Login Script Driving Me Mad !!

techiefreak05 · July 26, 2007

ive been remaking my login script for my site, and in the process i planned on adding error codes, but instead, ive been wasting away for hours, and have only been able to find the relative source of the problem... i cant tell why this script isn't working... i wrote it all myself, so i don't see anything wrong...

<?php
function checkLogIn(){
if(isset($_SESSION[email]) && isset($_SESSION[password])){
	if(LogIn($_SESSION[email],$_SESSION[password])){
	return true;
	}else{
	return false;
	}
}else{
return false;
}

					}

	function LogIn($email,$pass){

		$sqlX = "select * from users where email = '$email' AND password = '$pass' LIMIT 1";
		$queryX = mysql_query($sqlX,$connLogin) or die(mysql_error());	

			while($db = mysql_fetch_assoc($queryX)){
		$_SESSION['email'] = $db['email'];
		$_SESSION['password'] = $db['password'];
		$_SESSION['username_bk'] = $db['username'];
		$_SESSION['username_bk'] = $db['username'];
		$_SESSION['username'] = $db['username'];
		$_SESSION['username_bk'] = $db['username'];
		$_SESSION['active'] = $db['verified'];
		$_SESSION['id'] = $db['id'];
		$_SESSION['id_bk'] = $db['id'];
		$_SESSION['disp_name'] = stripslashes(stripslashes($db['dispname']));

			}

			if(mysql_num_rows($queryX)>0){
			return true;
			}else{
			echo "not logged in";
			return false;
			}

$date = date('F d , g:i a');

$queryLL = "UPDATE `users` SET `lastLogin` = '$date' WHERE `id` = '$_SESSION[id]'";
mysql_query($queryLL);
$queryO = "UPDATE `users` SET `status` = 'Online' WHERE `id` = '$_SESSION[id]'";
mysql_query($queryO);
	}

if($_POST['sublogin']){
$postUser=stripslashes($_POST['user']);
$postPass=$_POST['pass'];
$postPassMD5=md5($_POST['pass']);

if($_POST['user']=="" || $_POST['pass']==""){
	go("error.php?er=1"); // not complete
}else{


      $q = "select email from users where email = '$postUser'";
   $result = mysql_query($q,$connLogin) or die(mysql_error());
   $resultCount=mysql_num_rows($result);
   
	if($resultCount<1){
		go("error.php?er=2"); //no such email
	}else{
		$q2 = "select password from users where email = '$postUser'";
		$result2 = mysql_query($q2,$connLogin) or die(mysql_error());
		$resultCount2=mysql_fetch_assoc($result2);
				if($resultCount2['password'] != $postPassMD5){
				go("error.php?er=3"); //wrong password
				}else{
				LogIn($postUser,$postPassMD5);
				go($_POST[r]);
				}				
	}

}

}
$logged_in = checkLogIn();
?>

I have come to the conclusion that the problem is located somewhere around the function LogIn();

I dont know why...

please

any help would be appreciated!!!

redarrow · July 26, 2007


function checkLogIn(){
if(isset($_SESSION[email]) && isset($_SESSION[password])){
	if(LogIn($_SESSION[email],$_SESSION[password])){
	return true;
	}else{
	return false;
	}
}else{
return false;
}

mine <<<<<<<<<<<<< ''

function checkLogIn(){
if(isset($_SESSION['email']) && isset($_SESSION['password'])){
	if(LogIn($_SESSION['email'],$_SESSION['password'])){
	return true;
	}else{
	return false;
	}
}else{
return false;
}

double striping here mate

$_SESSION['disp_name'] = stripslashes(stripslashes($db['dispname']));

true and false need uppercase

if(mysql_num_rows($queryX)>0){

return true;

}else{

echo "not logged in";

return false;

}

agin '' corrected

$queryLL = "UPDATE `users` SET `lastLogin` = '$date' WHERE `id` = '".$_SESSION['id']."' ";

mysql_query($queryLL);

$queryO = "UPDATE `users` SET `status` = 'Online' WHERE `id` = '".$_SESSION['id']."' ";

mysql_query($queryO);

}

marcus · July 26, 2007

Fill in your own stuff:

<?php

function checkLogIn(){
if(isset($_SESSION[email]) && isset($_SESSION[password])){
	if(LogIn($_SESSION[email],$_SESSION[password])){
	return true;
	}else{
	return false;
	}
}else{
return false;
}
}


function LogIn($email,$pass){
$email = mysql_real_escape_string($email);
$pass = mysql_real_escape_string($pass);

if($email && $pass){
//email and password are set
	$sql = "SELECT * FROM `yourtable` WHERE `email`='$email'";
	$res = mysql_query($sql) or die(mysql_error());

		if(mysql_num_rows($res) > 0){
		//email exists

			$sql = "SELECT * FROM `yourtable` WHERE `email`='$email' AND `password`='$pass'";
			$res = mysql_query($sql) or die(mysql_error());

				if(mysql_num_rows($res) > 0){
				//success logged in
				}else {
				//failure: email and password combination are incorrect
				}

		}else {
		//failure: email does not exist
		}
}else {
//failure: email/pass is/are not set
}



}


$logged_in = checkLogIn();
?>

onlyican · July 26, 2007

where shall I start

I am going to do the 2 functions for you

As comments say

When using SESSION / POST / GET or anything with an array, (The square Brackets)

You need to use quotes.

