Andrew12313413 Posted January 21, 2014 Author Share Posted January 21, 2014 processlogin.php <?php include('config.php'); if (isset($_POST['submit'])) { $username= $_POST['username']; $password= $_POST['password']; $myusername = mysql_real_escape_string($username); $mypassword = mysql_real_escape_string($password); $sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'"; $result= mysql_query($sql) or die(mysql_error()); // If result matched $myusername and $mypassword, table row must be 1 row if($row = mysql_fetch_array($result)) { header("Location: welcome.php"); exit; } } ?> login.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login Page</title> <style type="text/css"> body { font-family:Arial, Helvetica, sans-serif; font-size:14px; } label { font-weight:bold; width:100px; font-size:14px; } .box { border:#666666 solid 1px; } </style> </head> <body bgcolor="#FFFFFF"> <div align="center"> <div style="width:300px; border: solid 1px #333333; " align="left"> <div style="background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div> <div style="margin:30px"> <form action="processlogin.php" method="post"> <label>UserName :</label><input type="text" name="username" class="box"/><br /><br /> <label>Password :</label><input type="password" name="password" class="box" /><br/><br /> <input type="submit" value=" Submit " name="submit"/><br /> </form> <div style="font-size:11px; color:#cc0000; margin-top:10px"></div> </div> </div> </div> </body> </html> Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted January 21, 2014 Share Posted January 21, 2014 since the current code doesn't contain any of the previous debugging statements, some possibilities - 1) your code is doing what you expect, but the header() statement is either failing (there would be a php error if error reporting is turned on) or you have code at the welcome.php page that is redirecting back to the form. 2) you may have output_buffering turned on in your php.ini and anything you or php have tried to output on that page has been discarded when the redirect occurs. 3) your code isn't matching the username/password (perhaps the password has been hashed when stored into the table) and you have no logic in your code to address this common occurrence. for items #1 and #2, in your php.ini, set error_reporting to E_ALL, display_errors to ON, and output_buffering to OFF. you will need to restart your web server to get any changes made to the php.ini to take effect and confirm that these settings actually have been changed by looking at the output from a phpinfo() statement. also, for the time being, comment out the header() statement and put in an echo 'you have successfully logged in'; statement so that you know precisely what the code is doing. for item #3, when validating user input (in this case authenticating the username/password), you ALWAYS need an else{} statement to tell the user why his input failed the validation test. if there isn't a matching username/password, inform the user of this by outputting a message. lastly, when the username/password does match a record in the table, you should be retrieving the user's id and setting it into a session variable so that you remember that the current user has been authenticated and who that user is. Quote Link to comment Share on other sites More sharing options...
Andrew12313413 Posted January 22, 2014 Author Share Posted January 22, 2014 since the current code doesn't contain any of the previous debugging statements, some possibilities - 1) your code is doing what you expect, but the header() statement is either failing (there would be a php error if error reporting is turned on) or you have code at the welcome.php page that is redirecting back to the form. 2) you may have output_buffering turned on in your php.ini and anything you or php have tried to output on that page has been discarded when the redirect occurs. 3) your code isn't matching the username/password (perhaps the password has been hashed when stored into the table) and you have no logic in your code to address this common occurrence. for items #1 and #2, in your php.ini, set error_reporting to E_ALL, display_errors to ON, and output_buffering to OFF. you will need to restart your web server to get any changes made to the php.ini to take effect and confirm that these settings actually have been changed by looking at the output from a phpinfo() statement. also, for the time being, comment out the header() statement and put in an echo 'you have successfully logged in'; statement so that you know precisely what the code is doing. for item #3, when validating user input (in this case authenticating the username/password), you ALWAYS need an else{} statement to tell the user why his input failed the validation test. if there isn't a matching username/password, inform the user of this by outputting a message. lastly, when the username/password does match a record in the table, you should be retrieving the user's id and setting it into a session variable so that you remember that the current user has been authenticated and who that user is. Thanks for your reply. All the settings in my php.ini file match those you mentioned. For simplicity purposes, I will add a salt function later to my script. Note: I added the session vars, as well as an else statement, I did do what you suggested which was to echo a success/fail in the if statement. However when I comment out the header("Location: welcome.php"); my code works, does not when I de-comment it. Here's my code <?php include('config.php'); if (isset($_POST['submit'])) { $username= $_POST['username']; $password= $_POST['password']; $myusername = mysql_real_escape_string($username); $mypassword = mysql_real_escape_string($password); $sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'"; $result= mysql_query($sql) or die(mysql_error()); // If result matched $myusername and $mypassword, table row must be 1 row if($row = mysql_fetch_array($result)) { $_SESSION['id'] = $row['id']; $_SESSION['username'] = $row['username']; //header("Location:welcome.php"); } else{ echo "Wrong username or password."; exit; } } ?> Quote Link to comment Share on other sites More sharing options...
Andrew12313413 Posted January 22, 2014 Author Share Posted January 22, 2014 (edited) If the query matches a row, it returns the values like you had said. My question is why does my script not redirect when the condition returns true? I have no conflicting redirect in welcome.php if($row = mysql_fetch_array($result)) { $userid = $_SESSION['id'] = $row['id']; $username = $_SESSION['username'] = $row['username']; echo $userid; echo $username; } else{ echo "Wrong username or password."; } Edited January 22, 2014 by Andrew12313413 Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted January 22, 2014 Share Posted January 22, 2014 in my list of suggestions, was one to actually check what the error_reporting/display_errors/output_buffering settings are using a phpinfo() statement. just because you saw some setting in a php.ini does not mean that php is actually using that file or using those settings. in programming, you must actually confirm that the computer is doing what you want. Quote Link to comment Share on other sites More sharing options...
Barand Posted January 22, 2014 Share Posted January 22, 2014 phpinfo() will tell you which php.ini file is being used Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted January 22, 2014 Share Posted January 22, 2014 So it sounds like everything appears to be working except for the header redirect. In addition to making sure that your script is reporting all errors and displaying them (as mac_gyver suggested), have you tried using an absolute link in the header() function? header("Location: http://www.yourwebsite.com/welcome.php"); Of course, you'll need to modify the address to match where the page is on your website. Also, are you familiar with what's going on in the configuration file? include('config.php'); Quote Link to comment Share on other sites More sharing options...
Andrew12313413 Posted January 23, 2014 Author Share Posted January 23, 2014 Error_reporting is set to E_ALL phpinfo(0; shows it as 32767 however. And yeah is just my db settings, which is working. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted January 23, 2014 Share Posted January 23, 2014 at this point, i don't think we can help you with this basic/common task. you are not following through completely on the things that have been suggested and you have in fact removed the debugging code already put in. until you get this to work, you are not done debugging it and leaving in those various echo statements would provide important feedback. they would even indicate that php's error_reporting/display_errors settings are actually working, which they are not, despite you being asked to confirm three different php.ini settings. Quote Link to comment Share on other sites More sharing options...
Tikkie Posted January 23, 2014 Share Posted January 23, 2014 Are you sure you selected a table on the database connection? If you don't do this there will be no error but also no results. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted January 23, 2014 Share Posted January 23, 2014 there will be an error for that condition because the code is testing if the query failed. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.