Jump to content

My Page Will Not Log In


Go to solution Solved by mac_gyver,

Recommended Posts

My index page is set up as a basic index page where it submits to check.php, the 2 text boxes in the index.php are called EMAIL and PASSWORD which is pretty simple and basic.

my set up page looks as follows

 

$db = mysql_connect("//hostname", "//username", "//password");
mysql_select_db("//dbname");

$res = mysql_query("SELECT * FROM userdb WHERE email='$email'");
$info = mysql_fetch_array($res);
$date2 = date("H:i");

function error($type)
{
if($type == "field")
{
include("style.css");
echo "<body link=#FFFFFF vlink=#FFFFFF alink=#FFFFFF bgcolor=#000000 text=#FFFFFF>";
echo "<p align=center><font color=white>You have left fields blank. Please <a href=index.php>retry</a></font></center></p>
<p align=center><img src=sonic.jpg></img></p>"
;
}

elseif($type == "password")
{
include("style.css");
echo "<body link=#FFFFFF vlink=#FFFFFF alink=#FFFFFF bgcolor=#000000 text=#FFFFFF>";
echo "<p align=center><font color=white>Incorrect password. Please <a href=index.php>relogin</a></font></center></p>
<p align=center><img src=sonic.jpg></img></p>"
;
}
}
echo "</body>";

 

 

this would connect to my database, select the database in question and make sure that the login/email properties are entered within the index page. If not entered the error message would come up saying that either information is incorrectly entered or not entered at all.

 

ob_start("ob_gzhandler");
session_start();
include("setup.php");

if(!$email || !$password) {

error("field");

exit();
}

if($password == $info['password']) {

session_register("password");
session_register("email");

include("top.php");
include("style.css");
if($action == "") {

echo "any content goes in here from like hyperlinks etc. once the login is successful";

}
include("bottom.php");

}
else
{
error("password");
}
ob_end_flush();

 

 

is my check page that process the whole Index.php information, from linking to the set up page it gathers the log in details and if something isn't right it will give either one of the error message aka "FIELD" if a email address is wrong/empty or "PASSWORD" if the password is incorrect or not entered.

 

my problem is the code is not allowing me to log into my page. When I had this page running years ago it use to work but now no matter how well I enter the details in correctly on my Index Page I can never access my account.

if you want to see what I am going on about then please attempt it yourself on a demo account I created for this @ http://www.sentuamsg.com/login (email: test@test.com password:test)

Link to comment
https://forums.phpfreaks.com/topic/281042-my-page-will-not-log-in/
Share on other sites

I'm not sure what resource it is you are using to learn PHP but its well out of date.

 

There are numerous issues with this code.

 

If you are looking for something that is free, reasonably up to date, and easy to follow. I would recommend: http://www.tuxradar.com/practicalphp

the things in the code that don't work were actually depreciated/moved-away-from/superseded back in 2002, so the resource you used in 2006 was already four years out of date. the settings/functions that the code relies upon that no longer work, started throwing errors in php5.3 and have been completely removed in php5.4.

 

if you are attempting to update your code, make sure that you have php's error_reporting set to E_ALL and display_errors set to ON so that php will help you as much as it can.

understood. I hear what you are saying everything has been upgraded but even when I used a tutorial in order to do what I need to do I cannot still get past the login page it errors up

 

index page links up to my set up page which my set up page now looks like:

 

session_start();
ob_start();
$host       = "//hostname";
$username   = "//username";
$password   = "//password";
$db_name    = "//databasename";
$tbl_name   = "//userdb";

 

//Connect to the server and select the database
mysql_connect("$host", "$username", "$password") or die ("cannot connect");
mysql_select_db("$db_name") or die ("cannot select DB");

 

//Get the username and password from the login form
//Prevent SQL injections
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
$username = stripslashes($username);
$password = stripslashes($password);

$sql = "SELECT * FROM $tbl_name WHERE username = '$username'
and password = '$password'";
$result = mysql_query($sql);

