[SOLVED] login script

[chriscloyd]

Its not redirecting me anywhere it stays on the login.php page and its not even showing any errors

heres my first part of the process login.php
[code]
<?php
session_start();
include("config.php");
include("functions.php");
error_reporting(E_ALL);
ini_set('log_errors','1');
ini_set('display_errors','0');
//login
$username = $_POST['username'];
$password = md5($_POST['password']);
if (isset($_POST['username'])){
login($username,$password);
if ($login == '1'){
$_SESSION['ccloyd'] = $username;
header("Location: ".$location);
} else {
header("Location: ".$location);
}
}
?>
[/code]
heres my function functions.php
[CODE]
<?php
function login($user,$pass){
$users = mysql_query("SELECT * FROM users WHERE username = '$user'");
if ($users) {
$count_users = mysql_num_rows($users) or die('ERROR: '.mysql_error());
$timendate = date("n/j/Y g:i:s A");
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$ip = $_SERVER['REMOTE_ADDR'];
$description = 'Login';
if ($count_users > 0) {
$user_info = mysql_fetch_array($users) or die('ERROR: '.mysql_error());
if ($user_info['username'] == $user) {
if ($user_info['password'] == $pass) {
$login = '1';
if ($_SERVER['HTTP_HOST'] == "www.christophercloyd.com") {
$location = "http://www.christophercloyd.com/index.php?page=home";
} else {
$location = "http://localhost/index.php?page=home";
}
$status = 'Success';
mysql_query("INSERT INTO logs (`ip`,`hostname`,`description`,`timendate`,`status`) VALUES ('$ip','$hostname','$description','$timendate','$status')") or die(mysql_error());
} else {
$error = 'Wrong User Info';
if ($_SERVER['HTTP_HOST'] == "www.christophercloyd.com") {
$location = "http://www.christophercloyd.com/index.php?page=home&false=".$error;
} else {
$location = "http://localhost/index.php?page=home&false=".$error;
}
$login = '0';
$status = 'Failed';
mysql_query("INSERT INTO logs (`ip`,`hostname`,`description`,`timendate`,`status`) VALUES ('$ip','$hostname','$description','$timendate','$status')") or die(mysql_error());
}
} else {
$error = 'Wrong User Info';
if ($_SERVER['HTTP_HOST'] == "www.christophercloyd.com") {
$location = "http://www.christophercloyd.com/index.php?page=home&false=".$error;
} else {
$location = "http://localhost/index.php?page=home&false=".$error;
}
$login = '0';
$status = 'Failed';
mysql_query("INSERT INTO logs (`ip`,`hostname`,`description`,`timendate`,`status`) VALUES ('$ip','$hostname','$description','$timendate','$status')") or die(mysql_error());
}
} else {
$error = 'Wrong User Info';
if ($_SERVER['HTTP_HOST'] == "www.christophercloyd.com") {
$location = "http://www.christophercloyd.com/index.php?page=home&false=".$error;
} else {
$location = "http://localhost/index.php?page=home&false=".$error;
}
$status = 'Failed';
mysql_query("INSERT INTO logs (`ip`,`hostname`,`description`,`timendate`,`status`) VALUES ('$ip','$hostname','$description','$timendate','$status')") or die(mysql_error());
$login = '0';
}
} else {
$error = 'Wrong User Info';
if ($_SERVER['HTTP_HOST'] == "www.christophercloyd.com") {
$location = "http://www.christophercloyd.com/index.php?page=home&false=".$error;
} else {
$location = "http://localhost/index.php?page=home&false=".$error;
}
$status = 'Failed';
mysql_query("INSERT INTO logs (`ip`,`hostname`,`description`,`timendate`,`status`) VALUES ('$ip','$hostname','$description','$timendate','$status')") or die(mysql_error());
$login = '0';
}
if ($login == 1) {
return $login;
return $location;
} else {
return $login;
return $location;
return $error;
}
}
?>
[/CODE]

[chriscloyd]

i just checked the log file for erros and i have this error
[Tue Jan 02 01:34:48 2007] [error] [client 127.0.0.1] PHP Notice:  Undefined variable: login in C:\\xampp\\xampp\\htdocs\\includes\\login.php on line 13, referer: http://localhost/
[Tue Jan 02 01:34:48 2007] [error] [client 127.0.0.1] PHP Notice:  Undefined variable: location in C:\\xampp\\xampp\\htdocs\\includes\\login.php on line 17, referer: http://localhost/

[trq]

If you want to collect the returned variable you need to call your login function something like....

