Foser Posted June 28, 2007 Share Posted June 28, 2007 alright heres my code.: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login Index</title> <style type="text/css"> <!-- .style1 { font-size: 18px } body,td,th { color: #000000; font-family: Verdana, Arial, Helvetica, sans-serif; } body { background-color: #CCCCCC; } a:link { color: #000000; } a:visited { color: #000000; } --> </style> </head> <body> <form id="form1" name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>"> <label></label> <table width="202" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#666666"> <tr> <th width="198" scope="col">Login System</th> </tr> <tr> <td height="63">Username: <input name="username" type="text" id="username" size="33" /> Password:<br /> <label> <input name="password" type="password" id="password" size="33" /> <input name="submit" type="submit" id="submit" value="Submit" /> <a href="register.php">Register here!</a></label></td> </tr> </table> <div align="center"> </div> </form> <div align="center"> <?php require("config.php"); $user = mysql_real_escape_string($_POST['username']); $pw = md5(sha1(md5(md5($_POST['password'])))); session_start(); if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){ if (mysql_num_rows($result) > 0) { $_SESSION['LOGGEDIN'] = TRUE; $_SESSION['UNAME'] = $user; } if ($SESSION['LOGGEDIN'] = TRUE){ header("Location: account.php");} else{ if( isset($_POST['submit'])){ echo "You have typed in an incorrect password or/and username."; }}} ?> </div> it seems like there is no if statements so basically its setting up sessions and redirecting me to the account page before i even get a chance to see the login page. even if i change the loggedin session to false it will still bring me to the account page. Link to comment https://forums.phpfreaks.com/topic/57497-solved-problem-with-if-and-sessions/ Share on other sites More sharing options...
The Little Guy Posted June 28, 2007 Share Posted June 28, 2007 you can NOT start your session where it is starting. <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login Index</title> <style type="text/css"> <!-- .style1 { font-size: 18px } body,td,th { color: #000000; font-family: Verdana, Arial, Helvetica, sans-serif; } body { background-color: #CCCCCC; } a:link { color: #000000; } a:visited { color: #000000; } --> </style> </head> <body> <form id="form1" name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>"> <label></label> <table width="202" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#666666"> <tr> <th width="198" scope="col">Login System</th> </tr> <tr> <td height="63">Username: <input name="username" type="text" id="username" size="33" /> Password:<br /> <label> <input name="password" type="password" id="password" size="33" /> <input name="submit" type="submit" id="submit" value="Submit" /> <a href="register.php">Register here!</a></label></td> </tr> </table> <div align="center"> </div> </form> <div align="center"> <?php require("config.php"); $user = mysql_real_escape_string($_POST['username']); $pw = md5(sha1(md5(md5($_POST['password'])))); if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){ if (mysql_num_rows($result) > 0) { $_SESSION['LOGGEDIN'] = TRUE; $_SESSION['UNAME'] = $user; } if ($_SESSION['LOGGEDIN']){ header("Location: account.php");exit;} else{ if( isset($_POST['submit'])){ echo "You have typed in an incorrect password or/and username."; }}} ?> </div> I change the bottom portion of your code. Link to comment https://forums.phpfreaks.com/topic/57497-solved-problem-with-if-and-sessions/#findComment-284484 Share on other sites More sharing options...
Foser Posted June 28, 2007 Author Share Posted June 28, 2007 now the issue is that it says its wrong when my login info is correct. Link to comment https://forums.phpfreaks.com/topic/57497-solved-problem-with-if-and-sessions/#findComment-284486 Share on other sites More sharing options...
pocobueno1388 Posted June 28, 2007 Share Posted June 28, 2007 <?php $pw = md5(sha1(md5(md5($_POST['password'])))); ?> Is it really necessary to encrypt it that much? One md5 should be effective enough.... Try this code: <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login Index</title> <style type="text/css"> <!-- .style1 { font-size: 18px } body,td,th { color: #000000; font-family: Verdana, Arial, Helvetica, sans-serif; } body { background-color: #CCCCCC; } a:link { color: #000000; } a:visited { color: #000000; } --> </style> </head> <body> <div align="center"> <?php require("config.php"); if (isset($_POST['submit'])){ $user = mysql_real_escape_string($_POST['username']); $pw = md5(sha1(md5(md5($_POST['password'])))); $result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'"); if (mysql_num_rows($result) > 0) { $_SESSION['LOGGEDIN'] = TRUE; $_SESSION['UNAME'] = $user; header("Location: account.php"); } else { echo "You have typed in an incorrect password or/and username."; } } ?> </div> <form id="form1" name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>"> <label></label> <table width="202" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#666666"> <tr> <th width="198" scope="col">Login System</th> </tr> <tr> <td height="63">Username: <input name="username" type="text" id="username" size="33" /> Password:<br /> <label> <input name="password" type="password" id="password" size="33" /> <input name="submit" type="submit" id="submit" value="Submit" /> <a href="register.php">Register here!</a></label></td> </tr> </table> <div align="center"> </div> </form> Link to comment https://forums.phpfreaks.com/topic/57497-solved-problem-with-if-and-sessions/#findComment-284495 Share on other sites More sharing options...
Foser Posted June 28, 2007 Author Share Posted June 28, 2007 When the data is right. it does not bring me to the next page. it only stays on the right page. Link to comment https://forums.phpfreaks.com/topic/57497-solved-problem-with-if-and-sessions/#findComment-284554 Share on other sites More sharing options...
JasonLewis Posted June 28, 2007 Share Posted June 28, 2007 so the password in the database has been encrypted exactly the same as this: md5(sha1(md5(md5($_POST['password'])))); when you register and it inserts, the password needs to have that done to it. Link to comment https://forums.phpfreaks.com/topic/57497-solved-problem-with-if-and-sessions/#findComment-284557 Share on other sites More sharing options...
Foser Posted June 28, 2007 Author Share Posted June 28, 2007 so the password in the database has been encrypted exactly the same as this: md5(sha1(md5(md5($_POST['password'])))); when you register and it inserts, the password needs to have that done to it. Yes, the script sees the difference between right and wrong info. since when i write wrong info it tells me that. although when its right nothing happens. Link to comment https://forums.phpfreaks.com/topic/57497-solved-problem-with-if-and-sessions/#findComment-284558 Share on other sites More sharing options...
Foser Posted June 28, 2007 Author Share Posted June 28, 2007 I fixed it thanks guys! Link to comment https://forums.phpfreaks.com/topic/57497-solved-problem-with-if-and-sessions/#findComment-284563 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.