Lone_Ranger Posted August 11, 2013 Share Posted August 11, 2013 My index page is set up as a basic index page where it submits to check.php, the 2 text boxes in the index.php are called EMAIL and PASSWORD which is pretty simple and basic. my set up page looks as follows $db = mysql_connect("//hostname", "//username", "//password");mysql_select_db("//dbname");$res = mysql_query("SELECT * FROM userdb WHERE email='$email'");$info = mysql_fetch_array($res);$date2 = date("H:i"); function error($type){if($type == "field"){include("style.css");echo "<body link=#FFFFFF vlink=#FFFFFF alink=#FFFFFF bgcolor=#000000 text=#FFFFFF>";echo "<p align=center><font color=white>You have left fields blank. Please <a href=index.php>retry</a></font></center></p><p align=center><img src=sonic.jpg></img></p>";}elseif($type == "password"){include("style.css");echo "<body link=#FFFFFF vlink=#FFFFFF alink=#FFFFFF bgcolor=#000000 text=#FFFFFF>";echo "<p align=center><font color=white>Incorrect password. Please <a href=index.php>relogin</a></font></center></p><p align=center><img src=sonic.jpg></img></p>";}}echo "</body>"; this would connect to my database, select the database in question and make sure that the login/email properties are entered within the index page. If not entered the error message would come up saying that either information is incorrectly entered or not entered at all. ob_start("ob_gzhandler");session_start();include("setup.php");if(!$email || !$password) {error("field");exit();}if($password == $info['password']) {session_register("password");session_register("email");include("top.php");include("style.css");if($action == "") {echo "any content goes in here from like hyperlinks etc. once the login is successful";}include("bottom.php");}else{error("password");}ob_end_flush(); is my check page that process the whole Index.php information, from linking to the set up page it gathers the log in details and if something isn't right it will give either one of the error message aka "FIELD" if a email address is wrong/empty or "PASSWORD" if the password is incorrect or not entered. my problem is the code is not allowing me to log into my page. When I had this page running years ago it use to work but now no matter how well I enter the details in correctly on my Index Page I can never access my account. if you want to see what I am going on about then please attempt it yourself on a demo account I created for this @ http://www.sentuamsg.com/login (email: test@test.com password:test) Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/ Share on other sites More sharing options...
trq Posted August 11, 2013 Share Posted August 11, 2013 I'm not sure what resource it is you are using to learn PHP but its well out of date. There are numerous issues with this code. If you are looking for something that is free, reasonably up to date, and easy to follow. I would recommend: http://www.tuxradar.com/practicalphp Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1444384 Share on other sites More sharing options...
Lone_Ranger Posted August 11, 2013 Author Share Posted August 11, 2013 no resources used at all here, that's me using the model I use to code with back in 2006. I hadn't realised thing's have changed which is a bit of a pain lol Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1444386 Share on other sites More sharing options...
mac_gyver Posted August 11, 2013 Share Posted August 11, 2013 the things in the code that don't work were actually depreciated/moved-away-from/superseded back in 2002, so the resource you used in 2006 was already four years out of date. the settings/functions that the code relies upon that no longer work, started throwing errors in php5.3 and have been completely removed in php5.4. if you are attempting to update your code, make sure that you have php's error_reporting set to E_ALL and display_errors set to ON so that php will help you as much as it can. Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1444389 Share on other sites More sharing options...
trq Posted August 11, 2013 Share Posted August 11, 2013 that's me using the model I use to code with back in 2006. I hadn't realised thing's have changed which is a bit of a pain lol Time doesn't stand still in the world of technology I'm afraid. Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1444390 Share on other sites More sharing options...
Lone_Ranger Posted August 11, 2013 Author Share Posted August 11, 2013 (edited) understood. I hear what you are saying everything has been upgraded but even when I used a tutorial in order to do what I need to do I cannot still get past the login page it errors up index page links up to my set up page which my set up page now looks like: session_start();ob_start();$host = "//hostname";$username = "//username";$password = "//password";$db_name = "//databasename";$tbl_name = "//userdb"; //Connect to the server and select the databasemysql_connect("$host", "$username", "$password") or die ("cannot connect");mysql_select_db("$db_name") or die ("cannot select DB"); //Get the username and password from the login form//Prevent SQL injections$username = mysql_real_escape_string($_POST['username']);$password = mysql_real_escape_string(md5($_POST['password']));$username = stripslashes($username);$password = stripslashes($password); $sql = "SELECT * FROM $tbl_name WHERE username = '$username'and password = '$password'";$result = mysql_query($sql); //Count the table row. 0 = No user exists$count = mysql_num_rows($result); //If $result is 1 the user existsif($count == 1) { $_SESSION['username'] = $username; $_SESSION['password'] = $password; header('location:login_success.php');}/* //If the result match the $username && $password, table row will be 1if($count == 1) { session_register('username'); session_register('password'); header('location:login_success.php');}*/ //If it does not match, give a return messageelse {include("style.css"); echo "<body link=#FFFFFF vlink=#FFFFFF alink=#FFFFFF bgcolor=#000000 text=#FFFFFF>"; echo "<p align=center><font color=white>Incorrect Password. Please <a href=index.php>Relogin</a></font></center></p><p align=center><img src=sonic.jpg></img></p>";}ob_end_flush();?> though when the login happens to lock me out and gives me the Incorrect Password page even though the details I entered are correct. I know I am being a pain it is I just need the guidance and help as I am trying to set up a family/friends page up Edited August 11, 2013 by Lone_Ranger Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1444394 Share on other sites More sharing options...
headstress Posted August 11, 2013 Share Posted August 11, 2013 $password = mysql_real_escape_string(md5($_POST['password'])); Change this line to $password = mysql_real_escape_string($_POST['password']); And see if that fixes it Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1444436 Share on other sites More sharing options...
