My Page Will Not Log In

[Lone_Ranger]

My index page is set up as a basic index page where it submits to check.php, the 2 text boxes in the index.php are called EMAIL and PASSWORD which is pretty simple and basic.

my set up page looks as follows

 

$db = mysql_connect("//hostname", "//username", "//password");
mysql_select_db("//dbname");

$res = mysql_query("SELECT * FROM userdb WHERE email='$email'");
$info = mysql_fetch_array($res);
$date2 = date("H:i");

function error($type)
{
if($type == "field")
{
include("style.css");
echo "<body link=#FFFFFF vlink=#FFFFFF alink=#FFFFFF bgcolor=#000000 text=#FFFFFF>";
echo "<p align=center><font color=white>You have left fields blank. Please <a href=index.php>retry</a></font></center></p>
<p align=center><img src=sonic.jpg></img></p>";
}

elseif($type == "password")
{
include("style.css");
echo "<body link=#FFFFFF vlink=#FFFFFF alink=#FFFFFF bgcolor=#000000 text=#FFFFFF>";
echo "<p align=center><font color=white>Incorrect password. Please <a href=index.php>relogin</a></font></center></p>
<p align=center><img src=sonic.jpg></img></p>";
}
}
echo "</body>";

 

 

this would connect to my database, select the database in question and make sure that the login/email properties are entered within the index page. If not entered the error message would come up saying that either information is incorrectly entered or not entered at all.

 

ob_start("ob_gzhandler");
session_start();
include("setup.php");

if(!$email || !$password) {

error("field");

exit();
}

if($password == $info['password']) {

session_register("password");
session_register("email");

include("top.php");
include("style.css");
if($action == "") {

echo "any content goes in here from like hyperlinks etc. once the login is successful";

}
include("bottom.php");

}
else
{
error("password");
}
ob_end_flush();

 

 

is my check page that process the whole Index.php information, from linking to the set up page it gathers the log in details and if something isn't right it will give either one of the error message aka "FIELD" if a email address is wrong/empty or "PASSWORD" if the password is incorrect or not entered.

 

my problem is the code is not allowing me to log into my page. When I had this page running years ago it use to work but now no matter how well I enter the details in correctly on my Index Page I can never access my account.

if you want to see what I am going on about then please attempt it yourself on a demo account I created for this @ http://www.sentuamsg.com/login (email: test@test.com password:test)

[trq]

I'm not sure what resource it is you are using to learn PHP but its well out of date.

 

There are numerous issues with this code.

 

If you are looking for something that is free, reasonably up to date, and easy to follow. I would recommend: http://www.tuxradar.com/practicalphp

[Lone_Ranger]

no resources used at all here, that's me using the model I use to code with back in 2006. I hadn't realised thing's have changed which is a bit of a pain lol

[mac_gyver]

the things in the code that don't work were actually depreciated/moved-away-from/superseded back in 2002, so the resource you used in 2006 was already four years out of date. the settings/functions that the code relies upon that no longer work, started throwing errors in php5.3 and have been completely removed in php5.4.

 

if you are attempting to update your code, make sure that you have php's error_reporting set to E_ALL and display_errors set to ON so that php will help you as much as it can.

[trq]

that's me using the model I use to code with back in 2006. I hadn't realised thing's have changed which is a bit of a pain lol

Time doesn't stand still in the world of technology I'm afraid.

[Lone_Ranger]

understood. I hear what you are saying everything has been upgraded but even when I used a tutorial in order to do what I need to do I cannot still get past the login page it errors up

 

index page links up to my set up page which my set up page now looks like:

 

session_start();
ob_start();
$host       = "//hostname";
$username   = "//username";
$password   = "//password";
$db_name    = "//databasename";
$tbl_name   = "//userdb";

 

//Connect to the server and select the database
mysql_connect("$host", "$username", "$password") or die ("cannot connect");
mysql_select_db("$db_name") or die ("cannot select DB");

 

//Get the username and password from the login form
//Prevent SQL injections
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
$username = stripslashes($username);
$password = stripslashes($password);

$sql = "SELECT * FROM $tbl_name WHERE username = '$username'
and password = '$password'";
$result = mysql_query($sql);

 

//Count the table row. 0 = No user exists
$count = mysql_num_rows($result);

 

//If $result is 1 the user exists
if($count == 1) {
    $_SESSION['username'] = $username;
    $_SESSION['password'] = $password;
    header('location:login_success.php');
}/* 

 

//If the result match the $username && $password, table row will be 1
if($count == 1) {
    session_register('username');
    session_register('password');
    header('location:login_success.php');
}*/

 

//If it does not match, give a return message
else {
include("style.css");
    echo "<body link=#FFFFFF vlink=#FFFFFF alink=#FFFFFF bgcolor=#000000 text=#FFFFFF>";
        echo "<p align=center><font color=white>Incorrect Password. Please <a href=index.php>Relogin</a></font></center></p>
<p align=center><img src=sonic.jpg></img></p>";
}
ob_end_flush();
?>

 

though when the login happens to lock me out and gives me the Incorrect Password page even though the details I entered are correct.
 

