LemonInflux Posted October 1, 2007 Author Share Posted October 1, 2007 OK, all problems solved. Now, the problem is, you can log in with any user and password, even if the username isn't on the database. Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359403 Share on other sites More sharing options...
BlueSkyIS Posted October 1, 2007 Share Posted October 1, 2007 your code says log them in if the values are set, regardless of what the values actually are: if(isset($username) && isset($password)) // All they have to be is set. Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359405 Share on other sites More sharing options...
iPixel Posted October 1, 2007 Share Posted October 1, 2007 thats because you are not checking the POSTED info against the database... once $username and $passwords are set you create the session what you need to do is find POSTED username and compare with database info .. if exists create session else go back to relogin Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359406 Share on other sites More sharing options...
LemonInflux Posted October 1, 2007 Author Share Posted October 1, 2007 Oops. Thanks, I'll do that. Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359413 Share on other sites More sharing options...
LemonInflux Posted October 1, 2007 Author Share Posted October 1, 2007 Erm...Ok, bit stuck now. I think it's a bit late for me, school tomorrow XP Here's my function to log people in: <?php function login($username, $password){ $sql = "SELECT * FROM `members` WHERE username = '$username' AND password = sha1('$password')"; $sqlresult = mysql_query($sql); if(mysql_num_rows($sqlresult) == 0){ $message = '- Login Failed!'; } elseif(mysql_num_rows($sqlresult) == 1) { $_SESSION['valid_user'] = $username; $message = '- Login Successful!'; }else{ $message = '- Login Failed!'; } } return $result; ?> Why isn't that enough to sort the problem? Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359421 Share on other sites More sharing options...
iPixel Posted October 1, 2007 Share Posted October 1, 2007 hit tab by accident ... *SORRY* Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359433 Share on other sites More sharing options...
iPixel Posted October 1, 2007 Share Posted October 1, 2007 <? function login($username, $password){ $sql = "SELECT * FROM `members` WHERE username = '$username' AND password = sha1('$password')"; $sqlresult = mysql_query($sql) or die('LOGIN QUERY CHECK ERROR: ' . mysql_error()); $count = mysql_num_rows($sql); if($count == 0) { // Do whatver you want to let the user know that LOGIN has failed. } else if($count == 1) { // Create session and let user know it worked or just redirect them ... $_SESSION['valid_user'] = $username; } ?> Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359436 Share on other sites More sharing options...
LemonInflux Posted October 1, 2007 Author Share Posted October 1, 2007 <?php function login($username, $password){ $sql = "SELECT * FROM `members` WHERE username = '$username' AND password = sha1('$password')"; $sqlresult = mysql_query($sql) or die('LOGIN QUERY CHECK ERROR: ' . mysql_error()); $count = mysql_num_rows($sql); if($count == 0) { $message = '- Login Failed'; } else if($count == 1) { // Create session and let user know it worked or just redirect them ... $_SESSION['valid_user'] = $username; $message = '- Login Successful!'; } } ?> Blank screen after form action. Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359438 Share on other sites More sharing options...
LemonInflux Posted October 1, 2007 Author Share Posted October 1, 2007 Error reporting showing nothing up. Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359448 Share on other sites More sharing options...
iPixel Posted October 1, 2007 Share Posted October 1, 2007 well yea .. after you create the session you must redirect to a page like index.php or wherever else you want... you can use <meta http-equiv=refresh content='0;url=index.php'> content=0 -- this part sets the time to how long it will take in seconds to redirect to url=page.php so in essence you want else if($count == 1) { // Create session and let user know it worked or just redirect them ... $_SESSION['valid_user'] = $username; $message = '- Login Successful!'; ?> <meta http-equiv=refresh content='0;url=index.php'><? } and you have an extra bracket after the else part .. dunno why but it might help to remove it. Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359460 Share on other sites More sharing options...
LemonInflux Posted October 1, 2007 Author Share Posted October 1, 2007 I know how to use a redirect but the form action="index.php", so surely that would do it anyway? Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359461 Share on other sites More sharing options...
iPixel Posted October 1, 2007 Share Posted October 1, 2007 show me the form plz Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359463 Share on other sites More sharing options...
