Jump to content

Login script help

scdawg

By scdawg
in PHP Coding Help

Recommended Posts

scdawg Newbie

scdawg

Posted
Posted

I have a login script that isn't rejecting non-users. For whatever reason, it's passing them on to the welcome page where an actual user sees user specific information. I'm newer to php, but can't for the life of me understand why the script doesn't seem to ever utilize the 'else' portion of the 'if' statement. :shrug: So in short it works as expected for actual users, but non-users are not getting rejected. Below is my code. Any help is appreciated.

 

 $sqla = "SELECT count(*) FROM authorize WHERE username='$_POST[username]' and password='$_POST[password]'"; 
$result = mysql_query($sqla) or die ("Error: ". mysql_error(). " with query ". $query);
$count = mysql_num_rows($result); 

if($count==1) { 
//start session for user

session_start(); 

//get company id and user first and last name
$query = mysql_query("SELECT comp_id FROM authorize WHERE username='$_POST[username]'") or die ("Error: ". mysql_error(). " with query ". $query);
$query2 = mysql_query("SELECT firstname, lastname FROM authorize WHERE username='$_POST[username]'") or die ("Error: ". mysql_error(). " with query ". $query);


$resultb = mysql_fetch_assoc($query);
$resultc = mysql_fetch_array($query2);


$_SESSION['coid'] = $resultb['comp_id'];
$_SESSION['firstn'] = $resultc['firstname'];
$_SESSION['lastn'] = $resultc['lastname'];


//get company name
$query3 = mysql_query("SELECT comp_name FROM companies WHERE comp_id='$resultb[comp_id]'") or die ("Error: ". mysql_error(). " with query ". $query);
$resultd = mysql_fetch_assoc($query3);

$_SESSION['conm'] = $resultd['comp_name'];

header("location: overview.php");

} Else {

echo "That user does not exist.";
header("location: login.html");
}

Link to comment
https://forums.phpfreaks.com/topic/250646-login-script-help/
Share on other sites
xyph Advanced Member

xyph

Posted
Posted

Isolate this issue. Remove all of the code except your if/else statement. Use echos to debug what's happening.

 

<?php 

$sqla = "SELECT count(*) FROM authorize WHERE username='$_POST[username]' and password='$_POST[password]'"; 
$result = mysql_query($sqla) or die ("Error: ". mysql_error(). " with query ". $query);
$count = mysql_num_rows($result); 

if($count==1) { 

echo 'user authorized';

} Else {

echo 'bad user';

}
echo "<br>$count";

?>

 

Also, the header Location should always be a complete URL

Note:

 

HTTP/1.1 requires an absolute URI as argument to » Location: including the scheme, hostname and absolute path, but some clients accept relative URIs. You can usually use $_SERVER['HTTP_HOST'], $_SERVER['PHP_SELF'] and dirname() to make an absolute URI from a relative one yourself:

 

<?php
/* Redirect to a different page in the current directory that was requested */
$host  = $_SERVER['HTTP_HOST'];
$uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'mypage.php';
header("Location: http://$host$uri/$extra");
exit;
?>

http://php.net/manual/en/function.header.php

Link to comment
https://forums.phpfreaks.com/topic/250646-login-script-help/#findComment-1286013
Share on other sites
scdawg Newbie

scdawg

Posted
  • Author
Posted

Thanks, both very helpful suggestions. I've narrowed my probelm down to the password. When the user creates their account, the password is encrypted in the insert statement with password($_POST['password']). I know thats primitive, but how do I unencrypt it, so to verify it?

Link to comment
https://forums.phpfreaks.com/topic/250646-login-script-help/#findComment-1286092
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.