Jump to content

FATAL ERROR in login Script...

mroberts46

By mroberts46
in PHP Coding Help

 Share

Recommended Posts

mroberts46 Member

mroberts46

Posted
Posted

Hello everyone,

 

I'm extremely new to php and have absolutely no clue as to what I'm doing. However, I have been able to read through and understand most of the code that I have found.

 

I have a client who requires members to login in order to view special members only content. Therefore I did a search for a login system. After a little manipulation I was able to get it up and running. The client then required a few changes to be made and that's when all heck broke lose. I've gone from a working login script to a one that gives me a different error with every change I make. The current problem:

 

Fatal error: Function name must be a string in /.../.../.../.../public_html/new_site/testing/index.php on line 60

 

Here's the code it refers to:

 

<?php

define('INCLUDE_CHECK',true);

require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined


session_name('tzLogin');
// Starting the session

session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks

session_start();

if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
// If you are logged in, but you don't have the tzRemember cookie (browser restart)
// and you have not checked the rememberMe checkbox:

$_SESSION = array();
session_destroy();

// Destroy the session
}


if(isset($_GET['logoff']))
{
$_SESSION = array();
session_unset();
session_destroy();

header("Location: demo.php");
exit;
}

if($_POST['submit']=='Login')
{
// Checking whether the Login form has been submitted

$err = array();
// Will hold our errors


if(!$_POST['username'] || !$_POST['password'])
	$err[] = 'All the fields must be filled in!';

if(!count($err))
{
	$_POST['username'] = mysql_real_escape_string($_POST['username']);
	$_POST['password'] = mysql_real_escape_string($_POST['password']);
	$_POST['rememberMe'] = (int)$_POST['rememberMe'];
	// Escaping all input data

	$result = mysql_query("SELECT * FROM tz_members");
	while($rows = mysql_fetch_array($result)) {
		$salt = $rows('salt');
	}

	$row = mysql_fetch_assoc(mysql_query("SELECT id,username,salt FROM tz_members WHERE username='{$_POST['username']}' AND pass='".md5($salt.md5($_POST['password']).$salt)."'"));

	if($row['username'])
	{
		// If everything is OK login

		$_SESSION['usr']=$row['username'];
		$_SESSION['id'] = $row['id'];
		$_SESSION['rememberMe'] = $_POST['rememberMe'];

		// Store some data in the session

		setcookie('tzRemember',$_POST['rememberMe']);
	}
	else $err[]='Wrong username and/or password!';
}

if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
// Save the error messages in the session

header("Location: demo.php");
exit;
}
$script = '';

if($_SESSION['msg'])
{
// The script below shows the sliding panel on page load

$script = '
<script type="text/javascript">

	$(function(){

		$("div#panel").show();
		$("#toggle a").toggle();
	});

</script>';

}
?>

 

To further complicate this, I have a separate file that handles the registration and it works but makes the password difficult to verify (at least to a noob like myself). Here's how that code is written:

 

<?php
define('INCLUDE_CHECK',true);
require 'connect.php';

$username = $_POST['username'];
$email = $_POST['email'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];

if($pass1 != $pass2)
	header('Location: index.php');
if(strlen($username) > 30)
	header('Location: index.php');

$hash = md5($pass1);

function createSalt()
{
	$string = md5(uniqid(rand(), true));
	return substr($string, 0, 10);
}
$salt = createSalt();
$hash = md5($salt.$pass1.$salt);

function visitorIP()
{
	if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
		$TheIp=$_SERVER['HTTP_X_FORWARDED_FOR'];
	else $TheIp=$_SERVER['REMOTE_ADDR'];
	return trim($TheIp);
}
$ip = visitorIP();

$username = mysql_real_escape_string($username);

$query = "INSERT INTO `tz_members` (`id`, `username`, `password`, `salt`, `email`, `regIP`, `dt`) VALUES (NULL, '$username', '$hash', '$salt', '$email', '$ip', '0000-00-00 00:00:00');";
mysql_query($query);
mysql_close();
header('Location: index.php');
?>

 

Please tell me what's going wrong because I've made every change I can think of and I'd hate to lose the bonus security of the password just because I can't make it work. You may reply here or email me at [email protected].

Link to comment
https://forums.phpfreaks.com/topic/263013-fatal-error-in-login-script/
Share on other sites
mroberts46 Member

mroberts46

Posted
  • Author
Posted

Well I started out just doing basic sites that didn't require any interaction from the users. Personally, I don't have clients. They are my mom's clients but as a way of giving me a chance to practice, she's dropped some of her clients on to me. I know a little ASP.NET and could easily do this within ASP. However, all of her clients are hosted on linux servers which requires me to learn php and fast. This is the first client that has actually needed interaction from the user.

 

After making the said change, I now get this error:

 

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /.../.../.../.../public_html/new_site/testing/index.php on line 63

 

Warning: Cannot modify header information - headers already sent by (output started at /.../.../.../.../public_html/new_site/testing/index.php:63) in /.../.../.../.../public_html/new_site/testing/index.php on line 84

mrMarcus Member

mrMarcus

Posted
Posted

Going to be brutally honest... you have a long ways to go :P

 

You shouldn't compound your query functions like that.  Or any function for that matter, unless you have a very good reason to.

