[SOLVED] Login System

Ninjakreborn · April 16, 2007

I haven't had a problemw ith a login system for awhile, for some reason this just isn't working.

<?php require_once("./config.php"); ?>
<?php
// any custom settings need to be set here. (if they are specific to this page only.
if (isset($_POST['submit'])) {
$errorhandler = "";
if ($_POST['username'] == "") {
	$errorhandler .= "Username was left blank.<br />";	
}
if ($_POST['password'] == "") {
	$errorhandler .= "Password was left blank.<br />";
}
if ($errorhandler != "") {
	echo $errorhandler;
	exit;
}
if ($errorhandler == "") {
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
$select = "SELECT * FROM clients WHERE username = '$username' AND password = '$password';";
$query = mysql_query($select);
	if ($row = mysql_fetch_array($query)) {
		echo "yes";
		$_SESSION['username'] = $_POST['username'];
		$_SESSION['controller'] = TRUE;
		$selectid = "SELECT * FROM clients WHERE username = '$username' AND password = '$password';";
		$queryid = mysql_query($selectid);
		if ($rowid = mysql_fetch_array($queryid)) {
			$_SESSION['userid'] = $rowid['id'];
		}
			header("Location: client.php");
	}else {
		echo "Not Logged In Correctly";

	}
}else {
	echo "Database Errors";
}
}
?>
<html>
<head>
<title>$#$####</title>
	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php

if (isset($errorhandler) && $errorhandler != "") {
	echo "<span style=\"color:red\">";
	echo $errorhandler;
	echo "</span>";
}

?>

<h1>Client Login</h1>
<form name="login" id="login" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<label for="username">Username:</label>
<input name="username" id="username" type="text" maxlength="120" /><br />
<label for="password">Password:</label>
<input name="password" id="password" type="password" maxlength="120" /><br />
<input name="submit" id="submit" type="submit" value="login" />
</form>
</body>
</html>

I have done all standard debugging. There is an admin panel where the stuff is created, I checked that, as well as the database itself. They both all look in order. I tested the variables, they are definitely getting passed, I also echoed the query, it seems to be like it should. IN ht eend I have tried everything I can think of and it continues to say "login information incorrect". Any advice will be greatly appreciated.

boo_lolly · April 16, 2007

	$select = "SELECT * FROM clients WHERE username = '$username' AND password = '$password';";

you've got an extra ';' in your sql query.

Ninjakreborn · April 16, 2007

I just tried that and it still didn't work.

Also Based on what I have learnt, the extra ; isn't required but it's a good habit if you are use to writing SQL directly instead of using PHPMYADMIN. Those are required when entering SQL directly, so doing them within PHP created queries, just shows that you are closing the query statements When each line is complete.

Any one else have any advice as to why this might be giving me problems, it's not working for some reason.

boo_lolly · April 16, 2007

I just tried that and it still didn't work.

Also Based on what I have learnt, the extra ; isn't required but it's a good habit if you are use to writing SQL directly instead of using PHPMYADMIN. Those are required when entering SQL directly, so doing them within PHP created queries, just shows that you are closing the query statements When each line is complete.

Any one else have any advice as to why this might be giving me problems, it's not working for some reason.

agreed.

what i like to do in order to efficiently debug my code, is at the beginning of every if/else or condition of the sort, i like to print something out to the browser to let me know where my procedure is going. for example:

if(i'm here){
        echo "I'm here";
}else{
        echo "i;m not there. this is where i am";
}

i do this for loops and switch statements as well. anything as long as it tells me where the hell my code is actually going. you can get use out of this method because you'll be able to find where your code is getting screwy.

Ninjakreborn · April 16, 2007

Yes, I used something similar. That old taboo I have read about, that most developer's do but never admit to. Echoing out hello statements in various places to see where it come's at, like hello 1, hello 2, and being able to tell how far the executions are going.

I am going to put my code down here above, and show where I KNOW my code is working, and where it's not.

I will put MY PERSONAL comments within the old C style commenting using the /* */ method.

I also rewrote some of my code for the debugging purposes.

