LemonInflux Posted September 30, 2007 Share Posted September 30, 2007 Ok, First off, I guarantee there will be several 100 errors. I'm half asleep and trying to get this done for a school project. Basically, this is a user authentication system that starts a session if you enter a username and password if they're correct, and doesn't start a session if you enter the wrong ones, or you didn't (IE, you just went to the page by accident). The problem is, when I Type this in, everything below the code on the page disappears. NOTE: I added comments to show what stuff does. <?php // Include DataBase for Connection. include('inc/db.php'); session_start(); // If the user hasn't posted a username and pass, I.E. He isn't logging in... if(!$user || !$pass){ // And if there isn't a login session... if(!isset($_SESSION['loginusr'] || $_SESSION['loginpass']){ // And the Message is this: $message = "You are not logged in. <a href=login.php>Log In</a> or Register."; $error = "Login Failed."; // Otherwise }else{ // If there IS a session, the message is this: $message = 'Hello, '. $_SESSION['loginusr']; $error = 'You are already logged in!'; } // Or, if a username and password HAS been entered... }else{ // Get all entries from 'members' table $sql = 'SELECT * FROM `members`'; $sqlresult = mysql_query($sql); // If our username and password match one of the entries... while ($row = mysql_fetch_assoc($sqlresult)) { if($user == $row['username'] && sha1($pass) = $row['password']){ // Create the Sessions $_SESSION['loginusr'] = $user; $_SESSION['loginpass'] = sha1($pass); // And these are the messages! $error = "Login Successful!"; $message = 'Hello, '. $_SESSION['loginusr']; }else{ // Otherwise, output an error. $error = "Username and Password Incorrect"; $message = "You are not logged in. <a href=login.php>Log In</a> or Register."; } } // If the user is trying to log out.. if($_GET['logout'] == "true"){ // Destroy the session $user = ""; $pass = ""; session_unset(); session_destroy(); header("Location: ?"); // And the messages are... $error = "Username and Password Incorrect"; $message = "You are not logged in. <a href=login.php>Log In</a> or Register."; } ?> Quote Link to comment Share on other sites More sharing options...
LemonInflux Posted September 30, 2007 Author Share Posted September 30, 2007 bumP Quote Link to comment Share on other sites More sharing options...
LemonInflux Posted September 30, 2007 Author Share Posted September 30, 2007 Bump Quote Link to comment Share on other sites More sharing options...
LemonInflux Posted September 30, 2007 Author Share Posted September 30, 2007 Once more.. Quote Link to comment Share on other sites More sharing options...
LemonInflux Posted September 30, 2007 Author Share Posted September 30, 2007 No-one has any idea o_O? Quote Link to comment Share on other sites More sharing options...
LemonInflux Posted September 30, 2007 Author Share Posted September 30, 2007 Bump. Someone must know. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted September 30, 2007 Share Posted September 30, 2007 Where are $user and $pass set? if(!$user || !$pass){ Quote Link to comment Share on other sites More sharing options...
LemonInflux Posted September 30, 2007 Author Share Posted September 30, 2007 That piece of code is for, say, if a user stumbles to the page by accident, nothing happens. Otherwise, if the user goes to login.php (which submits to this page), the details will be submitted. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted September 30, 2007 Share Posted September 30, 2007 but where are $user or $pass ever set? are they supposed to be GET variables, POST variables? They are not given a value in the code, so I have to assume they will never have a value, making the if() pointless. Quote Link to comment Share on other sites More sharing options...
LemonInflux Posted September 30, 2007 Author Share Posted September 30, 2007 *.* That might be it...1 sec, I'll try it. Quote Link to comment Share on other sites More sharing options...
LemonInflux Posted September 30, 2007 Author Share Posted September 30, 2007 Ok, now where the message and error should output, there is nothing. To try it, go to http://reflexprojects.net/forumbuild/login.php and type any random username or password. The next page displays, but there is nothing in the boxes. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted September 30, 2007 Share Posted September 30, 2007 updated code, please? Quote Link to comment Share on other sites More sharing options...
