PHP Login script stumbled. please help

[sayedsohail]

Hi everyone,

My login script doesn't response at all, here is the script.

[code]<?php
/* Created on January 28 2007
Initiate Session */
session_start();
require_once("h.php");
require_once("o.php");
include_once("e.js");

// Pass through if login pragma already set to true.

if($_SESSION['login'])
{
// Honor Logout Request
if(isset($_REQUEST['logout']))
{
$_SESSION['login'] = false;
$_SESSION['message'] = '<font color=green> You are now logged out.  Thank you!</font>';
do_login_form();
exit;
}
}

// Validate login requests.
elseif(isset($_POST['login']))
{
if(!valid_input())
{
$_SESSION['message'] = '<font color=red> The emailid or password was invalid.  Please try again.</font>';
do_login_form();
exit;
}

if(!login())

{
$_SESSION['message'] = '<font color=red> The emailid or password does not exist.  Please try again.</font>';
do_login_form();
exit;
}

//**  Login is valid  **//
// Set login pragma to true.
$_SESSION['login'] = true;

//** Now redirect to private page  **//
$_SESSION['Message'] = "You are logged in as: <b>${_POST['email']}</b>";
header("Location: ${_SERVER['PHP_SELF']}");
exit;

}

// Display login form

else
{

$_SESSION['message'] = 'Please login.';
do_login_form();
exit;
}

//**************** LOCAL FUNCTIONS  ********************************//


// check to see if account exist in our database. //
function login()
{
$query= "SELECT * FROM users WHERE uemail = '${_POST['email']}' and upass=md5('${_POST['pass']}')";
$result = mysql_query($query);
if(@mysql_num_rows($result) == 1)
return true;
else
return false;
}


// validate the syntax of email and password.
function valid_input()
{
$regemail = "^([a-zA-Z0-9])+([\.a-zA-Z0-9_-])*@([a-zA-Z0-9_-])+(\.[a-zA-Z0-9_-]+)*\.([a-zA-Z]{2,6})$";
$regpass = "^([a-zA-Z0-9\-_]{6,25})$"; // allow only letters, numbers, hyphens and underscores. Limit 6-25 Characters

if (eregi($regemail, $_POST['email']) && ereg($regpass, $_POST['pass']))
return true;
else
return false;
}


// This function to displays the login form. //
function do_login_form()
{
?>
<body id="current" onload="setFocus()">
<BR>
<?php $_SESSION['message'] ?>

<form method='post' onSubmit='return checkMyForm(this);' action="<? $_SERVER['PHP_SELF'] ?>">

<table>
<tr>
<td>Email Address</td>
<td><input type="text" name="email" size="20" maxlength="40" value="<? $_POST['email']?>"> </td>
<td>The email address like: [email protected] / [email protected]</td>
</tr>
<td>Password</td>
<td><input type="password" name="pass" maxlength="40" value="<? $_POST['pass']?>"> </td>
<tr>
<td>
</td>

<td><input type ="submit" name="login" value="login"/></td>
</tr>
<tr>
            <td colspan="2"><div align="left"><a href="password.php">Forgotten your password?</a>|<a href="register.php">Register</a> </div></td>
       
          </tr>
</table>
</form>
</body>


<?php
}
require_once("foo.php");
?>[/code]

[JasonLewis]

don't mean to be a pest but could you please give us more info on what happens. also place your code in the [ code ] [/ code ] tags, without spaces of course.

[sayedsohail]

sorry I apologize for not using the script quotes earlier.  Thanks

it vaidates the javascript, but the problem is it doesn't valid php_self it doesn't display any message whether a login is successfull or not. or it display an erros. just blinks the page and value from email and pass wipes away.

[sayedsohail]

Guys I need some help guys.  please

[Jessica]

I was about to try to help you, then I recieved a PM asking for help. The forum rules state NOT to PM members asking for help.

If you have a live example, post a link, so we can see WTF you meant by "wipes away".

[sayedsohail]

sorry, I don't know have a live example.  but script is listed above.

[Jessica]

action="<? $_SERVER['PHP_SELF'] ?>"
Should be
action="<?=$_SERVER['PHP_SELF'] ?>"
or
action="<? print $_SERVER['PHP_SELF']; ?>"

[sayedsohail]

thanks but still it doesn't display any message successful login or failure.

[Jessica]

You did the same thing here:
<?php $_SESSION['message'] ?>

Look through and fix those, and then if you still can't get it, post the new code and we'll help.

[sayedsohail]

Now it prints the error, saying user name and password doesn't exist.  But the username and password is stored in my database.  Something wrong in my sql i don't know i am just puzzled.

[code]$query= "SELECT * FROM users WHERE uemail = $e and upass=$p";
$result = mysql_query($query);
if(mysql_num_rows($result) == 1)
return true;
else
return false;[/code]
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource

[saiko]

you could try replacing

<?php $_SESSION['message'] ?>

with

<?php echo $_SESSION['message']; ?>

do the same for the rest of them

[sayedsohail]

Well now i am having sql problem.

[code]$query= "SELECT * FROM users WHERE uemail = $e and upass=$p";
$result = mysql_query($query);
if(mysql_num_rows($result) == 1)
return true;
else
return false;[/code]

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource

[Jessica]

You need to surround strings in SQL with quotes.
$query= "SELECT * FROM users WHERE uemail = '$e' and upass='$p'";

[sayedsohail]

i did, but still the same.

[Jessica]

$result = mysql_query($query) OR die(mysql_error());

[JasonLewis]

change this:
[code=php:0]$result = mysql_query($query);[/code]
to this:

[code=php:0]$result = mysql_query($query) or die("Error in mysql: ".mysql_error()."<br>SQL: {$query}");[/code]

and tell us what that returns. it should list the error in your syntax.