LemonInflux Posted October 1, 2007 Author Share Posted October 1, 2007 <form name="form1" method="post" action="index.php"> Username: <input name="username" type="text" id="username"> Password: <input name="password" type="text" id="password"> <input type="submit" name="Submit" value="Submit"> </form> Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359466 Share on other sites More sharing options...
LemonInflux Posted October 1, 2007 Author Share Posted October 1, 2007 Surely there is a really simple way to do this? Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359477 Share on other sites More sharing options...
iPixel Posted October 1, 2007 Share Posted October 1, 2007 Ok so im not sure what the problem is ... step 1 : fill out the form hit submit ... get sent to index.php step 2 : ur on index.php and checking the login... step 3 : once the login passes create $ession and redirect to another page.php ... what am i missing ? for now u get the blank page because after $_SESSION['valid_user'] = $username; $message = '- Login Successful!'; the script doesnt know what else to do... unless there's something else happening past that. Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359486 Share on other sites More sharing options...
LemonInflux Posted October 1, 2007 Author Share Posted October 1, 2007 Basically, you create the session ready, so if you want to post, you have rights. All it does is display the page as per usual. But when I get round to the posting codes, you won't be able to post unless that session is active. Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359493 Share on other sites More sharing options...
iPixel Posted October 1, 2007 Share Posted October 1, 2007 well i assume you have start_session(); on all your pages... Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359496 Share on other sites More sharing options...
LemonInflux Posted October 1, 2007 Author Share Posted October 1, 2007 I presume you mean session_start(); yes. Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359498 Share on other sites More sharing options...
iPixel Posted October 1, 2007 Share Posted October 1, 2007 in that case i hit a wall of confusion <?php $im = confused; ?> Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359521 Share on other sites More sharing options...
LemonInflux Posted October 1, 2007 Author Share Posted October 1, 2007 OK, problem turned out to be half way down the page, forgot to close a {. Now, every page is showing, you can't log in using any random user and password, but you can't log in with ones that are there, either. Try user: Tom, pass: Test. If it works, the index.php should say, where it says, 'you are not logged in.', next to it should either say 'login failed.' or 'login successful.' But neither happens. Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-359532 Share on other sites More sharing options...
LemonInflux Posted October 3, 2007 Author Share Posted October 3, 2007 bump Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-361009 Share on other sites More sharing options...
trq Posted October 3, 2007 Share Posted October 3, 2007 Can you post your current code and a specific description of your current problem? Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-361013 Share on other sites More sharing options...
LemonInflux Posted October 4, 2007 Author Share Posted October 4, 2007 <?php function login($username, $password){ $sql = "SELECT * FROM `members` WHERE username = '$username' AND password = sha1('$password')"; $sqlresult = mysql_query($sql) or die('LOGIN QUERY CHECK ERROR: ' . mysql_error()); $count = mysql_num_rows($sql); if($count == 0) { $message = '- Login Failed'; } else if($count == 1) { // Create session and let user know it worked or just redirect them ... $_SESSION['valid_user'] = $username; $message = '- Login Successful!'; } } ?> Basically, I have a form ($username and $password) that submits to a page. On that page, I am going to include and run this function to validate the user. The only problem is it doesn't work. Due to the fact that the messages don't display, I'm presuming it doesn't work at all. Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-361826 Share on other sites More sharing options...
BlueSkyIS Posted October 4, 2007 Share Posted October 4, 2007 looks like you have a function defined. does it get called anywhere? Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-361832 Share on other sites More sharing options...
trq Posted October 4, 2007 Share Posted October 4, 2007 You dont echo the messages within the function, nor return the $message variable for display outside of the function. To be honest, your best to have functions simply return true or false, then use the calling code to display your message. eg; <?php function login($username, $password){ $sql = "SELECT * FROM `members` WHERE username = '$username' AND password = sha1('$password')"; if ($result = mysql_query($sql)) { return mysql_num_rows($sql); } return false; } if (login('foo','bar')) { $_SESSION['valid_user'] = 'foo'; echo "login success"; } else { echo "login failed"; } ?> Link to comment https://forums.phpfreaks.com/topic/71393-wheres-the-error/page/2/#findComment-361837 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.