Jump to content

Login Form - Ghosts?


The Letter E

Recommended Posts

I must be losing my marbles on this one:

 

I have a standard login form that queries my MySQL database for user info, but the problem doesn't even get that far.

 

Here's the form:

<div id="login_form">
<form action="access/" method="post">
<input type="text" name="username" class="username" /><br>
<input type="password" name="password" class="password" /><br>
<input type="submit" class="submit" value="">
</form>
</div>

 

Then the backend:

<?php
    echo '<pre>';
    print_r($_POST);
    echo '</pre>';

    //The rest of the validation is beyond here...
?>

 

Lets say in the db I have username = 'test' and password = 'test1234', when I enter the correct username and password the POST array displays blank:

array
(
)

 

So then, I enter another entry, lets say I enter username = 'test' and password = 'test2468', but the mysql stays the same:

I get this:

array(
    [username] => test
    [password] => test2468
}

 

So then, because at this point i'm 98% sure i've lost my mind I go in and change the password in the DB to match the new entry.

So now mysql db says username = 'test' and password = 'test2468'

I try using that info again and voila:

array
(
)

 

Has anyone run into something similar to this, the info is not interacting with the database in any way at this point, yet it seems to be affecting it.

 

Thanks for any help you can offer, and for not thinking i'm crazy :)

 

E

Link to comment
Share on other sites

whats the full code of the page you post to at action="access/"

echo '<pre>';
print_r($_POST);
echo '</pre><br><br>';

//include class library
include('../php.lib/classes.php');

//instanciate the SQL handler class
$Esql = new Esql;

//set mysql resources
$host = 'hidden from phpfreaks';
$user = 'hidden from phpfreaks';
$pass = 'hidden from phpfreaks';
$db = 'hidden from phpfreaks';

//Try to connect to MySQL
try{
	@$Esql->connect($host, $user, $pass, $db);
}catch(Exception $e){
	echo $e->getMessage();
}

//Check if user is already logged in
if(!(isset($_SESSION['myusername']) && isset($_SESSION['mypassword']))){
	//if not, validate username and password
	//set username to var and secure
	$myusername = mysql_real_escape_string(stripslashes($_POST['username']));
	//set password to var and secure +hash
	$mypassword = mysql_real_escape_string(stripslashes($_POST['password']));
	//Check DB for Result
	$sql = "SELECT * FROM users WHERE username = '".$myusername."' AND password = '".$mypassword."'";
	$result = mysql_query($sql);
	$num = mysql_num_rows($result);

	echo $sql;
	if($num == 1){
		// Register $myusername, $mypassword and redirect to file "login_success.php"
		session_register("myusername");
		session_register("mypassword");
		header("Location: index.php");
	}
	else {
		echo "Wrong Username or Password<br>";
		echo $myusername.'<br>';
		echo $mypassword.'<br>';
		echo $num;
	}
}else{
	//User area template goes here...
}

 

In case you are wondering, yes, the SQL handler class definitely connects successfully. The rest is standard.

Link to comment
Share on other sites

The page you are redirecting to upon a successful login is probably redirecting back to the code you have posted and shows an empty $_POST array at that time. Your server likely has output_buffering turned on, which allows the header() redirect to 'work' but is discarding the the output form the print_r() statement when the redirect takes place.

 

Temporarily comment out the header() redirect in the code you have posted so that you can see what is happening when your form submits to it.

 

If output_buffering is on, you should turn it off so you can really tell what your code is doing.

Link to comment
Share on other sites

The page you are redirecting to upon a successful login is probably redirecting back to the code you have posted and shows an empty $_POST array at that time. Your server likely has output_buffering turned on, which allows the header() redirect to 'work' but is discarding the the output form the print_r() statement when the redirect takes place.

 

Temporarily comment out the header() redirect in the code you have posted so that you can see what is happening when your form submits to it.

 

If output_buffering is on, you should turn it off so you can really tell what your code is doing.

 

That's exactly what it was! You are a gentleman and a scholar.

 

Thank You,

 

E

Link to comment
Share on other sites

session_register() was depreciated nearly 9 years ago. You should be setting and testing $_SESSION variables. You also need a session_start() statement before any output is sent to the browser, which is likely why the page you are redirecting to is not seeing someone as being logged in.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.