simcoweb Posted March 1, 2007 Share Posted March 1, 2007 I've used this same snippet of code in other login forms without a problem (with some slight modifications from script to script) but this one seems to baffle me. Basically it takes the login and validates the entries (validation works, error messages display if left blank), then checks the database for a match. If there's a match then it is supposed to forward the person onto the proper page using the 'header' function. Problem is it's not. Basically it's reverting back to the 'index.php' page (login page) and the display is completely blank. Here's the code for index.php: <?php $con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error()); mysql_select_db($dbname, $con) or die(mysql_error()); // Get Record Set $sql = ("SELECT * FROM eastside_admin WHERE username = '$username' AND password = '$password'"); // mysql_query($sql) or die(mysql_error()); $results = mysql_query($sql, $con) or die(mysql_error()); $num_rows = mysql_num_rows($results) or die(mysql_error()); if (mysql_num_rows($results) == "1") { $_SESSION['loggedin'] = $_POST['loggedin']; header("Location: eastside_admin.php"); exit; } else { echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n"; } ?> The code in the 'eastside_admin.php': <?php ob_start(); session_start(); if isset($_SESSION['loggedin']) { include 'adminheader.php'; include 'admin_menu.php'; include 'adminfooter.php'; } else { echo "This is a restricted area requiring login. Please return to the login page"; header("Location: index.php"); exit; } ?> Quote Link to comment Share on other sites More sharing options...
MadTechie Posted March 1, 2007 Share Posted March 1, 2007 try searching the forum http://www.phpfreaks.com/forums/index.php/topic,95562.0.html Quote Link to comment Share on other sites More sharing options...
Adika Posted March 1, 2007 Share Posted March 1, 2007 Hi, I think I see where the problem is: I don't see nowhere the $_POST['loggedin']. I see that you want to attach the session to him, but I don't see what will be in that $_POST['loggedin']. I see that you have $username and $password variables, but I don't see what $_POST['loggedin'] represents. By the way, that's why your script returns to index.php, because your session is undefied (not set), because you are trying to attach to session something what didn't exist. All the best, Adika Quote Link to comment Share on other sites More sharing options...
bwochinski Posted March 1, 2007 Share Posted March 1, 2007 As MadTechie was pointing out: <?php } else { //echo "This is a restricted area requiring login. Please return to the login page"; header("Location: index.php"); exit; }?> Get rid of that echo line... you can't send output before headers. Quote Link to comment Share on other sites More sharing options...
Adika Posted March 1, 2007 Share Posted March 1, 2007 Or leave the "echo" line but instead of the "header" function, use the HTML meta tag redirect function. Quote Link to comment Share on other sites More sharing options...
simcoweb Posted March 1, 2007 Author Share Posted March 1, 2007 Adika, can you provide me some samples of what you mean, please? Quote Link to comment Share on other sites More sharing options...
Adika Posted March 1, 2007 Share Posted March 1, 2007 Sure! But first, please send me the html page, that way I can be sure of where the mistake is. Quote Link to comment Share on other sites More sharing options...