Unless you have constants set up

for example

$_SESSION;

It looks for the constant called email

so

define('email', "Email");

If you don't have the constant

I know PHP does not read white space but our eyes do, add them

$postUser=stripslashes($_POST['user']);

BECOMES

$postUser = stripslashes($_POST['user']);

and "return" inside a function will end the function

So you do not need IF THIS, ELSE

ELSE

Final Point

Secure your strings so users can not hack you, (AKA MySQL Injection)

function checkLogIn(){
//You need the quote marks in the session array, ["email"]
$Email 	= isset($_SESSION["email"]) ? $_SESSION["password"] : "";
$Pwd	= isset($_SESSION["pwd"]) ? $_SESSION["pwd"] : "";
if($Email != ""  && $Pwd != ""){
	if(LogIn($Email, $Pwd)){
		//The Return will end the script, don't need else if

		return true;
	}
}
//If function makes it here, it did not return true
return false;
}


function LogIn($email, $pass){
//Secure the values before running mysql queries
$email 	= mysql_real_escape_string($email);
$pass	= mysql_real_escape_string($pass);
//Make MySQL Words CAP, easier to read
$sqlX = "SELECT * FROM users WHERE email = '".$email."' AND password = '".$pass."' LIMIT 1";
$queryX = mysql_query($sqlX,$connLogin) or die(mysql_error());
//Check if Num Rows greater than 0, restuls found	
if(mysql_num_rows() > 0){		
	//Don't need to loop through for one result
	$db = mysql_fetch_assoc($queryX);
	$_SESSION['email'] = $db['email'];
	$_SESSION['password'] = $db['password'];
	$_SESSION['username_bk'] = $db['username'];
	$_SESSION['username_bk'] = $db['username'];
	$_SESSION['username'] = $db['username'];
	$_SESSION['username_bk'] = $db['username'];
	$_SESSION['active'] = $db['verified'];
	$_SESSION['id'] = $db['id'];
	$_SESSION['id_bk'] = $db['id'];
	$_SESSION['disp_name'] = stripslashes(stripslashes($db['dispname']));


	$date = date('F d , g:i a');

	$queryLL = "UPDATE `users` SET `lastLogin` = '$date' WHERE `id` = '".$_SESSION["id"]."'";
	mysql_query($queryLL);
	$queryO = "UPDATE `users` SET `status` = 'Online' WHERE `id` = '".$_SESSION["id"]."'";
	mysql_query($queryO);
	return true;
}else{ //No resutls found
	echo "not logged in";
	return false;
}

}

DeadEvil · July 26, 2007

try to improve your work...


<?php
session_start();

function checkLogIn(){
if(isset($_SESSION['email']) && isset($_SESSION['password'])){
	if(LogIn($_SESSION['email'],$_SESSION['password'])){
		return true;
	}else{
		return false;
	}
}else{
	return false;
}
}

function LogIn($email,$pass){

$sqlX = "select * from users where email = '$email' AND password = '$pass' LIMIT 1";
$queryX = mysql_query($sqlX,$connLogin) or die(mysql_error());	

while($db = mysql_fetch_assoc($queryX)){
$_SESSION['email'] = $db['email'];
$_SESSION['password'] = $db['password'];
$_SESSION['username_bk'] = $db['username'];
$_SESSION['username_bk'] = $db['username'];
$_SESSION['username'] = $db['username'];
$_SESSION['username_bk'] = $db['username'];
$_SESSION['active'] = $db['verified'];
$_SESSION['id'] = $db['id'];
$_SESSION['id_bk'] = $db['id'];
$_SESSION['disp_name'] = stripslashes(stripslashes($db['dispname']));
}

if(mysql_num_rows($queryX)>0){
	return true;
}else{
	echo "not logged in";
return false;
}

$date = date('F d , g:i a');

$queryLL = mysql_query("UPDATE `users` SET `lastLogin` = '$date' WHERE `id` = '{$_SESSION['id']}'");
$queryO = mysql_query("UPDATE `users` SET `status` = 'Online' WHERE `id` = '{$_SESSION['id']}'");
}

if($_POST['sublogin']){

$postUser=stripslashes($_POST['user']);
$postPass=$_POST['pass'];
$postPassMD5=md5($_POST['pass']);

if($_POST['user']=="" || $_POST['pass']==""){
	go("error.php?er=1"); // not complete
}else{
   $q = "select email from users where email = '$postUser'";
   $result = mysql_query($q,$connLogin) or die(mysql_error());
   $resultCount=mysql_num_rows($result);
   
	if($resultCount<1){
		go("error.php?er=2"); //no such email
	}else{
		$q2 = "select password from users where email = '$postUser'";
		$result2 = mysql_query($q2,$connLogin) or die(mysql_error());
		$resultCount2=mysql_fetch_assoc($result2);

		if($resultCount2['password'] != $postPassMD5){
			go("error.php?er=3"); //wrong password
		}else{
			LogIn($postUser,$postPassMD5);
			go($_POST['r']);
		}				
	}
}
}
$logged_in = checkLogIn();
?>

redarrow · July 26, 2007

onlyican just exsplain a whole 150 page book there hope you read everythink he said i did thanks mate.

techiefreak05 · July 26, 2007

Of course I read onlican's post! I read everyones! and I have just put up the old login file, and that works fine, and I have somebody whos going to help me get mine working for later today, but in the mean time I will try all of your samples.

Thanks alot.

Sign In

Login Script Driving Me Mad !!

Recommended Posts

techiefreak05

Link to comment

Share on other sites

redarrow

Link to comment

Share on other sites

marcus

Link to comment

Share on other sites

onlyican

Link to comment

Share on other sites

DeadEvil

Link to comment

Share on other sites

redarrow

Link to comment

Share on other sites

techiefreak05

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information