 

//Count the table row. 0 = No user exists
$count = mysql_num_rows($result);

 

//If $result is 1 the user exists
if($count == 1) {
    $_SESSION['username'] = $username;
    $_SESSION['password'] = $password;
    header('location:login_success.php');
}/* 

 

//If the result match the $username && $password, table row will be 1
if($count == 1) {
    session_register('username');
    session_register('password');
    header('location:login_success.php');
}*/

 

//If it does not match, give a return message
else {
include("style.css");
    echo "<body link=#FFFFFF vlink=#FFFFFF alink=#FFFFFF bgcolor=#000000 text=#FFFFFF>";
        echo "<p align=center><font color=white>Incorrect Password. Please <a href=index.php>Relogin</a></font></center></p>
<p align=center><img src=sonic.jpg></img></p>";
}
ob_end_flush();
?>

 

though when the login happens to lock me out and gives me the Incorrect Password page even though the details I entered are correct.
 

I know I am being a pain it is I just need the guidance and help as I am trying to set up a family/friends page up

 

Edited by Lone_Ranger
  • 2 weeks later...

relating to this post. the page goes to login success. If I want a users name to be shown EG. "Welcome [name]" which field would I need off that set up page in order to gather this info?

 

On that database where the email is stored, password stored there is a field called Name which contains the person name. That is the field I want showing

 

would it be eg. $username[name]?????

Edited by Lone_Ranger

there is a field called Name which contains the person name. That is the field I want showing

 

you would need to fetch the row from the result set that the query matched and then reference that field in the fetched row.

 

also, please post code using the forum's bbcode


tags so that it will be highlighted and in a scrollable box. using the

bbcode tags, it's hard to tell which of your posted code is not commented out and is the actual code in question.

 

finally, this thread is/was marked as being solved/answered so most people are not going to look at your follow up question in it. i have marked it unsolved for you.

Edited by mac_gyver
  • 2 weeks later...

this was the tutorial used http://www.phpeasystep.com/phptu/6.html

 

now the page called loginsuccess.php what I need to do is show the user who log's in there name (eg. if name was STAN it would say HI STAN). I have set up the property on the DB with a column called name.

 

I have tried many things so is there a solution for me?

  • Solution

someone posted a suggestion -
 

you would need to fetch the row from the result set that the query matched and then reference that field in the fetched row.

 
what did you try toward accomplishing that suggestion?
 
you have a point in your code where you know the query matched the username/passwword. just use an appropriate database fetch statement to retrieve the row from the result set and assign the name value from that row to a session variable. echo that session variable on any page you want to display the name.
 



 
there's bunch of things in the last posted code that need help -
 
1) don't use ob_start and ob_end_flush in your code unless you want to buffer output. there's nothing in that code that needs those and typing them in took up some of your time and added clutter to the code.
 
2) while it's true that php variables that are inside of a double-quoted string get replaced with their value, if the only thing in a double-quoted string is a php variable, the double-quotes are not needed and typing them took up some of your time and added clutter to the code.
 
3) you need to test if a form has been submitted before using any of the form data. this prevents errors from being produced when the page gets requested not due to the form. all your form processing code should be inside of a conditional statement so that it only runs when you know you have a form submission.
 
4) you should test if the submitted username and password have something in them before using them in the query. there's no point in running the query if the user didn't enter one or both of the values.

 

5) you are running  stripslashes() after you have escaped the string data. that undoes the escaping and allows sql injection. the only time you should use stripslashes() on form data is if magic_quotes_gpc is ON and you would do it before you then use mysql_real_escape_string on the data.

 

6) storing $password in a session variable doesn't mean anything and is not being used. you have already authenticated the user, you don't need to carry his password around in the code. again, this is just more typing that didn't need to happen and cluttered up the code.

 

7) assuming there is unconditional code on the page somewhere after the header redirect, you need an exit; statement after each header redirect to prevent the rest of the code from running.

Edited by mac_gyver
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.