<?php require_once("./config.php"); ?>
<?php
// any custom settings need to be set here. (if they are specific to this page only.
if (isset($_POST['submit'])) { /* I am 100% sure it's getting past this point */
$errorhandler = "";
/* It's doing the standard error checking properly */
if ($_POST['username'] == "") {
	$errorhandler .= "Username was left blank.<br />";	
}
if ($_POST['password'] == "") {
	$errorhandler .= "Password was left blank.<br />";
}
if ($errorhandler != "") {
	echo $errorhandler;
	exit;
}
if ($errorhandler == "") { /* It's reading this properly (100% sure I tested it )*/
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
$select = "SELECT * FROM clients WHERE username = '$username' AND password = '$password'";
$query = mysql_query($select);
	if ($row = mysql_fetch_array($query)) { 

		/* This is where it's not reaching it to.
I tried everything I thouroughly checked the admin panel, database and everything.  It all looks fine, however this specific login area isn't working properly, and I can't find out why it's not making it to this area.  I am 100% sure the username/password are correct. */
		$_SESSION['username'] = $_POST['username'];
		$_SESSION['userid'] = $row['id'];
		$_SESSION['controller'] = TRUE;
		header("Location: client.php");
	}else { /* This is the part it's picking up instead, the else statement */
		echo "Not Logged In Correctly";

	}
}else {
	echo "Database Errors";
}
}
?>
<html>
<head>
<title>Geo Systems Client System</title>
	<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php
/* The errors properly display, what is happening is the invalid login error is getting returned even though the login information is suppose to be correct */
if (isset($errorhandler) && $errorhandler != "") {
	echo "<span style=\"color:red\">";
	echo $errorhandler;
	echo "</span>";
}

?>

<h1>Client Login</h1>
<form name="login" id="login" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<label for="username">Username:</label>
<input name="username" id="username" type="text" maxlength="120" /><br />
<label for="password">Password:</label>
<input name="password" id="password" type="password" maxlength="120" /><br />
<input name="submit" id="submit" type="submit" value="login" />
</form>
</body>
</html>

boo_lolly · April 16, 2007

what happens when you type in the wrong username or password?

marcus · April 16, 2007

You do have session_start(); in the config, correct?

per1os · April 16, 2007

die($select);
$query = mysql_query($select);

Try that, if that does not work chances are the query is not returning any values thus there is no reason to enter the loop because $row would not have a value.

Run the select statement (I added the print there) in PHPMyAdmin and make sure that the query is returning a correct row.

Chances are the username or password are not what is expect.

By the way, I wil gladly admit I use that "hello 1" etc technique. Especially with no output to a screen a very effective debugging technique.

Ninjakreborn · April 16, 2007

what happens when you type in the wrong username or password?

When you type the right username and password it say's "Not Logged In Correctly", and if you put in the wrong username and password it says the same thing.

You do have session_start(); in the config, correct?

Yes session start is there, along with all the database information. I am using require_once so I am sure it's being included, I have also tested with mysql_error and no mysql error's are being returned.

Code:

die($select);

$query = mysql_query($select);

Try that, if that does not work chances are the query is not returning any values thus there is no reason to enter the loop because $row would not have a value.

Run the select statement (I added the print there) in PHPMyAdmin and make sure that the query is returning a correct row.

Chances are the username or password are not what is expect.

Yes, I have fully debugged and tested all the queries.

I ended up using echo $select; instead but it's "in nature" the same thing. In the end I tried all of that too.

1. I am 100% the database is connecting

2. I am 100% it's selecting the right database.

3. I am 100% sure the query itself is 100% correct, and the data is passing from the form correctly.

As you can see, I have went through a wide array of debugging options, and I am left with absolutely no clue as to why it's not working.

per1os · April 16, 2007

$query = mysql_query($select) or die(mysql_error());

Have you done that? Just gotta check all angles. =)

bsprogs · April 16, 2007

what happens when you type in the wrong username or password?

When you type the right username and password it say's "Not Logged In Correctly", and if you put in the wrong username and password it says the same thing.

You do have session_start(); in the config, correct?

Yes session start is there, along with all the database information. I am using require_once so I am sure it's being included, I have also tested with mysql_error and no mysql error's are being returned.

Code:

die($select);

$query = mysql_query($select);

Try that, if that does not work chances are the query is not returning any values thus there is no reason to enter the loop because $row would not have a value.