[code=php:0]
$location = login($username,$password);
[/code]

However, your login function is also foobared. You cannot return multiple values the way you are attempting. If you want to return multiple variables you will need to put them all in an array and return that.

Read the manual entry on [url=http://php.net/functions]functions[/url] for more info.

[chriscloyd]

okay i changed it all to one page lol just bc i wanna get it to work for now
but now its just saying wrong info but i check and it is right info
[CODE]
<?php
session_start();
include("config.php");
include("functions.php");
error_reporting(E_ALL);
ini_set('log_errors','1');
ini_set('display_errors','0');
//login
$username = $_POST['username'];
$password = md5($_POST['password']);
if (isset($_POST['username'])){
$users = mysql_query("SELECT * FROM users WHERE username = '$username'");
if ($users) {
$count_users = mysql_num_rows($users) or die('ERROR: '.mysql_error());
$timendate = date("n/j/Y g:i:s A");
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$ip = $_SERVER['REMOTE_ADDR'];
$description = 'Login';
if ($count_users > 0) {
$user_info = mysql_fetch_array($users) or die('ERROR: '.mysql_error());
if ($user_info['username'] == $user) {
if ($user_info['password'] == $password) {
$login = '1';
if ($_SERVER['HTTP_HOST'] == "www.christophercloyd.com") {
$location = "http://www.christophercloyd.com/index.php?page=home";
} else {
$location = "http://localhost/index.php?page=home";
}
$status = 'Success';
mysql_query("INSERT INTO logs (`ip`,`hostname`,`description`,`timendate`,`status`) VALUES ('$ip','$hostname','$description','$timendate','$status')") or die(mysql_error());
} else {
$error = 'Wrong User Info';
if ($_SERVER['HTTP_HOST'] == "www.christophercloyd.com") {
$location = "http://www.christophercloyd.com/index.php?page=home&false=".$error;
} else {
$location = "http://localhost/index.php?page=home&false=".$error;
}
$login = '0';
$status = 'Failed';
mysql_query("INSERT INTO logs (`ip`,`hostname`,`description`,`timendate`,`status`) VALUES ('$ip','$hostname','$description','$timendate','$status')") or die(mysql_error());
}
} else {
$error = 'Wrong User Info';
if ($_SERVER['HTTP_HOST'] == "www.christophercloyd.com") {
$location = "http://www.christophercloyd.com/index.php?page=home&false=".$error;
} else {
$location = "http://localhost/index.php?page=home&false=".$error;
}
$login = '0';
$status = 'Failed';
mysql_query("INSERT INTO logs (`ip`,`hostname`,`description`,`timendate`,`status`) VALUES ('$ip','$hostname','$description','$timendate','$status')") or die(mysql_error());
}
} else {
$error = 'Wrong User Info';
if ($_SERVER['HTTP_HOST'] == "www.christophercloyd.com") {
$location = "http://www.christophercloyd.com/index.php?page=home&false=".$error;
} else {
$location = "http://localhost/index.php?page=home&false=".$error;
}
$status = 'Failed';
mysql_query("INSERT INTO logs (`ip`,`hostname`,`description`,`timendate`,`status`) VALUES ('$ip','$hostname','$description','$timendate','$status')") or die(mysql_error());
$login = '0';
}
} else {
$error = 'No such user!';
if ($_SERVER['HTTP_HOST'] == "www.christophercloyd.com") {
$location = "http://www.christophercloyd.com/index.php?page=home&false=".$error;
} else {
$location = "http://localhost/index.php?page=home&false=".$error;
}
$status = 'Failed';
mysql_query("INSERT INTO logs (`ip`,`hostname`,`description`,`timendate`,`status`) VALUES ('$ip','$hostname','$description','$timendate','$status')") or die(mysql_error());
$login = '0';
}
if ($login == '1'){
$_SESSION['ccloyd'] = $username;
header("Location: ".$location);
} else {
header("Location: ".$location);
}
}
?>
[/CODE]

[trq]

Why are you wrapping integers in quotes? Are your passwords md5'd?

This login function is pretty bloated. You do realise its easier to just check the username and password via the one query?

[chriscloyd]

no i do lol
and i solved the problem
and yes the passwords are