I know I am being a pain it is I just need the guidance and help as I am trying to set up a family/friends page up

 

Edited August 11, 2013 by Lone_Ranger

[headstress]

$password = mysql_real_escape_string(md5($_POST['password']));

 

Change this line to

 

$password = mysql_real_escape_string($_POST['password']);

 

And see if that fixes it

[Lone_Ranger]

you sexy poster you! Thank you

[headstress]

you sexy poster you! Thank you

 

If this has fixed it then your passwords are sat in your database as plain text, I  know md5 isnt the most secure but its much better than nothing at all

[headstress]

$password = mysql_real_escape_string(md5($_POST['password']));

 

Change this line to

 

$password = mysql_real_escape_string($_POST['password']);

 

And see if that fixes it

 

Sorry I was going to quote this

[Lone_Ranger]

relating to this post. the page goes to login success. If I want a users name to be shown EG. "Welcome [name]" which field would I need off that set up page in order to gather this info?

 

On that database where the email is stored, password stored there is a field called Name which contains the person name. That is the field I want showing

 

would it be eg. $username[name]?????

Edited August 21, 2013 by Lone_Ranger

[Lone_Ranger]

Guess not then, ill have to have a snoop tomorrow

Edited August 22, 2013 by Lone_Ranger

[mac_gyver]

there is a field called Name which contains the person name. That is the field I want showing

 

you would need to fetch the row from the result set that the query matched and then reference that field in the fetched row.

 

also, please post code using the forum's bbcode

tags so that it will be highlighted and in a scrollable box. using the

bbcode tags, it's hard to tell which of your posted code is not commented out and is the actual code in question.

 

finally, this thread is/was marked as being solved/answered so most people are not going to look at your follow up question in it. i have marked it unsolved for you.

Edited August 23, 2013 by mac_gyver

[Lone_Ranger]

this was the tutorial used http://www.phpeasystep.com/phptu/6.html

 

now the page called loginsuccess.php what I need to do is show the user who log's in there name (eg. if name was STAN it would say HI STAN). I have set up the property on the DB with a column called name.

 

I have tried many things so is there a solution for me?

[mac_gyver]

someone posted a suggestion -
 

you would need to fetch the row from the result set that the query matched and then reference that field in the fetched row.

 
what did you try toward accomplishing that suggestion?
 
you have a point in your code where you know the query matched the username/passwword. just use an appropriate database fetch statement to retrieve the row from the result set and assign the name value from that row to a session variable. echo that session variable on any page you want to display the name.
 

---

 
there's bunch of things in the last posted code that need help -
 
1) don't use ob_start and ob_end_flush in your code unless you want to buffer output. there's nothing in that code that needs those and typing them in took up some of your time and added clutter to the code.
 
2) while it's true that php variables that are inside of a double-quoted string get replaced with their value, if the only thing in a double-quoted string is a php variable, the double-quotes are not needed and typing them took up some of your time and added clutter to the code.
 
3) you need to test if a form has been submitted before using any of the form data. this prevents errors from being produced when the page gets requested not due to the form. all your form processing code should be inside of a conditional statement so that it only runs when you know you have a form submission.
 
4) you should test if the submitted username and password have something in them before using them in the query. there's no point in running the query if the user didn't enter one or both of the values.

 

5) you are running  stripslashes() after you have escaped the string data. that undoes the escaping and allows sql injection. the only time you should use stripslashes() on form data is if magic_quotes_gpc is ON and you would do it before you then use mysql_real_escape_string on the data.

 

6) storing $password in a session variable doesn't mean anything and is not being used. you have already authenticated the user, you don't need to carry his password around in the code. again, this is just more typing that didn't need to happen and cluttered up the code.

 

7) assuming there is unconditional code on the page somewhere after the header redirect, you need an exit; statement after each header redirect to prevent the rest of the code from running.

Edited September 3, 2013 by mac_gyver

[Lone_Ranger]

that was really easy to fix just me over complicating things and being stupid