CoffeeAddict Posted March 8, 2007 Share Posted March 8, 2007 Yep, it's me again. I just seem to be drowning in php problems lately. I have a user registration and login system. I can register just fine and it works well, but when I try to login with my new username and password it gives me an "access denied" saying the info is invalid. I haven't a clue how to go about resolving this. It seems like everything is working fine but apparently it's not. This is the code for the register page. Can anyone spot anything that's wrong? Any suggestions? (I do google as much as possible before coming here, but I can't seem to find an answer for this. Thanks in advance for any help) <?php include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/config.php"); $fname = addslashes(strip_tags($_POST['fname'])); $lname = addslashes(strip_tags($_POST['lname'])); $add = addslashes(strip_tags($_POST['add'])); $addtwo = addslashes(strip_tags($_POST['addone'])); $city = addslashes(strip_tags($_POST['city'])); $state = addslashes(strip_tags($_POST['state'])); $zip = addslashes(strip_tags($_POST['zip'])); $email = addslashes(strip_tags($_POST['email'])); $phone = addslashes(strip_tags($_POST['phone'])); if (!$fname || !$lname || !$add || !$city || !$state || !$zip || !$phone || !$email) { echo "Error!! You have not entered the following field(s).Hit back and try again<br>\n"; $fields_to_validate = array('fname', 'lname', 'add', 'city', 'state', 'zip', 'phone', 'email'); // validate above fields. $field_display_value = array('First Name', 'Last Name', 'Address', 'City', 'State', 'Zip', 'Telephone', 'Email'); // if the field is not set then show the above display value. echo "<ul>\n"; for($a = 0;$a < count($fields_to_validate);$a++) { // loop through fields and check whether that has been set or not. if (!${$fields_to_validate[$a]}) { echo "<li><font color=\"#FF0000\">$field_display_value[$a]</font>\n"; } } echo "</ul>\n"; } else { //Select statement detects if another user matches $sql = "SELECT COUNT(*) FROM users WHERE email = '$email'"; $result = mysql_query($sql); if (!$result) { echo "A database error occurred"; } //Code here inserts if customer has already been in if (mysql_result($result,0,0)>0) { echo "You have already registered. If you have forgotten your login details please <a href=\"lostpwd.php\">go here</a> to retrieve it."; }else { // password generation $length="8"; $newpass = substr(md5(uniqid(rand(), true)), 0, $length); $newpassinst = md5("$newpass"); // db insert and redirection mysql_query ("INSERT INTO landlords (fname, lname, phone) VALUES ('$fname', '$lname', '$phone')"); $idsql = "SELECT * FROM landlords WHERE fname='$fname' and lname='$lname'"; //echo "$idsql"; $result2 = mysql_query($idsql) or die ("Query failed"); while ($row2 = mysql_fetch_array($result2)) { $llid=$row2["lid"]; } mysql_query ("INSERT INTO users (llid, fname, lname, email, addone, addtwo, city, state, zip, phone, passwd, tdate) VALUES ('$llid', '$fname', '$lname', '$email', '$add', '$addtwo', '$city', '$state', '$zip', '$phone', '$newpassinst', NOW()) "); // mail password to user mail("$email", "$emailsubject", "Dear $fname $lname, Thank you for registering. Below you will find your username and password that will let you log in and begin to enter rental listings. Username: $email Password: $newpass ", "FROM:$owneremail"); // thankyou page header("Location: http://$domain/phprentals/html/postregister.php"); }} ?> Quote Link to comment Share on other sites More sharing options...
trq Posted March 8, 2007 Share Posted March 8, 2007 This is the code for the register page. Surely we need to see the login code? Quote Link to comment Share on other sites More sharing options...
