[SOLVED] Log In Script

[TheFilmGod]

I did a log in script. It was made for cookies but then I was told to use sessions. So I changed it. But now it doesn't work! Here is the code:

 

<?php

// Connects the script to MYSQL
require_once("connect.php");

//Checks if there is a session already present

if(isset($_SESSION['success']))


//if there is, we make logged in variable on
{
$login="yes";

}


//if the login form is submitted

if (isset($_POST['submit'])) {


// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {
	$error="blank";
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
	$_POST['email'] = addslashes($_POST['email']);
}

$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
	$error="user";
			}


while($info = mysql_fetch_array( $check )) 	
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
	$error="password";
}

else
{
// if login is ok then we start a session 

$_POST['username'] = stripslashes($_POST['username']);

session_start();
$_SESSION['user'] = $_POST['username'];
$_SESSION['success'] = "true";
}

}

} else {	

$login="no";
}
?>

 

<!-- PHP Code Start -->
<!-- We assume they entered information and had an error -->
<?php
if ( $error == blank ) {
	echo "A required field was not filled in. Please try again.";
}
elseif ( $error == user ) {
	echo "The user doesn't exist. Please register.";
}
elseif ( $error == password ) {
	echo "Wrong Password. Please try again.";
}
else {
}
// If none of these were true, then they are logged in or not
$user = $_SESSION['success'];
if ( $login == yes ) {
	echo "You are logged in. Welcome $user!!";
}
else {	

// if they are not logged in
?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
<tr>
  <td height="30" colspan="2" align="right"> </td>
</tr>
</table>
</form>
<?php
}


?>
<!-- PHP Code End -->

[conker87]

Try changing the values of "yes" and "no" to true and false (no quotes for these).

 

I see you're using the about.com example.

[TheFilmGod]

yes, that's right. I'll try changing it.

Thanks for the advice.

[TheFilmGod]

Okay. So I changed it. And nothing changed. Their isn't any error messages that come up. Its just that once the password and the username is filled in nothing happends. I know it had a successful log in, but the session for some reason is not set properly up.

 

Anyone? ???

[no_one]

Might want to try moving your session_start() to the top of your php code. Not sure if that'll fix it, but couldn't hurt.

[TheFilmGod]

well, it won't change anything. Since its all php in the beginning and no output to the browser is yet sent, no "headers already sent errors will occur." Pluz, I don't want a session to start UNLESS they successfully logged in.

[no_one]

Yeah, but checking a session variable w/o starting/loading a session doesn't make much sense, as it will always be unset.. at least that's my understanding.

[TheFilmGod]

;D ;D ;D ;D ;D ;D ;D ;D

 

It worked. You were, right. I had to first do "session_start(), to check if a session variable was present. Stupid me!!

 

Thanks so much.