wikedawsum Posted January 5, 2007 Share Posted January 5, 2007 Hoping somebody here can help me..I'm going through the book PHP and MySQL Web Development by Luke Welling and Laura Thompson. I'm currently working through Chapter 26 (for those of you that have read it), Building User Authentication and Personalization. I've gotten through it pretty good so far, but am having some trouble with actually authenticating the user logins. My site is set up at http://test.aacapartsandsupplies.com. My problem is, whenever I click the login button, I always go to the member.php page.. even if I didn't put any login information in. It doesn't throw back any errors saying "you must be logged in to view this page", etc. Even if I do login, and I try to logout from member.php, it throws back the exception "you were not logged in, and so have not been logged out." I have registered some test users, and this happens on every login I've created.I'm not exactly sure where the problem lies. I'm wondering if anyone has read this book and might be able to help me out. Even if you haven't read it and know more about PHP/MySQL than I do, I'd appreciate any kind of help. Posting the code for the files where I *think* the problem lies.Code for member.php[code]<?php// include function files for this applicationrequire_once('tokens_fns.php'); session_start();//create short variable names$username = $_POST['username'];$passwd = $_POST['passwd'];if ($username && $passwd)// they have just tried logging in{try{login($username, $passwd);// if they are in the database register the user id$_SESSION['valid_user'] = $username;}catch(Exception $e){// unsuccessful logindo_html_header('Problem:');echo 'You could not be logged in. You must be logged in to view this page.';do_html_footer();exit;} }do_html_header('');display_user_menu('');check_valid_user('');?><div id="right"> <div id="title"> <h1>Welcome to your AACA Locker < ?php $_POST['username'] ?></h1></div>Thanks for logging in! You may now view your custom reports, vote in our polls, and be sure to check for any rewards you may have won! < /div><?phpdo_html_footer('');?>[/code]Code for user_auth_fns.php (only code pertaining to login and check_valid_user functions)[code]function login($username, $passwd)// check username and password with db// if yes, return true// else throw exception{// connect to db$conn = db_connect();// check if username is unique$result = $conn->query("select * from user where username='$username'and passwd = sha1('$passwd')");if (!$result)throw new Exception('Could not log you in.');if ($result->num_rows>0)return true;else throw new Exception('Could not log you in.');}function check_valid_user()// see if somebody is logged in and notify them if not{if (isset($_SESSION['valid_user'])){echo '';echo 'Logged in as '.$_SESSION['valid_user'].'.';echo '';}else{// they are not logged inecho '';echo 'You are not logged in.';exit;} }[/code]I'm also posting the logout.php file in case it is needed:[code]<?require_once('tokens_fns.php');do_html_header('');display_login_form('');display_site_info('');//destroys the session, the variables are not longer setsession_start();$old_user = $_SESSION['valid_user']; // store to test if they *were* logged inunset($_SESSION['valid_user']);$result_dest = session_destroy();if (!empty($old_user)){ if ($result_dest) { // if they were logged in and are now logged out echo 'Logged out.<br />'; } else { // they were logged in and could not be logged out echo 'Could not log you out.<br />'; }}else{ // if they weren't logged in but came to this page somehow echo 'You were not logged in, and so have not been logged out.<br />';}do_html_footer('');?>[/code]I can provide more code if needed. Hopefully I've explained that well enough. Thanks to anyone that can offer some help! Link to comment https://forums.phpfreaks.com/topic/33003-user-authentication/ Share on other sites More sharing options...
psychohagis Posted January 5, 2007 Share Posted January 5, 2007 In the user_auth_fns.php file, try using [code]exit('Could not log you in.');[/code] By doing that you stop the rest of the script from running if you hit an error. Link to comment https://forums.phpfreaks.com/topic/33003-user-authentication/#findComment-153652 Share on other sites More sharing options...
wikedawsum Posted January 5, 2007 Author Share Posted January 5, 2007 I tried changing both lines of "throw new exception" to "exit" in the user_auth_fns.php file and there's no change. Link to comment https://forums.phpfreaks.com/topic/33003-user-authentication/#findComment-153675 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.