LemonInflux Posted September 30, 2007 Author Share Posted September 30, 2007 <?php // Set Vars $user = $_POST['user']; $pass = $_POST['pass']; // Include DataBase for Connection. include('inc/db.php'); session_start(); // If the user hasn't posted a username and pass, I.E. He isn't logging in... if(!$user || !$pass){ // And if there isn't a login session... if(!isset($_SESSION['loginusr'] || $_SESSION['loginpass']){ // And the Message is this: $message = "You are not logged in. <a href=login.php>Log In</a> or Register."; $error = "Login Failed."; print "no sess"; // Otherwise }else{ // If there IS a session, the message is this: $message = 'Hello, '. $_SESSION['loginusr']; $error = 'You are already logged in!'; print "yes sess"; } // Or, if a username and password HAS been entered... }else{ // Get all entries from 'members' table $sql = 'SELECT * FROM `members`'; $sqlresult = mysql_query($sql); // If our username and password match one of the entries... while ($row = mysql_fetch_assoc($sqlresult)) { if($user == $row['username'] && sha1($pass) = $row['password']){ // Create the Sessions $_SESSION['loginusr'] = $user; $_SESSION['loginpass'] = sha1($pass); // And these are the messages! $error = "Login Successful!"; $message = 'Hello, '. $_SESSION['loginusr']; print "made sess"; }else{ // Otherwise, output an error. $error = "Username and Password Incorrect"; $message = "You are not logged in. <a href=login.php>Log In</a> or Register."; print "inc sess"; } } // If the user is trying to log out.. if($_GET['logout'] == "true"){ // Destroy the session $user = ""; $pass = ""; session_unset(); session_destroy(); header("Location: ?"); // And the messages are... $error = "Username and Password Incorrect"; $message = "You are not logged in. <a href=login.php>Log In</a> or Register."; "logout sess"; } ?> Added some prints to test what works. Quote Link to comment Share on other sites More sharing options...
LemonInflux Posted September 30, 2007 Author Share Posted September 30, 2007 ideas? Quote Link to comment Share on other sites More sharing options...
LemonInflux Posted September 30, 2007 Author Share Posted September 30, 2007 bump Quote Link to comment Share on other sites More sharing options...
LemonInflux Posted September 30, 2007 Author Share Posted September 30, 2007 ... Quote Link to comment Share on other sites More sharing options...
xylex Posted September 30, 2007 Share Posted September 30, 2007 For starters, stop bumping every 5 minutes. Put "error_reporting(E_ALL);" in the start of your code if you're having issues, and it will probably give you an idea of where it's missing out. Is there some reason why are you pulling the entire table into an array and searching that instead just pulling the one record with your query? You did // Get all entries from 'members' table $sql = 'SELECT * FROM `members`'; $sqlresult = mysql_query($sql); When // Get matching entry from 'members' table $sql = 'SELECT * FROM `members` WHERE username='.$user.' AND password='.sha1($pass); $sqlresult = mysql_query($sql); Also, mysql_real_escape_string() your $_POST['user'] and $_POST['pass']. Quote Link to comment Share on other sites More sharing options...
LemonInflux Posted September 30, 2007 Author Share Posted September 30, 2007 No luck. A) Error reporting showed nothing, b) current code: <?php error_reporting(E_ALL); // Set Vars $userna = $_POST['user']; $passwo = $_POST['pass']; $user = mysql_escape_string($userna); $pass = mysql_escape_string($passwo); // Include DataBase for Connection. include('inc/db.php'); session_start(); // If the user hasn't posted a username and pass, I.E. He isn't logging in... if(!$user || !$pass){ // And if there isn't a login session... if(!isset($_SESSION['loginusr'] || $_SESSION['loginpass']){ // And the Message is this: $message = "You are not logged in. <a href=login.php>Log In</a> or Register."; $error = "Login Failed."; print "no sess"; // Otherwise }else{ // If there IS a session, the message is this: $message = 'Hello, '. $_SESSION['loginusr']; $error = 'You are already logged in!'; print "yes sess"; } // Or, if a username and password HAS been entered... }else{ // Get all entries from 'members' table $sql = 'SELECT * FROM `members` WHERE username='. $user .' AND password='. sha1($pass); $sqlresult = mysql_query($sql); // If our username and password match one of the entries... while ($row = mysql_fetch_assoc($sqlresult)) { if($user == $row['username'] && sha1($pass) = $row['password']){ // Create the Sessions $_SESSION['loginusr'] = $user; $_SESSION['loginpass'] = sha1($pass); // And these are the messages! $error = "Login Successful!"; $message = 'Hello, '. $_SESSION['loginusr']; print "made sess"; }else{ // Otherwise, output an error. $error = "Username and Password Incorrect"; $message = "You are not logged in. <a href=login.php>Log In</a> or Register."; print "inc sess"; } } // If the user is trying to log out.. if($_GET['logout'] == "true"){ // Destroy the session $user = ""; $pass = ""; session_unset(); session_destroy(); header("Location: ?"); // And the messages are... $error = "Username and Password Incorrect"; $message = "You are not logged in. <a href=login.php>Log In</a> or Register."; "logout sess"; } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.