Where's the error?

LemonInflux · October 1, 2007

OK, all problems solved. Now, the problem is, you can log in with any user and password, even if the username isn't on the database.

BlueSkyIS · October 1, 2007

your code says log them in if the values are set, regardless of what the values actually are:

if(isset($username) && isset($password))

// All they have to be is set.

iPixel · October 1, 2007

thats because you are not checking the POSTED info against the database...

once $username and $passwords are set you create the session

what you need to do is find POSTED username and compare with database info ..

if exists

create session

else

go back to relogin

LemonInflux · October 1, 2007

Oops. Thanks, I'll do that.

LemonInflux · October 1, 2007

Erm...Ok, bit stuck now. I think it's a bit late for me, school tomorrow XP Here's my function to log people in:

<?php
function login($username, $password){
$sql = "SELECT * FROM `members` WHERE username = '$username' AND password = sha1('$password')";
$sqlresult = mysql_query($sql);
if(mysql_num_rows($sqlresult) == 0){

$message = '- Login Failed!';

} elseif(mysql_num_rows($sqlresult) == 1) {

$_SESSION['valid_user'] = $username;
$message = '- Login Successful!';

}else{

$message = '- Login Failed!';

}
}
return $result;
?>

Why isn't that enough to sort the problem?

iPixel · October 1, 2007

hit tab by accident ... *SORRY*

iPixel · October 1, 2007

<?

function login($username, $password){
$sql = "SELECT * FROM `members` WHERE username = '$username' AND password = sha1('$password')";
$sqlresult = mysql_query($sql) or die('LOGIN QUERY CHECK ERROR: ' . mysql_error());
$count = mysql_num_rows($sql);

if($count == 0)
   {
       // Do whatver you want to let the user know that LOGIN has failed.

   }
else if($count == 1)
   {
       // Create session and let user know it worked or just redirect them ...
       $_SESSION['valid_user'] = $username;
   }

?>

LemonInflux · October 1, 2007

<?php

function login($username, $password){
$sql = "SELECT * FROM `members` WHERE username = '$username' AND password = sha1('$password')";
$sqlresult = mysql_query($sql) or die('LOGIN QUERY CHECK ERROR: ' . mysql_error());
$count = mysql_num_rows($sql);

if($count == 0)
   {
       $message = '- Login Failed';

   }
else if($count == 1)
   {
       // Create session and let user know it worked or just redirect them ...
       $_SESSION['valid_user'] = $username;
   $message = '- Login Successful!';
   }
}

?>

Blank screen after form action.

LemonInflux · October 1, 2007

Error reporting showing nothing up.

iPixel · October 1, 2007

well yea .. after you create the session you must redirect to a page like index.php or wherever else you want... you can use

<meta http-equiv=refresh content='0;url=index.php'>

content=0 -- this part sets the time to how long it will take in seconds to redirect to url=page.php

so in essence you want

else if($count == 1)
   {
       // Create session and let user know it worked or just redirect them ...
       $_SESSION['valid_user'] = $username;
   $message = '- Login Successful!';
     ?> <meta http-equiv=refresh content='0;url=index.php'><?
   }

and you have an extra bracket after the else part .. dunno why but it might help to remove it.

LemonInflux · October 1, 2007

I know how to use a redirect but the form action="index.php", so surely that would do it anyway?

iPixel · October 1, 2007

show me the form plz

LemonInflux · October 1, 2007

<form name="form1" method="post" action="index.php">
    Username: 
    <input name="username" type="text" id="username">
Password: 
<input name="password" type="text" id="password">
<input type="submit" name="Submit" value="Submit"> 
  </form>

LemonInflux · October 1, 2007

Surely there is a really simple way to do this?

iPixel · October 1, 2007

Ok so im not sure what the problem is ...

step 1 : fill out the form hit submit ... get sent to index.php

step 2 : ur on index.php and checking the login...

step 3 : once the login passes create $ession and redirect to another page.php

... what am i missing ? for now u get the blank page because after

$_SESSION['valid_user'] = $username;
$message = '- Login Successful!';

the script doesnt know what else to do... unless there's something else happening past that.

LemonInflux · October 1, 2007

Basically, you create the session ready, so if you want to post, you have rights.

All it does is display the page as per usual. But when I get round to the posting codes, you won't be able to post unless that session is active.

iPixel · October 1, 2007

well i assume you have start_session(); on all your pages...

LemonInflux · October 1, 2007

I presume you mean session_start(); yes.

iPixel · October 1, 2007

in that case i hit a wall of confusion <?php $im = confused; ?>

LemonInflux · October 1, 2007

OK, problem turned out to be half way down the page, forgot to close a {. Now, every page is showing, you can't log in using any random user and password, but you can't log in with ones that are there, either. Try user: Tom, pass: Test. If it works, the index.php should say, where it says, 'you are not logged in.', next to it should either say 'login failed.' or 'login successful.' But neither happens.

LemonInflux · October 3, 2007

bump

trq · October 3, 2007

Can you post your current code and a specific description of your current problem?

LemonInflux · October 4, 2007

<?php

function login($username, $password){
$sql = "SELECT * FROM `members` WHERE username = '$username' AND password = sha1('$password')";
$sqlresult = mysql_query($sql) or die('LOGIN QUERY CHECK ERROR: ' . mysql_error());
$count = mysql_num_rows($sql);

if($count == 0)
   {
       $message = '- Login Failed';

   }
else if($count == 1)
   {
       // Create session and let user know it worked or just redirect them ...
       $_SESSION['valid_user'] = $username;
   $message = '- Login Successful!';
   }
}

?>

Basically, I have a form ($username and $password) that submits to a page. On that page, I am going to include and run this function to validate the user. The only problem is it doesn't work. Due to the fact that the messages don't display, I'm presuming it doesn't work at all.

BlueSkyIS · October 4, 2007

looks like you have a function defined. does it get called anywhere?

trq · October 4, 2007

You dont echo the messages within the function, nor return the $message variable for display outside of the function. To be honest, your best to have functions simply return true or false, then use the calling code to display your message. eg;

<?php

function login($username, $password){
 $sql = "SELECT * FROM `members` WHERE username = '$username' AND password = sha1('$password')";
 if ($result = mysql_query($sql)) {
   return mysql_num_rows($sql);
 }
  return false;

}

if (login('foo','bar')) {
 $_SESSION['valid_user'] = 'foo';
 echo "login success";
} else {
 echo "login failed";
}

?>

Sign In

Where's the error?

Recommended Posts

Link to comment

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information