CoffeeAddict Posted March 8, 2007 Author Share Posted March 8, 2007 I didn't write the scipt, so I'm not sure of where to find it. This was a prewritten package that I downloaded and now it's not working. And there is no support. I was looking over the files and I noticed that the "md5" file is blank. However this part of the code that I posted above // password generation $length="8"; $newpass = substr(md5(uniqid(rand(), true)), 0, $length); $newpassinst = md5("$newpass"); above has md5 in it. Could that be the problem? ETA: I think this might be the login code you asked to see. I could be wrong though. ?php include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/accesscontrol.php"); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1"> </HEAD> <BODY NOF="(MB=(DefaultMasterBorder, 0, 0, 0, 0), L=(protectedLayout, 600, 237))" BGCOLOR="#FFFFFF" TEXT="#000000" TOPMARGIN=0 LEFTMARGIN=0 MARGINWIDTH=0 MARGINHEIGHT=0> <? include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/header.php"); ?> <CENTER> <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 NOF=LY> <TR VALIGN=TOP ALIGN=LEFT> <TD WIDTH=600> <TABLE ID="Table1" BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH="100%"> <TR> <TD WIDTH=594> <P> </P> </TD> </TR> <TR> <TD WIDTH=594> <P><B><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><U>Landlord Admin Area</U></FONT></B></P> <P><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif">This is the landlord administration area. From here landlords can add new listings, edit/delete current listings. The delete button below has been disabled. The link to "Edit" a listing will allow you to edit a listing, but it will not be changed in our database.</FONT></P> <UL> <LI><A HREF="/phprentals/landlords/addlisting.php"><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif">Add A New Listing</FONT></A></LI> </UL> <P> </P> </TD> </TR> <TR> <TD WIDTH=594 BGCOLOR="#FFFFCC"> <P ALIGN=CENTER><B><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif">Your Listings</FONT></B></P> </TD> </TR> <TR> <table width="600" border=0 cellpadding=2 cellspacing=0> <TR bgcolor="#cccccc"><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Rental Type</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Address</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>List Date</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>City</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Edit</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Delete</TD></TR> <?php include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/config.php"); $_SESSION['uid'] = $uid; $_SESSION['pwd'] = $pwd; $rst=mysql_query("SELECT * FROM users WHERE email='$uid' and passwd='$pwd'"); if ($row = mysql_fetch_array($rst)) { $llid=$row["llid"]; } if (!$llid) { echo "Database Error"; } $query=mysql_query("SELECT * FROM listings WHERE llid='$llid'"); while ($row = mysql_fetch_array($query)) { $tdate = $row["listdate"]; $tdate = explode("-", $tdate); $year = $tdate[0]; $month = $tdate[1]; $day = $tdate[2]; echo "<TR><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">"; echo $row["rtype"]; echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">"; echo $row["addone"]; echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">"; echo "$month-$day-$year"; echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">"; echo $row["city"]; echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\"><a href=\"editlisting.php?id=".$row["rid"]."\">Edit Listing</a></TD>"; echo "<TD valign=\"middle\"><form action=\"deleteconfirm.php\" method=POST><input type=hidden name=rid value=\"".$row["rid"]."\"><input type=submit value=Delete></TD>"; echo "</TR>"; } ?> </form> <TD> <P> </P> </TD> </TR> </TABLE> </TD> </TR> </TABLE> <BR><BR> <? include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/footer.php"); ?> </BODY> </HTML> Quote Link to comment Share on other sites More sharing options...
sayedsohail Posted March 8, 2007 Share Posted March 8, 2007 i don't see any login section on this page. Please see and drill down your entire package to find out login. definately there is something login, Otherwise right click on the file in your browser and view source code and atleast by that we would be able to figure out something for you. regards, Quote Link to comment Share on other sites More sharing options...
