Login Form - Ghosts?

[The Letter E]

I must be losing my marbles on this one:

 

I have a standard login form that queries my MySQL database for user info, but the problem doesn't even get that far.

 

Here's the form:

<div id="login_form">
<form action="access/" method="post">
<input type="text" name="username" class="username" /><br>
<input type="password" name="password" class="password" /><br>
<input type="submit" class="submit" value="">
</form>
</div>

 

Then the backend:

<?php
    echo '<pre>';
    print_r($_POST);
    echo '</pre>';

    //The rest of the validation is beyond here...
?>

 

Lets say in the db I have username = 'test' and password = 'test1234', when I enter the correct username and password the POST array displays blank:

array
(
)

 

So then, I enter another entry, lets say I enter username = 'test' and password = 'test2468', but the mysql stays the same:

I get this:

array(
    [username] => test
    [password] => test2468
}

 

So then, because at this point i'm 98% sure i've lost my mind I go in and change the password in the DB to match the new entry.

So now mysql db says username = 'test' and password = 'test2468'

I try using that info again and voila:

array
(
)

 

Has anyone run into something similar to this, the info is not interacting with the database in any way at this point, yet it seems to be affecting it.

 

Thanks for any help you can offer, and for not thinking i'm crazy

 

E

[spiderwell]

whats the full code of the page you post to at action="access/"

[dawsba]

your forgetting enctype="multipart/form-data" in your form html

[spiderwell]

i thought that was only necessary with file uploads in a form

[PFMaBiSmAd]

enctype="multipart/form-data" is only used when you have a type='file' upload field in the form.

[The Letter E]

whats the full code of the page you post to at action="access/"

echo '<pre>';
print_r($_POST);
echo '</pre><br><br>';

//include class library
include('../php.lib/classes.php');

//instanciate the SQL handler class
$Esql = new Esql;

//set mysql resources
$host = 'hidden from phpfreaks';
$user = 'hidden from phpfreaks';
$pass = 'hidden from phpfreaks';
$db = 'hidden from phpfreaks';

//Try to connect to MySQL
try{
	@$Esql->connect($host, $user, $pass, $db);
}catch(Exception $e){
	echo $e->getMessage();
}

//Check if user is already logged in
if(!(isset($_SESSION['myusername']) && isset($_SESSION['mypassword']))){
	//if not, validate username and password
	//set username to var and secure
	$myusername = mysql_real_escape_string(stripslashes($_POST['username']));
	//set password to var and secure +hash
	$mypassword = mysql_real_escape_string(stripslashes($_POST['password']));
	//Check DB for Result
	$sql = "SELECT * FROM users WHERE username = '".$myusername."' AND password = '".$mypassword."'";
	$result = mysql_query($sql);
	$num = mysql_num_rows($result);

	echo $sql;
	if($num == 1){
		// Register $myusername, $mypassword and redirect to file "login_success.php"
		session_register("myusername");
		session_register("mypassword");
		header("Location: index.php");
	}
	else {
		echo "Wrong Username or Password<br>";
		echo $myusername.'<br>';
		echo $mypassword.'<br>';
		echo $num;
	}
}else{
	//User area template goes here...
}

 

In case you are wondering, yes, the SQL handler class definitely connects successfully. The rest is standard.

[PFMaBiSmAd]

The page you are redirecting to upon a successful login is probably redirecting back to the code you have posted and shows an empty $_POST array at that time. Your server likely has output_buffering turned on, which allows the header() redirect to 'work' but is discarding the the output form the print_r() statement when the redirect takes place.

 

Temporarily comment out the header() redirect in the code you have posted so that you can see what is happening when your form submits to it.

 

If output_buffering is on, you should turn it off so you can really tell what your code is doing.

[The Letter E]

The page you are redirecting to upon a successful login is probably redirecting back to the code you have posted and shows an empty $_POST array at that time. Your server likely has output_buffering turned on, which allows the header() redirect to 'work' but is discarding the the output form the print_r() statement when the redirect takes place.

 

Temporarily comment out the header() redirect in the code you have posted so that you can see what is happening when your form submits to it.

 

If output_buffering is on, you should turn it off so you can really tell what your code is doing.

 

That's exactly what it was! You are a gentleman and a scholar.

 

Thank You,

 

E

[PFMaBiSmAd]

session_register() was depreciated nearly 9 years ago. You should be setting and testing $_SESSION variables. You also need a session_start() statement before any output is sent to the browser, which is likely why the page you are redirecting to is not seeing someone as being logged in.

[spiderwell]

so no ghosts in the machine after all, shame