Jump to content

My Page Will Not Log In


Lone_Ranger

Recommended Posts

My index page is set up as a basic index page where it submits to check.php, the 2 text boxes in the index.php are called EMAIL and PASSWORD which is pretty simple and basic.

my set up page looks as follows

 

$db = mysql_connect("//hostname", "//username", "//password");
mysql_select_db("//dbname");

$res = mysql_query("SELECT * FROM userdb WHERE email='$email'");
$info = mysql_fetch_array($res);
$date2 = date("H:i");

function error($type)
{
if($type == "field")
{
include("style.css");
echo "<body link=#FFFFFF vlink=#FFFFFF alink=#FFFFFF bgcolor=#000000 text=#FFFFFF>";
echo "<p align=center><font color=white>You have left fields blank. Please <a href=index.php>retry</a></font></center></p>
<p align=center><img src=sonic.jpg></img></p>"
;
}

elseif($type == "password")
{
include("style.css");
echo "<body link=#FFFFFF vlink=#FFFFFF alink=#FFFFFF bgcolor=#000000 text=#FFFFFF>";
echo "<p align=center><font color=white>Incorrect password. Please <a href=index.php>relogin</a></font></center></p>
<p align=center><img src=sonic.jpg></img></p>"
;
}
}
echo "</body>";

 

 

this would connect to my database, select the database in question and make sure that the login/email properties are entered within the index page. If not entered the error message would come up saying that either information is incorrectly entered or not entered at all.

 

ob_start("ob_gzhandler");
session_start();
include("setup.php");

if(!$email || !$password) {

error("field");

exit();
}

if($password == $info['password']) {

session_register("password");
session_register("email");

include("top.php");
include("style.css");
if($action == "") {

echo "any content goes in here from like hyperlinks etc. once the login is successful";

}
include("bottom.php");

}
else
{
error("password");
}
ob_end_flush();

 

 

is my check page that process the whole Index.php information, from linking to the set up page it gathers the log in details and if something isn't right it will give either one of the error message aka "FIELD" if a email address is wrong/empty or "PASSWORD" if the password is incorrect or not entered.

 

my problem is the code is not allowing me to log into my page. When I had this page running years ago it use to work but now no matter how well I enter the details in correctly on my Index Page I can never access my account.

if you want to see what I am going on about then please attempt it yourself on a demo account I created for this @ http://www.sentuamsg.com/login (email: test@test.com password:test)

Link to comment
Share on other sites

the things in the code that don't work were actually depreciated/moved-away-from/superseded back in 2002, so the resource you used in 2006 was already four years out of date. the settings/functions that the code relies upon that no longer work, started throwing errors in php5.3 and have been completely removed in php5.4.

 

if you are attempting to update your code, make sure that you have php's error_reporting set to E_ALL and display_errors set to ON so that php will help you as much as it can.

Link to comment
Share on other sites

understood. I hear what you are saying everything has been upgraded but even when I used a tutorial in order to do what I need to do I cannot still get past the login page it errors up

 

index page links up to my set up page which my set up page now looks like:

 

session_start();
ob_start();
$host       = "//hostname";
$username   = "//username";
$password   = "//password";
$db_name    = "//databasename";
$tbl_name   = "//userdb";

 

//Connect to the server and select the database
mysql_connect("$host", "$username", "$password") or die ("cannot connect");
mysql_select_db("$db_name") or die ("cannot select DB");

 

//Get the username and password from the login form
//Prevent SQL injections
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
$username = stripslashes($username);
$password = stripslashes($password);

$sql = "SELECT * FROM $tbl_name WHERE username = '$username'
and password = '$password'";
$result = mysql_query($sql);

 

//Count the table row. 0 = No user exists
$count = mysql_num_rows($result);

 

//If $result is 1 the user exists
if($count == 1) {
    $_SESSION['username'] = $username;
    $_SESSION['password'] = $password;
    header('location:login_success.php');
}/* 

 

//If the result match the $username && $password, table row will be 1
if($count == 1) {
    session_register('username');
    session_register('password');
    header('location:login_success.php');
}*/

 

//If it does not match, give a return message
else {
include("style.css");
    echo "<body link=#FFFFFF vlink=#FFFFFF alink=#FFFFFF bgcolor=#000000 text=#FFFFFF>";
        echo "<p align=center><font color=white>Incorrect Password. Please <a href=index.php>Relogin</a></font></center></p>
<p align=center><img src=sonic.jpg></img></p>";
}
ob_end_flush();
?>

 

though when the login happens to lock me out and gives me the Incorrect Password page even though the details I entered are correct.
 

I know I am being a pain it is I just need the guidance and help as I am trying to set up a family/friends page up

 

Link to comment
Share on other sites

  • 2 weeks later...

relating to this post. the page goes to login success. If I want a users name to be shown EG. "Welcome [name]" which field would I need off that set up page in order to gather this info?

 

On that database where the email is stored, password stored there is a field called Name which contains the person name. That is the field I want showing

 

would it be eg. $username[name]?????

Link to comment
Share on other sites

there is a field called Name which contains the person name. That is the field I want showing

 

you would need to fetch the row from the result set that the query matched and then reference that field in the fetched row.

 

also, please post code using the forum's bbcode


tags so that it will be highlighted and in a scrollable box. using the

bbcode tags, it's hard to tell which of your posted code is not commented out and is the actual code in question.

 

finally, this thread is/was marked as being solved/answered so most people are not going to look at your follow up question in it. i have marked it unsolved for you.

Link to comment
Share on other sites

  • 2 weeks later...

someone posted a suggestion -
 

you would need to fetch the row from the result set that the query matched and then reference that field in the fetched row.

 
what did you try toward accomplishing that suggestion?
 
you have a point in your code where you know the query matched the username/passwword. just use an appropriate database fetch statement to retrieve the row from the result set and assign the name value from that row to a session variable. echo that session variable on any page you want to display the name.
 



 
there's bunch of things in the last posted code that need help -
 
1) don't use ob_start and ob_end_flush in your code unless you want to buffer output. there's nothing in that code that needs those and typing them in took up some of your time and added clutter to the code.
 
2) while it's true that php variables that are inside of a double-quoted string get replaced with their value, if the only thing in a double-quoted string is a php variable, the double-quotes are not needed and typing them took up some of your time and added clutter to the code.
 
3) you need to test if a form has been submitted before using any of the form data. this prevents errors from being produced when the page gets requested not due to the form. all your form processing code should be inside of a conditional statement so that it only runs when you know you have a form submission.
 
4) you should test if the submitted username and password have something in them before using them in the query. there's no point in running the query if the user didn't enter one or both of the values.

 

5) you are running  stripslashes() after you have escaped the string data. that undoes the escaping and allows sql injection. the only time you should use stripslashes() on form data is if magic_quotes_gpc is ON and you would do it before you then use mysql_real_escape_string on the data.

 

6) storing $password in a session variable doesn't mean anything and is not being used. you have already authenticated the user, you don't need to carry his password around in the code. again, this is just more typing that didn't need to happen and cluttered up the code.

 

7) assuming there is unconditional code on the page somewhere after the header redirect, you need an exit; statement after each header redirect to prevent the rest of the code from running.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.