Jump to content

[SOLVED] Problem with if and sessions.

Foser

By Foser
in PHP Coding Help

 Share

Recommended Posts

Foser Regular Member

Foser

Posted
Posted

alright heres my code.:

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Index</title>
<style type="text/css">
<!--
.style1 {
font-size: 18px
}
body,td,th {
color: #000000;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
body {
background-color: #CCCCCC;
}
a:link {
color: #000000;
}
a:visited {
color: #000000;
}
-->
</style>
</head>

<body>
<form id="form1" name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
  <label></label>
  <table width="202" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#666666">
    <tr>
      <th width="198" scope="col">Login System</th>
    </tr>
    <tr>
      <td height="63">Username:
        <input name="username" type="text" id="username" size="33" />
        Password:<br />
        <label>
        <input name="password" type="password" id="password" size="33" />
        <input name="submit" type="submit" id="submit" value="Submit" />
        <a href="register.php">Register here!</a></label></td>
    </tr>
  </table>
  <div align="center">
  
</div>
</form>
    <div align="center">
      
      
      <?php
require("config.php");

$user = mysql_real_escape_string($_POST['username']);
$pw = md5(sha1(md5(md5($_POST['password']))));

session_start();
if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){
if (mysql_num_rows($result) > 0) {
$_SESSION['LOGGEDIN'] = TRUE;
$_SESSION['UNAME'] = $user; 
}
if ($SESSION['LOGGEDIN'] = TRUE){
header("Location: account.php");}

else{
if( isset($_POST['submit'])){
echo "You have typed in an incorrect password or/and username."; }}}


?>
      
    </div>

 

it seems like there is no if statements so basically its setting up sessions and redirecting me to the account page before i even get a chance to see the login page. even if i change the loggedin session to false it will still bring me to the account page.

Link to comment
Share on other sites
The Little Guy Prolific Member

The Little Guy

Posted
Posted

you can NOT start your session where it is starting.

 

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Index</title>
<style type="text/css">
<!--
.style1 {
font-size: 18px
}
body,td,th {
color: #000000;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
body {
background-color: #CCCCCC;
}
a:link {
color: #000000;
}
a:visited {
color: #000000;
}
-->
</style>
</head>

<body>
<form id="form1" name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
  <label></label>
  <table width="202" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#666666">
    <tr>
      <th width="198" scope="col">Login System</th>
    </tr>
    <tr>
      <td height="63">Username:
        <input name="username" type="text" id="username" size="33" />
        Password:<br />
        <label>
        <input name="password" type="password" id="password" size="33" />
        <input name="submit" type="submit" id="submit" value="Submit" />
        <a href="register.php">Register here!</a></label></td>
    </tr>
  </table>
  <div align="center">
  
</div>
</form>
    <div align="center">
      
      
      <?php
require("config.php");

$user = mysql_real_escape_string($_POST['username']);
$pw = md5(sha1(md5(md5($_POST['password']))));

if ($result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'")){
if (mysql_num_rows($result) > 0) {
$_SESSION['LOGGEDIN'] = TRUE;
$_SESSION['UNAME'] = $user; 
}
if ($_SESSION['LOGGEDIN']){
header("Location: account.php");exit;}

else{
if( isset($_POST['submit'])){
echo "You have typed in an incorrect password or/and username."; }}}


?>
      
    </div>

 

I change the bottom portion of your code.

Link to comment
Share on other sites
pocobueno1388 Regular Member

pocobueno1388

Posted
Posted 

<?php
$pw = md5(sha1(md5(md5($_POST['password']))));
?>

 

Is it really necessary to encrypt it that much? One md5 should be effective enough....

 

Try this code:

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login Index</title>
<style type="text/css">
<!--
.style1 {
font-size: 18px
}
body,td,th {
color: #000000;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
body {
background-color: #CCCCCC;
}
a:link {
color: #000000;
}
a:visited {
color: #000000;
}
-->
</style>
</head>
<body>

<div align="center">

<?php
require("config.php");

if (isset($_POST['submit'])){

$user = mysql_real_escape_string($_POST['username']);
$pw = md5(sha1(md5(md5($_POST['password']))));
$result = mysql_query("SELECT * FROM user_info WHERE username = '$user' and password = '$pw'");

   if (mysql_num_rows($result) > 0) {
      $_SESSION['LOGGEDIN'] = TRUE;
      $_SESSION['UNAME'] = $user; 
      header("Location: account.php");
   } else {
      echo "You have typed in an incorrect password or/and username.";
   }
}


?>

</div>


<form id="form1" name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
  <label></label>
  <table width="202" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#666666">
    <tr>
      <th width="198" scope="col">Login System</th>
    </tr>
    <tr>
      <td height="63">Username:
        <input name="username" type="text" id="username" size="33" />
        Password:<br />
        <label>
        <input name="password" type="password" id="password" size="33" />
        <input name="submit" type="submit" id="submit" value="Submit" />
        <a href="register.php">Register here!</a></label></td>
    </tr>
  </table>
  <div align="center">
  
</div>
</form>
     

Link to comment
Share on other sites
Foser Regular Member

Foser

Posted
  • Author
Posted

so the password in the database has been encrypted exactly the same as this: 

md5(sha1(md5(md5($_POST['password']))));

 

when you register and it inserts, the password needs to have that done to it.

 

Yes, the script sees the difference between right and wrong info. since when i write wrong info it tells me that. although when its right nothing happens.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.