Run the select statement (I added the print there) in PHPMyAdmin and make sure that the query is returning a correct row.

Chances are the username or password are not what is expect.

Yes, I have fully debugged and tested all the queries.

I ended up using echo $select; instead but it's "in nature" the same thing. In the end I tried all of that too.

1. I am 100% the database is connecting

2. I am 100% it's selecting the right database.

3. I am 100% sure the query itself is 100% correct, and the data is passing from the form correctly.

As you can see, I have went through a wide array of debugging options, and I am left with absolutely no clue as to why it's not working.

Being that the error message is displayed is "Not Logged In Correctly", the error has to be somewhere in here:

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string(md5($_POST['password']));
$select = "SELECT * FROM clients WHERE username = '$username' AND password = '$password';";
$query = mysql_query($select);
	if ($row = mysql_fetch_array($query)) {

because

if ($row = mysql_fetch_array($query))

is not showing up as true. But again this takes you back to the query but you said that doesn't have any problems. This is definitely weird.

Edit: I see you edited your original code to say this exact same thing :-/

Ninjakreborn · April 16, 2007

Code:

$query = mysql_query($select) or die(mysql_error());

Have you done that? Just gotta check all angles. =)

That was a good point, I went ahead and double checked both the query and fetch array using die statements, and nothing.

Being that the error message is displayed is "Not Logged In Correctly", the error has to be somewhere in here:

$username = mysql_real_escape_string($_POST['username']);

$password = mysql_real_escape_string(md5($_POST['password']));

$select = "SELECT * FROM clients WHERE username = '$username' AND password = '$password';";

$query = mysql_query($select);

if ($row = mysql_fetch_array($query)) {

because

if ($row = mysql_fetch_array($query))

is not showing up as true. But again this takes you back to the query but you said that doesn't have any problems. This is definitely weird.

Yes, and what is the strangest is that this just recently happened.

He left the system alone for like a few months, and then all of a sudden when he came back to it, it stopped working (his developer did some design work on it), but I reverted it back to an old file and it's still not working.

I have checked the following

1. In the admin panel is an area to add clients, delete clients, and edit clients. I tried adding new one's, and editing them. I am sure it's properly creating the information, it's also properly displaying it throughout the admin panel. I even echoed out the values to make sure they were all working.

2. I am sure the name of the table is clients.

3. I am sure the names of those 2 fields are "username, password"

4. I am sure that hte database is operational because it's working for the admin panel

5. I am sure the database information in the admin panel is correct because it's also being used for the admin panel.

6. I am sure that the thing is connected to the file because I am using "require_once()" which returns an error and kills the script when it's not included right.

7. I am sure it's not a database issue (returning syntax errors because of the query, or not being able to connect to the database, or not being able to select the proper database), because the config file is hooked up right, and I personally debugged each one seperately.)

It's like the admin system works, but this is broke entirely, and it's the standard login system I normally use for whatever I am doing.

8. I am sure they are sharing the same encryption method (md5)

Ninjakreborn · April 16, 2007

SELECT * FROM clients WHERE username = 'businessman' AND password = '026d7c798b09524a2d2fb8b45634877c'

Not Logged In Correctly

echoing out the query also shows this, which is a correct query.

Stickybomb · April 16, 2007

i just compared it to a login system of my own and the only difference was in the if statement it self maybe its not returning a value from the database try this


if(mysql_num_rows($query)==1){
while ($row = mysql_fetch_array($query)){
		$_SESSION['username'] = $_POST['username'];
		$_SESSION['userid'] = $row['id'];
		$_SESSION['controller'] = TRUE;
		header("Location: client.php");
}
}else {
echo "Not Logged In Correctly";	
}

Ninjakreborn · April 16, 2007

This was like beating a dead horse. Well I finally located the problem. It ended up being what I like to call a "hidden bug". It was something in the admin panel, based off a last change I had made for him, I mistakenly passed an id to a form, but not back to the processor. So when he edited users it gave them all the same password's. I finally tracked that down, and it's working properly now. Thanks for all the advice, it's greatly appreciated, atleast the "proverbial fire" has been putout. After hours of stressing over the wrong area of code.

Thanks a lot for the help.

Sign In

[SOLVED] Login System

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information