Jump to content


Photo

[SOLVED] I cannot find the err of my ways


  • Please log in to reply
1 reply to this topic

#1 charlieholder

charlieholder
  • Members
  • PipPipPip
  • Advanced Member
  • 1,419 posts
  • LocationAtlanta, GA

Posted 28 October 2006 - 03:04 PM

I have this code that is a basic login/logout/register page. Once you successfully login, it still displays the error message that you would see if there was an error when you tried to log in (i.e. incorrect username and/or password). I'm not asking for a rewrite, I just need someone to see if my logic is wrong and kind of give me a hint of where to look. Thanks in advance. I'm new to PHP and this forum and it's really nice that everyone is so helpful. I hope that one day, because of you guys, I'll know enough to help other people.

<?php
session_start();
session_register("LoggedInUser");

$uname = $_POST['username'];
$pwd = $_POST['password'];
$action = (empty($_GET['action'])) ? "" : $_GET['action']; // Ask Russell what this does
$loggedIn = FALSE;
$loginError = FALSE;

if (!isset($role)) {
	$role = "Unapproved";
}
if (isset($HTTP_SESSION_VARS['LoggedInUser'])) {
	$loggedIn = TRUE;
}
if ($loggedIn) {
	$loginError = FALSE;
}
if ($_GET['action'] == "logout") {
	session_destroy();
	$loggedIn = FALSE;
}
if (isset($uname)) {
	//Connect To Database
	$hostname = "...";
	$username = "...";
	$password = "...";
	$dbname = "...";
	
	mysql_connect($hostname,$username, $password) OR DIE ("Unable to connect! Please try again.");
	mysql_select_db($dbname);
	
	$query = "SELECT * FROM Users";
	$result = mysql_query($query);
	if($result) {
		while($row = mysql_fetch_array($result)){
			$name = $row["Username"];
			$pass = $row["Password"];
			$status = $row["Status"];
			if ($uname == $name && $pwd == $pass) {
				$HTTP_SESSION_VARS["LoggedInUser"] = $uname;
				$loggedIn = TRUE;
				$loginError = FALSE;
				if ($status == "Admin") {
					$role = "Admin";
				} else if ($status == "Member") {
					$role = "Member";
				} else {
					$role = "Unapproved";
				}
			} else {
				$loginError = TRUE;
			}
		}
	}
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>charlieholder[dot]com . 21 and invincible</title>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <meta name="author" content="charlie holder" />
  <meta name="description" content=" " />
  <link rel="stylesheet" href="css/style.css" type="text/css" />
  <link rel="icon" href="favicon.ico" type="image/x-icon" />
  <link rel="SHORTCUT ICON" href="favicon.ico" type="image/x-icon" />
</head>
<body id="centerHack">
<div class="main">
	<div class="header"><div class="header_content"></div></div>
	<div class="middle">
		<div class="middle_content">
			<?php
			// If you are not logged in, show the login link.
			if (!$loggedIn) { ?>
				<p><a href="index.php?action=login">Login</a></p>
			<?php }
			echo $loginError; // Test to see what $loginError is set to
			// If while logging in there was an error, show the error message
			if ($loginError) { ?>
				<p class="errorMsg">Login failed. Please try again.</p>
			<?php }
			// If no one is logged in and, the action is login or there was a login error, show the login form
			if (!isset($HTTP_SESSION_VARS['LoggedInUser']) && ($action == "login" || $loginError)) {
				include "loginForm.html";
			}
			// If you are not logged in, show the register link.
			if (!$loggedIn) { ?>
				<p><a href="index.php?action=register">Register</a></p>
			<?php }
			// If you are not logged in and the action is register show the register form
			if (!isset($HTTP_SESSION_VARS['LoggedInUser']) && $action == "register") {
				include "registerForm.html";
			}
			// If you are logged in, show the logout link, welcome message, and role
			if (isset($HTTP_SESSION_VARS['LoggedInUser']) && $loggedIn) { ?>
				<a href="index.php?action=logout">Logout</a>
				<p>Welcome <?php echo $uname; ?>, you are currently logged in.</p>
				<p><u><?php echo $role; ?></u></p>
			<?php } ?>
		</div>
	</div>
	<div class="footer">
		<div class="footer_content">
			<a href="http://blog.charlieholder.com" title="weblog">Blog</a>
		</div>
	</div>
</div>
</body>
</html>

PHP Manual | MySQL Reserved Words

Please mark TOPIC SOLVED when you've reached a solution.
Adding [code][/code] tags around your code increases your chances of receiving help.

I don't always test the code I write.


#2 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 28 October 2006 - 04:17 PM

hola and welcome to the forums.  it would be easier for us to help you if you actually told us what the problem was? I mean, I see some things you should probably change, logic and security-wise, but does it work and you are looking on how to improve it, or do you have a specific problem with it?
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users