 

What I'm referring to is:

 

$row = mysql_fetch_assoc(mysql_query("SELECT id,username,salt FROM tz_members WHERE username='{$_POST['username']}' AND pass='".md5($salt.md5($_POST['password']).$salt)."'"));

 

Swap out this block:

 

$row = mysql_fetch_assoc(mysql_query("SELECT id,username,salt FROM tz_members WHERE username='{$_POST['username']}' AND pass='".md5($salt.md5($_POST['password']).$salt)."'"));

	if($row['username'])
	{
		// If everything is OK login

		$_SESSION['usr']=$row['username'];
		$_SESSION['id'] = $row['id'];
		$_SESSION['rememberMe'] = $_POST['rememberMe'];

		// Store some data in the session

		setcookie('tzRemember',$_POST['rememberMe']);
	}
	else $err[]='Wrong username and/or password!';

 

for this block:

 

$sql = "SELECT id,username,salt FROM tz_members WHERE username='{$_POST['username']}' AND pass='".md5($salt.md5($_POST['password']).$salt)."'";
if ($result = mysql_query($sql)) {
if (mysql_num_rows($result) > 0) {
	$row = mysql_fetch_assoc($result);

	if ($row['username']) {
		// If everything is OK login

		$_SESSION['usr']=$row['username'];
		$_SESSION['id'] = $row['id'];
		$_SESSION['rememberMe'] = $_POST['rememberMe'];

		// Store some data in the session

		setcookie('tzRemember',$_POST['rememberMe']);
	}
	else $err[]='Wrong username and/or password!';
}
else {
	$err[] = 'No record found.';
}
}
else {
die(mysql_error());
}

mroberts46 Member

mroberts46

Posted
  • Author
Posted

Going to be brutally honest... you have a long ways to go :P

 

Yeah, I know. I'm hoping to find a class at school that teaches PHP but I don't think my school does. In the meantime, I've looking for someone to kinda mentor me or teach me. There are several languages that I really want to learn and get proficient in but I just don't have anyone to guide me through it. Javascript, ActionScript 3, PHP, C++, C#, VB are just a few. I've taken classes in C++ and VB and have a basic (extremly basic) understanding of the languages but nothing good enough to consider myself proficient in the least bit.

 

The suggested changes you have given me appear to have worked. After making said changes, I was able to find two other errors in my code. One was the name of the password field from the db and the other was the header redirect once the user logs in. I really appreciate your help on this. I've been fighting with this login script for a while now and I know I have a lot more fighting to do as I know there are still features they would like that I just don't know how to do just yet.

 

two questions remain:

    1) Why did we use the brace instead of the parenthesis?

              I think its because the data we pulled came from an array but I want to be sure that I am following the logic correctly.

    2) Why does PHP seem to not like multiple mysql queries?

              I seem to have run into that problem on multiple occasions now and I wonder why it doesn't work. I need to know what the various mysql_assoc and mysql_array calls mean, how and when to use them, and how to use them effectively.

 

 

mroberts46 Member

mroberts46

Posted
  • Author
Posted

So now, I'm not able to login but I'm also not getting any error messages.

 

None of the accounts I've created to test the login system are able to login. I keep getting the message "No Record Found"... Why is this?

The code now looks like this :

 

<?php

define('INCLUDE_CHECK',true);

require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined


session_name('tzLogin');
// Starting the session

session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks

session_start();

if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
// If you are logged in, but you don't have the tzRemember cookie (browser restart)
// and you have not checked the rememberMe checkbox:

$_SESSION = array();
session_destroy();

// Destroy the session
}


if(isset($_GET['logoff']))
{
$_SESSION = array();
session_unset();
session_destroy();

header("Location: demo.php");
exit;
}

if($_POST['submit']=='Login')
{
// Checking whether the Login form has been submitted

$err = array();
// Will hold our errors


if(!$_POST['username'] || !$_POST['password'])
	$err[] = 'All the fields must be filled in!';

if(!count($err))
{
	$_POST['username'] = mysql_real_escape_string($_POST['username']);
	$_POST['password'] = mysql_real_escape_string($_POST['password']);
	$_POST['rememberMe'] = (int)$_POST['rememberMe'];
	// Escaping all input data

	$result = mysql_query("SELECT * FROM tz_members");
	while($rows = mysql_fetch_array($result)) {
		$salt = $rows['salt'];
	}

	$sql = "SELECT id,username,salt FROM tz_members WHERE username='{$_POST['username']}' AND password='".md5($salt.md5($_POST['password']).$salt)."'";
	if ($result = mysql_query($sql)) {
		if (mysql_num_rows($result) > 0) {
			$row = mysql_fetch_assoc($result);

			if ($row['username']) {
				// If everything is OK login

				$_SESSION['usr']=$row['username'];
				$_SESSION['id'] = $row['id'];
				$_SESSION['rememberMe'] = $_POST['rememberMe'];

				// Store some data in the session

				setcookie('tzRemember',$_POST['rememberMe']);
			}
			else $err[]='Wrong username and/or password!';
		}
		else {
			$err[] = 'No record found.';
		}
}
else {
die(mysql_error());
}
}

if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
// Save the error messages in the session

header("Location: index.php");
exit;
}
$script = '';

if($_SESSION['msg'])
{
// The script below shows the sliding panel on page load

$script = '
<script type="text/javascript">

	$(function(){

		$("div#panel").show();
		$("#toggle a").toggle();
	});

</script>';

}
?>

 

Why is it unable to find the records in my db? (code for registration is listed in the original post)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.