Lone_Ranger Posted August 12, 2013 Author Share Posted August 12, 2013 you sexy poster you! Thank you Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1444455 Share on other sites More sharing options...
headstress Posted August 12, 2013 Share Posted August 12, 2013 you sexy poster you! Thank you If this has fixed it then your passwords are sat in your database as plain text, I know md5 isnt the most secure but its much better than nothing at all Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1444586 Share on other sites More sharing options...
headstress Posted August 12, 2013 Share Posted August 12, 2013 $password = mysql_real_escape_string(md5($_POST['password'])); Change this line to $password = mysql_real_escape_string($_POST['password']); And see if that fixes it Sorry I was going to quote this Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1444587 Share on other sites More sharing options...
Lone_Ranger Posted August 21, 2013 Author Share Posted August 21, 2013 (edited) relating to this post. the page goes to login success. If I want a users name to be shown EG. "Welcome [name]" which field would I need off that set up page in order to gather this info? On that database where the email is stored, password stored there is a field called Name which contains the person name. That is the field I want showing would it be eg. $username[name]????? Edited August 21, 2013 by Lone_Ranger Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1446116 Share on other sites More sharing options...
Lone_Ranger Posted August 22, 2013 Author Share Posted August 22, 2013 (edited) Guess not then, ill have to have a snoop tomorrow Edited August 22, 2013 by Lone_Ranger Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1446405 Share on other sites More sharing options...
mac_gyver Posted August 23, 2013 Share Posted August 23, 2013 (edited) there is a field called Name which contains the person name. That is the field I want showing you would need to fetch the row from the result set that the query matched and then reference that field in the fetched row. also, please post code using the forum's bbcode tags so that it will be highlighted and in a scrollable box. using the bbcode tags, it's hard to tell which of your posted code is not commented out and is the actual code in question. finally, this thread is/was marked as being solved/answered so most people are not going to look at your follow up question in it. i have marked it unsolved for you. Edited August 23, 2013 by mac_gyver Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1446458 Share on other sites More sharing options...
Lone_Ranger Posted September 3, 2013 Author Share Posted September 3, 2013 this was the tutorial used http://www.phpeasystep.com/phptu/6.html now the page called loginsuccess.php what I need to do is show the user who log's in there name (eg. if name was STAN it would say HI STAN). I have set up the property on the DB with a column called name. I have tried many things so is there a solution for me? Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1447983 Share on other sites More sharing options...
Solution mac_gyver Posted September 3, 2013 Solution Share Posted September 3, 2013 (edited) someone posted a suggestion - you would need to fetch the row from the result set that the query matched and then reference that field in the fetched row. what did you try toward accomplishing that suggestion? you have a point in your code where you know the query matched the username/passwword. just use an appropriate database fetch statement to retrieve the row from the result set and assign the name value from that row to a session variable. echo that session variable on any page you want to display the name. there's bunch of things in the last posted code that need help - 1) don't use ob_start and ob_end_flush in your code unless you want to buffer output. there's nothing in that code that needs those and typing them in took up some of your time and added clutter to the code. 2) while it's true that php variables that are inside of a double-quoted string get replaced with their value, if the only thing in a double-quoted string is a php variable, the double-quotes are not needed and typing them took up some of your time and added clutter to the code. 3) you need to test if a form has been submitted before using any of the form data. this prevents errors from being produced when the page gets requested not due to the form. all your form processing code should be inside of a conditional statement so that it only runs when you know you have a form submission. 4) you should test if the submitted username and password have something in them before using them in the query. there's no point in running the query if the user didn't enter one or both of the values. 5) you are running stripslashes() after you have escaped the string data. that undoes the escaping and allows sql injection. the only time you should use stripslashes() on form data is if magic_quotes_gpc is ON and you would do it before you then use mysql_real_escape_string on the data. 6) storing $password in a session variable doesn't mean anything and is not being used. you have already authenticated the user, you don't need to carry his password around in the code. again, this is just more typing that didn't need to happen and cluttered up the code. 7) assuming there is unconditional code on the page somewhere after the header redirect, you need an exit; statement after each header redirect to prevent the rest of the code from running. Edited September 3, 2013 by mac_gyver Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1448045 Share on other sites More sharing options...
Lone_Ranger Posted September 7, 2013 Author Share Posted September 7, 2013 that was really easy to fix just me over complicating things and being stupid Quote Link to comment https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/#findComment-1448596 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.