Okay, I went ahead and completely changed the coding for the login, but it is still returning a blank page. I have attached code for reference.

 

Login Page

<?php
session_start();
  // dBase file
include "dbConfig.php";

if ($_GET["op"] == "login")
  {
  if (!$_POST["username"] || !$_POST["password"])
  	{
  	die("Incorrect Username or Password, please check your credentials!");
  	}
  
  // Create query
  $q = "SELECT * FROM `access` "
  	."WHERE `username`='".$_POST["username"]."' "
  	."AND `password`=PASSWORD('".$_POST["password"]."') "
  	."LIMIT 1";
  // Run query
  $r = mysql_query($q);

  if ( $obj = @mysql_fetch_object($r) )
  	{
  	// Login successful, create session variables
  	$_SESSION["valid_id"] = $obj->id;
  	$_SESSION["valid_user"] = $_POST["username"];
  	$_SESSION["valid_time"] = time();

  	// Redirect to main database page
  	Header("Location: main_interface.php");
  	}
  else
  	{
  	// Login not successful
  	die("Unable to login, please verify your information.");
  	}
  }
else
  {
//If all went right the web form appears and users can log in
  echo "<form action=\"?op=login\" method=\"POST\">";
  echo "Username: <input name=\"username\" size=\"15\"><br />";
  echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
  echo "<input type=\"submit\" value=\"Login\">";
  echo "</form>";
  }
?>

 

This is the first code on 'main_interface.php'

session_start();
if (!$_SESSION["valid_user"])
{
// User not logged in, redirect to login page
header("Location: interface_login.php");
}

 

Try this code:

 

<?php
session_start();
require_once('dbConfig.php');

if($_GET['op'] == 'login') {
if (!empty($_POST["username"]) || !empty($_POST["password"])) {
	die("Incorrect Username or Password, please check your credentials!");
  	} else {
	if(get_magic_quotes_gpc()) {
		$_POST['username'] = stripslashes($_POST['username']);
		$_POST['password'] = stripslashes($_POST['password']);
	}

	$q = "SELECT * FROM `access` WHERE `username`='" . mysql_real_escape_string($_POST["username"]) . "' AND `password`=PASSWORD('" . mysql_real_escape_string($_POST["password"]) . "') LIMIT 1;";
	$r = mysql_query($q);
	$num = mysql_num_rows($r);

	if($num == 0) {
		die("Incorrect Username or Password, please check your credentials!");
	} else {
		$row = mysql_fetch_row($r);
		$_SESSION["valid_id"] = $row[0];
		$_SESSION["valid_user"] = $_POST["username"];
		$_SESSION["valid_time"] = time();
		Header("Location: main_interface.php");
	}
}
} else {
  echo "<form action=\"?op=login\" method=\"POST\">";
  echo "Username: <input name=\"username\" size=\"15\"><br />";
  echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
  echo "<input type=\"submit\" value=\"Login\">";
  echo "</form>";
}
?>

 

Cheers!

Link to comment
Share on other sites
chris.smith Newbie

chris.smith

Posted
Posted

Chris, thank you for the reply! I went ahead and made the suggested changes but now it is echoing that I entered incorrect login information, even though it is correct....    :shrug:

 

My fault sorry.

Change:

!empty($_POST["username"]) || !empty($_POST["password"])

 

To:

empty($_POST["username"]) || empty($_POST["password"])

 

Cheers

Link to comment
Share on other sites
chris.smith Newbie

chris.smith

Posted
Posted

Hmmmm...still echoing incorrect login credentials...

 

Sorry didn't get a chance to debug the code. I'm guessing that this should solve the problem.

Use this code:

<?php
session_start();
require_once('dbConfig.php');

if($_GET['op'] == 'login') {
if (empty($_POST["username"]) || empty($_POST["password"])) {
	die("Incorrect Username or Password, please check your credentials!");
  	} else {
	if(get_magic_quotes_gpc()) {
		$_POST['username'] = stripslashes($_POST['username']);
		$_POST['password'] = stripslashes($_POST['password']);
	}

	$q = "SELECT * FROM `access` WHERE `username`='" . mysql_real_escape_string($_POST["username"]) . "' AND `password`=PASSWORD('" . $_POST["password"] . "') LIMIT 1;";
	$r = mysql_query($q);
	$num = mysql_num_rows($r);

	if($num == 0) {
		die("Incorrect Username or Password, please check your credentials!");
	} else {
		$row = mysql_fetch_row($r);
		$_SESSION["valid_id"] = $row[0];
		$_SESSION["valid_user"] = $_POST["username"];
		$_SESSION["valid_time"] = time();
		Header("Location: main_interface.php");
	}
}
} else {
  echo "<form action=\"?op=login\" method=\"POST\">";
  echo "Username: <input name=\"username\" size=\"15\"><br />";
  echo "Password: <input type=\"password\" name=\"password\" size=\"8\"><br />";
  echo "<input type=\"submit\" value=\"Login\">";
  echo "</form>";
}
?>

 

Cheers

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted
die("Incorrect Username or Password, please check your credentials!");

 

^^^ The first die() statement actually means that the field(s) were left blank and the code should display that message and then redisplay the form. The message should be corrected.

 

Also, by using die() for the above and using die() when the query does find a matching row, you are preventing the form from being redisplayed so that the user could enter the correct information.

Link to comment
Share on other sites
chris.smith Newbie

chris.smith

Posted
Posted

die("Incorrect Username or Password, please check your credentials!");

 

^^^ The first die() statement actually means that the field(s) were left blank and the code should display that message and then redisplay the form. The message should be corrected.

 

Also, by using die() for the above and using die() when the query does find a matching row, you are preventing the form from being redisplayed so that the user could enter the correct information.

 

Those are true and I guess these are the consequences of writing a script in 20 seconds :P

 

Cheers

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

You can set the error_reporting/display_errors settings in your script. Doing so will show most of the errors, except for fatal parse errors.

 

Also, you should not be trying to learn php, develop php code, or debug php code on a live server because you will waste a TON of your time constantly uploading code just to see the result of each change.

 

You need to set up a local development system on your computer. This will save you countless hours of your time.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.