CoffeeAddict Posted March 8, 2007 Author Share Posted March 8, 2007 This is the source code for the login page. Hopefully you can see something there that I'm missing. <html> <head> <title> Please Log In for Access </title> </head> <body> <table align=center width=300 border=0 cellspacing=0 cellpadding=0 bgcolor="#2f4f4f"> <tr><td> <table border=0 width=100% cellspacing=1 cellpadding=1> <form action="/phprentals/landlords/index.php" method=POST> <tr><td BGCOLOR="#2f4f4f"><FONT SIZE="-1" FACE="Verdana,Tahoma,Arial,Helvetica,sans-serif" COLOR="#FFFFFF"> <B>Please Log In For Access:</B> </td></tr> <tr><td BGCOLOR="#c7c7c7"><FONT SIZE="-1" FACE="Verdana,Tahoma,Arial,Helvetica,sans-serif"> You must log in to access this area of the site. </td></tr> <tr> <td BGCOLOR="#fffff0"> <table width=100% border=0 cellspacing=0 cellpadding=0> <tr> <td><FONT SIZE="-1" FACE="Verdana,Tahoma,Arial,Helvetica,sans-serif">Email Address:</td> <td><input type=text name="uid" size="20" value=""></td> </tr> <tr> <td><FONT SIZE="-1" FACE="Verdana,Tahoma,Arial,Helvetica,sans-serif">Password:</td> <td><input type=password name="pwd" size="20"></td> </tr> <tr> <td colspan=2 align=center> <input type=submit name="Login" value="Login"> </td> </tr> </form> </table> </td> </tr> </table> </td></tr> </table> </body> </html> Quote Link to comment Share on other sites More sharing options...
sayedsohail Posted March 8, 2007 Share Posted March 8, 2007 definately something to do with your "pwd" can you see any somethign form method="post" action="........"> Please show us index.php thanks, Quote Link to comment Share on other sites More sharing options...
CoffeeAddict Posted March 8, 2007 Author Share Posted March 8, 2007 Here's index.php from the landlords folder. I also have another index.php for the main page of the site but that doesn't have anything to do with logging in. <?php include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/accesscontrol.php"); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1"> </HEAD> <BODY NOF="(MB=(DefaultMasterBorder, 0, 0, 0, 0), L=(protectedLayout, 600, 237))" BGCOLOR="#FFFFFF" TEXT="#000000" TOPMARGIN=0 LEFTMARGIN=0 MARGINWIDTH=0 MARGINHEIGHT=0> <? include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/header.php"); ?> <CENTER> <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 NOF=LY> <TR VALIGN=TOP ALIGN=LEFT> <TD WIDTH=600> <TABLE ID="Table1" BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH="100%"> <TR> <TD WIDTH=594> <P> </P> </TD> </TR> <TR> <TD WIDTH=594> <P><B><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><U>Landlord Admin Area</U></FONT></B></P> <P><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif">This is the landlord administration area. From here landlords can add new listings, edit/delete current listings. </FONT></P> <UL> <LI><A HREF="/phprentals/landlords/addlisting.php"><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif">Add A New Listing</FONT></A></LI> </UL> <P> </P> </TD> </TR> <TR> <TD WIDTH=594 BGCOLOR="#FFFFCC"> <P ALIGN=CENTER><B><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif">Your Listings</FONT></B></P> </TD> </TR> <TR> <table width="600" border=0 cellpadding=2 cellspacing=0> <TR bgcolor="#cccccc"><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Rental Type</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Address</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>List Date</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>City</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Edit</TD><TD><FONT SIZE="-1" FACE="Arial,Helvetica,Geneva,Sans-serif,sans-serif"><B>Delete</TD></TR> <?php include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/config.php"); $_SESSION['uid'] = $uid; $_SESSION['pwd'] = $pwd; $rst=mysql_query("SELECT * FROM users WHERE email='$uid' and passwd='$pwd'"); if ($row = mysql_fetch_array($rst)) { $llid=$row["llid"]; } if (!$llid) { echo "Database Error"; } $query=mysql_query("SELECT * FROM listings WHERE llid='$llid'"); while ($row = mysql_fetch_array($query)) { $tdate = $row["listdate"]; $tdate = explode("-", $tdate); $year = $tdate[0]; $month = $tdate[1]; $day = $tdate[2]; echo "<TR><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">"; echo $row["rtype"]; echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">"; echo $row["addone"]; echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">"; echo "$month-$day-$year"; echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\">"; echo $row["city"]; echo "</TD><TD><FONT SIZE=\"-1\" FACE=\"Arial,Helvetica,Geneva,Sans-serif,sans-serif\"><a href=\"editlisting.php?id=".$row["rid"]."\">Edit Listing</a></TD>"; echo "<TD valign=\"middle\"><form action=\"deleteconfirm.php\" method=POST><input type=hidden name=rid value=\"".$row["rid"]."\"><input type=submit value=Delete></TD>"; echo "</TR>"; } ?> </form> <TD> <P> </P> </TD> </TR> </TABLE> </TD> </TR> </TABLE> <BR><BR> <? include ("".$_SERVER['DOCUMENT_ROOT']."/phprentals/includes/footer.php"); ?> </BODY> </HTML> Quote Link to comment Share on other sites More sharing options...