simcoweb Posted March 1, 2007 Author Share Posted March 1, 2007 You mean the login page? Here's the full code: <?php session_start(); $loginError = ""; // declare this so it is always available // Turn on magic quotes to prevent SQL injection attacks if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); // Validate users input if(!empty($_POST)) { // Check username has a value if(empty($_POST['username'])) $loginError['username'] = "Please enter a user name!"; // Check password has a value if(empty($_POST['password'])) $loginError['password'] = "Please enter a password!"; // Check if any errors were returned and run relevant code if(empty($loginError)) { $username = $_POST['username']; $password = $_POST['password']; $_SESSION['loggedin'] = $_POST['loggedin']; include 'dbconfig.php'; // Connect to database $con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error()); mysql_select_db($dbname, $con) or die(mysql_error()); // Get Record Set $sql = ("SELECT * FROM eastside_admin WHERE username = '$username' AND password = '$password'"); // mysql_query($sql) or die(mysql_error()); $results = mysql_query($sql, $con) or die(mysql_error()); $num_rows = mysql_num_rows($results) or die(mysql_error()); if (mysql_num_rows($results) == "1") { $_SESSION['loggedin'] = $_POST['loggedin']; header("Location: eastside_admin.php"); exit; } else { echo "Your user name and password do not match any in our database! Please try again. <a class='body' href='login.php'>Return to login page.<br>\n"; } } } include 'adminheader.php'; ?> <div align="center"> <table style="BORDER-COLLAPSE: collapse" bordercolor="#666666" cellpadding="4" width="530" border="0"> <tbody> <tr> <td> <h2 align="center">Login page</h2> <font color="red"><div align="center"> <? // Loop through all errors if(!empty($loginError)) { ?> <ul> <? foreach($loginError as $eg_message) { ?> <li id="validationError"><?= @$eg_message ?></li> <? } ?> </ul> <? } ?> </font></div> <form action="<? $_SERVER['PHP_SELF'] ?>" name="login" method="post" > <input type="hidden" value="loggedin" name="loggedin"> <table cellspacing="0" cols="2" cellpadding="0" align="center" border="0"> <tbody> <tr><td>User name: </td><td><input type='text' size='21' name="username" ></td> </tr> <tr> <td>Password:</td><td><input type="password" size="21" name="password"></td> </tr> <tr> <td></td> <td align="right"><br><input type="submit" value="Login"></td> </tr> </tbody> </table> </form> </td></tr> </tbody> </table> </div> <p> <? include 'adminfooter.php'; ?> Quote Link to comment Share on other sites More sharing options...
Adika Posted March 2, 2007 Share Posted March 2, 2007 Hi! The problem is in the eastside_admin.php, not in the login page. Thank you for posted here the whole code for the login page. It helped me to see the problem. So, on the eastside_admin.php you cannot use "isset" for session. In the login page, you created the $_SESSION['loggedin'] which has a value: loggedin. So, use this code on the eastside_admin.php: <?php ob_start(); session_start(); [color=red]if ($_SESSION['loggedin']==="loggedin")[/color] { include 'adminheader.php'; include 'admin_menu.php'; include 'adminfooter.php'; } else { echo "This is a restricted area requiring login. Please return to the login page"; header("Location: index.php"); exit; } ?> Is it working now? All the best, Adika Quote Link to comment Share on other sites More sharing options...
simcoweb Posted March 2, 2007 Author Share Posted March 2, 2007 Adika, I changed that line of code but, alas, it still does the same thing When I enter username/password into the index.php (login) page it remains on that page and is blank. Quote Link to comment Share on other sites More sharing options...
redarrow Posted March 2, 2007 Share Posted March 2, 2007 Corrected. <?php ob_start(); session_start(); [color=red]if ($_SESSION['loggedin']==="loggedin")[/color] { include 'adminheader.php'; include 'admin_menu.php'; include 'adminfooter.php'; } else { echo "This is a restricted area requiring login. Please return to the login page"; header("Location: index.php"); exit; } ob_end_flush(); ?> Quote Link to comment Share on other sites More sharing options...
simcoweb Posted March 2, 2007 Author Share Posted March 2, 2007 Arggh! Still doing the same thing! Quote Link to comment Share on other sites More sharing options...
redarrow Posted March 2, 2007 Share Posted March 2, 2007 <?php session_start(); [color=red]if ($_SESSION['loggedin']==="loggedin")[/color] { include 'adminheader.php'; include 'admin_menu.php'; include 'adminfooter.php'; } elseif (!$_SESSION['loggedin']==="loggedin") { echo "This is a restricted area requiring login. Please return to the login page"; header("Location: index.php"); exit; } ?> watch it work where my tea lol Quote Link to comment Share on other sites More sharing options...