Glyde Posted March 8, 2007 Share Posted March 8, 2007 I don't know where you got this package from...but you should be looking for a better one. A few reasons: 1) The package outputs HTML sometimes before any PHP code...this can cause header errors unless output_buffering is on, which causes more system memory to be used. 2) The package (if it's is as it appears) stores the user's password in a session. 3) The package has no checks for any previous calls to addslashes() or magic quotes. When the line: addslashes(strip_tags($_POST['fname'])) is executed, $fname may look something like "Some Name L\\\'ast name" when it could just as easily look like: "Some Name L\'ast name". 4) The HTML in itself looks very sloppy. That's just what I thought of now...I'm sure there are plenty of other reasons not to use this. Surely you can find what you're looking for on http://hotscripts.com. They have plenty of portal/account sites Quote Link to comment Share on other sites More sharing options...
legohead6 Posted March 8, 2007 Share Posted March 8, 2007 is the user appearing in your database? Quote Link to comment Share on other sites More sharing options...
CoffeeAddict Posted March 9, 2007 Author Share Posted March 9, 2007 I found this on hotscripts. lol I agree that it's not the best but it was the only free one I could find that even remotly did what I wanted. I need something were people can list their own house rentals and others can browse them. All others packages that have those features on hotscripts are not free. (I know you get what you pay for, but I'm not in the position to spend hundreds right now, so I thought I could try and make this work) Yes, the user appears in the database. Any other thoughts about what might be going wrong? Quote Link to comment Share on other sites More sharing options...
Archadian Posted March 9, 2007 Share Posted March 9, 2007 its better to just write your own that way if there are any errors you will know how to fix it. all you have to do is create a form then create some php code that checks what was input into the form to what is in the database. it if matches then set a cookie with their username or some rand() number. Any info only for registered members that are logged in just use this: if (isset($_COOKIE['test'])) { // Logged in users only code here. } Quote Link to comment Share on other sites More sharing options...
CoffeeAddict Posted March 9, 2007 Author Share Posted March 9, 2007 Thanks for the reply, but I'm not able to write my own yet, I'm very new to php. I understand the very basics but writing code is not in my skill level yet. Are you saying I can use what you provided to make my login work? If so, where do I put it? And it looks so short, will that really do the trick? Quote Link to comment Share on other sites More sharing options...
Archadian Posted March 9, 2007 Share Posted March 9, 2007 here you can use my code: (both are in the same script) Your login form: echo "<table align=\"center\" valign=\"top\" cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"100%\" height=\"35\">"; echo "<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"POST\">"; echo "<tr>"; echo "<td align=\"left\" width=\"20%\" height=\"35\">Username: </td>"; echo "<td align=\"left\" width=\"20%\" height=\"35\"><input type=\"text\" name=\"username\" size=\"10\"></td>"; echo "<td align=\"left\" width=\"20%\" height=\"35\">Password: </td>"; echo "<td align=\"left\" width=\"20%\" height=\"35\"><input type=\"password\" name=\"password\" size=\"10\"></td>"; echo "<td align=\"left\" width=\"20%\" height=\"35\"> <input type=\"submit\" name=\"submit\" value=\"Login\"></td>"; echo "</tr>"; echo "</form>"; echo "</table>"; the code that processes this info from the form and sets the cookies IF the info from the form matches the info in the MySQL DB: if (isset($_POST['username']) && isset($_POST['password'])) { // checks to see if the form was filled out eh(); // my DB function to connect to the DB...make your own connection here $chkuser = $_POST['username']; $chkpass = md5($_POST['password']); $check = mysql_query("SELECT uname, pass, adcheck, adstatus FROM users WHERE uname = '$chkuser' AND pass = '$chkpass'") or die("Problem in login function."); $row = mysql_fetch_array($check) or die("Could not fetch the row."); if ($chkuser == $row['uname'] && $chkpass == $row['pass']) { // compares the form's info to the info in the db and if it matches then it runs the code below: $chkuser = $_POST['username']; $sess = rand(); $num = md5($sess); mysql_query("UPDATE users SET session = '$num' WHERE uname = '$chkuser' AND pass = '$chkpass'") or die("Could not update the login table."); setcookie("num", $num, time()+58060800, "/", $wbsite); setcookie("num", $num, time()+58060800, "/", $www); setcookie("user", $chkuser, time()+58060800, "/", $wbsite); setcookie("user", $chkuser, time()+58060800, "/", $www); } Quote Link to comment Share on other sites More sharing options...
Archadian Posted March 9, 2007 Share Posted March 9, 2007 You will have to change the table columns and table name in the mysql_query() to make it work with your own but thats the basic login script Quote Link to comment Share on other sites More sharing options...
CoffeeAddict Posted March 9, 2007 Author Share Posted March 9, 2007 Thank you so much. Do I just make a new file and put those in it? I can change the table names, but how do I change the columns? (I'm sorry for all the questions!) Quote Link to comment Share on other sites More sharing options...
Archadian Posted March 9, 2007 Share Posted March 9, 2007 the columns in your table is like id, username, password, email... etc whatever you have in your table, my table is users with the columns uname, pass, adcheck, adstatus. Just change it to whatever you have in the table you are using to compare the info from the form. if you use 2 scripts change this: action=\"" . $_SERVER['PHP_SELF'] . "\" to this: action=\"yournewscript.php\" Quote Link to comment Share on other sites More sharing options...
CoffeeAddict Posted March 9, 2007 Author Share Posted March 9, 2007 the columns in your table is like id, username, password, email... etc whatever you have in your table, my table is users with the columns uname, pass, adcheck, adstatus. Okay, I got that part now. if you use 2 scripts change this: Code: action=\"" . $_SERVER['PHP_SELF'] . "\" to this: Code: action=\"yournewscript.php\" And I'm confused about this. Here's what I think I should be doing. Make a new file titled "login.php" and paste your code into it. Change the tables and columns to my own. Now what would I change that last part to? The name of my register file? And do I need to change anything in any other files so this will work? I feel so dense. I'm sure this is quite simple I just can't wrap my brain around it. Getting there though. Thank you for helping me! Quote Link to comment Share on other sites More sharing options...
Archadian Posted March 9, 2007 Share Posted March 9, 2007 if you use 2 scripts change this: Code: action=\"" . $_SERVER['PHP_SELF'] . "\" to this: Code: action=\"yournewscript.php\" action=\"yournewscript.php\" is the name of the script with the actual PHP code (not the form) Read about HTML forms to better understand this Hope this helps Quote Link to comment Share on other sites More sharing options...
trq Posted March 9, 2007 Share Posted March 9, 2007 Honestly, if php is 'not in your skill level yet' then your on the wrong board. This is for people with problems creating scripts, not people that can't get other peoples code to work. If you want to learn php do so. Quote Link to comment Share on other sites More sharing options...
Archadian Posted March 9, 2007 Share Posted March 9, 2007 buy PHP Bible 2nd Edition...its a good manual if you want to learn PHP Quote Link to comment Share on other sites More sharing options...
CoffeeAddict Posted March 9, 2007 Author Share Posted March 9, 2007 Honsestly, if php is 'not in your skill level yet' then your on the wrong board. This is for people with problems creating scripts, not people that can't get other peoples code to work. If you want to learn php do so. Gee, thanks so much for the help. I thought this was a forum for php help. I didn't realize you had to already be a 'coder' to ask a question. It's very easy for someone who already knows php to just say "go learn it", have you forgotten how it all looks like greek when you first begin? I AM trying to learn but it won't happen overnight. So sorry for bothering you and thanks for being so nice in your reply to me. You won't have to worry about me clogging up your board with more questions. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.