craygo Posted March 2, 2007 Share Posted March 2, 2007 isset does work for sessions I use it all the time. try this <?php session_start(); if(isset($_SESSION['loggedin'])) { include 'adminheader.php'; include 'admin_menu.php'; include 'adminfooter.php'; } else { echo "This is a restricted area requiring login. Please return to the login page"; //header("Location: index.php"); echo "<META HTTP-EQUIV=\"Refresh\" content=\"2;url=index.php\">"; //exit; } ?> Quote Link to comment Share on other sites More sharing options...
simcoweb Posted March 2, 2007 Author Share Posted March 2, 2007 Ok, i've made both of those last changes. STILL it just goes to the index.php and is totally blank. There has to be something in the code in the login page perhaps that is causing it to loop? During the log in process I don't see any incidence of where it goes to the eastside_admin.php page then returns to the index.php page. It just 'stays' on the index.php page (login page) and goes blank. Quote Link to comment Share on other sites More sharing options...
simcoweb Posted March 2, 2007 Author Share Posted March 2, 2007 I believe i've found the problem. I went into the database and removed the md5 encrypted password and replaced it with the unencrypted password and when logging in I received a syntax error for a function I needed to edit. This is a milestone in itself since all I was getting before was a blank page! So, I fixed the function and tried again. Voila! logged right in with no problems and the page displayed perfectly. So, the problem is with how i've created the username/password and inserted it into the mysql database. Basically I wrote a quickie little script to add the administrator's username/password. Here it is: <?php // create admin identity include 'adminheader.php'; // this is a one time effort $username = "bozotheclown"; $password = "bozosbigtop"; $enc_password = md5($password); // run query to insert include 'dbconfig.php'; // Connect to database $con = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error()); mysql_select_db($dbname, $con) or die(mysql_error()); $sql = "INSERT INTO eastside_admin (username, password) VALUES ('$username', '$enc_password')"; $results = mysql_query($sql) or die(mysql_error()); $num_rows = mysql_affected_rows($con); if ($num_rows == 1) { echo "Administrator successfully added"; } else { echo "Could not insert administrator for some reason."; } include 'adminfooter.php'; ?> I'm not sure at all if i've handled the encryption part properly ( I had another thread on that and this is what we settled on ) or if I have the field attributes set properly. VARCHAR and size 32 Quote Link to comment Share on other sites More sharing options...
redarrow Posted March 2, 2007 Share Posted March 2, 2007 make sure you valadate the information and also use at least addslashes ok. example $name=addslashes($_POST['name']); or $name=trim(addslashes($_POST['name'])); Quote Link to comment Share on other sites More sharing options...
bwochinski Posted March 2, 2007 Share Posted March 2, 2007 ooohhhhhh. It looks like then your problem might be that in your login script you never md5 the password. Quote Link to comment Share on other sites More sharing options...
simcoweb Posted March 2, 2007 Author Share Posted March 2, 2007 Can you elaborate on that, puhleeeez? Quote Link to comment Share on other sites More sharing options...
redarrow Posted March 2, 2007 Share Posted March 2, 2007 does the password md5 now? Quote Link to comment Share on other sites More sharing options...
bwochinski Posted March 2, 2007 Share Posted March 2, 2007 Find this area in your login script: <?php if(empty($loginError)) { $username = $_POST['username']; $password = md5($_POST['password']); // <---- Changed this line. $_SESSION['loggedin'] = $_POST['loggedin']; include 'dbconfig.php'; ?> Quote Link to comment Share on other sites More sharing options...
simcoweb Posted March 2, 2007 Author Share Posted March 2, 2007 Ta Daaa!! Ok, that was the missing link. I had md5'd the password but wasn't referring to it in the login script. I just deleted and reinserted the admin profile using the md5 hash for the password, modified that line you pointed out in the login script, and was able to log in successfully without incident. Thanks to everyone! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.