Jump to content

Recommended Posts

Hello,

 

I have a simple login form that passes its variables to a php script to authenticate a user and redirect to the appropriate page.

 

The problem is the redirect is not working even when I hard code a valid username and password into the query. I know the query works because I have tested the sql statement against the db and it returns the correct result. My code is below...

 

 

<?PHP

session_start();

header("Cache-Control: no-cache, must-revalidate");

include 'connection.php';

 

$User = $_POST["user"];

$Pass = $_POST["pass"];

 

$result = mysql_query("select ID, users.FirstName, users.LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'");

$num_rows = mysql_num_rows($result);

if($num_rows >0)

{

$_SESSION['User'] = $row['FirstName'] + " " + $row['LastName'];

$link = "main.php";

}

else

{

session_destroy();

$link = "login.php";

}

header("Location:".$link);

?>

 

 

Please note... I am always returned to the login.php page regardless of whether or not I hard code a valid username and password into the query.

 

Thank you in advance

 

Firstly, this....

 

$_SESSION['User'] = $row['FirstName'] + " " + $row['LastName'];

 

needs to be....

 

$_SESSION['User'] = $row['FirstName'] . " " . $row['LastName'];

 

Secondly you never check your query for failure bfore attempting to use the results.

 

<?php
session_start(); 
header("Cache-Control: no-cache, must-revalidate");
include 'connection.php';

if (isset($_POST['submit'])) {

  $User = $_POST["user"];
  $Pass = $_POST["pass"];

  $sql = "select ID, users.FirstName, users.LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'"

  if ($result = mysql_query($sql)) {
    if (mysql_num_rows($result)) {
      $_SESSION['User'] = $row['FirstName'] . " " . $row['LastName'];
      $link = "main.php";
    } else {
       session_destroy();
       $link = "login.php";
    }
    header("Location:".$link);
  } else {
    die(mysql_error() . " " . $sql;
  }

}
?>

Well, everything looks OK at first glance.  The best thing to do in these circumstances is to gather information.

 

Place this at the top of your script, after the <?php

  // Spit out $_POST
  echo '<pre style="text-align: left;">' . print_r($_POST, true) . '</pre>';

 

Next, change this line:

$result = mysql_query("select ID, users.FirstName, users.LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'");

to these lines:

  $sql = "select ID, users.FirstName, users.LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'";
  echo $sql . "<br>";
  $result = mysql_query($sql)
    or die(mysql_error());

 

Once we get your querying issues sorted out you should work on cleaning data before attempting to use it in the database.

 

(edit) Good eye, thorpe.  I missed the incorrect operators while setting $_SESSION!

I have friendly error messages turned off.... here is the error I get when I use your code....

 

Server Error in Application "Default Web Site/wcc"

 

--------------------------------------------------------------------------------

 

HTTP Error 500.0 - Internal Server Error

Description: The page cannot be displayed because an internal server error has occurred.

 

Error Code: 0x00000000

 

Notification: ExecuteRequestHandler

 

Module: IsapiModule

 

Requested URL: http://localhost:80/wcc/admin/authenticate.php

 

Physical Path: D:\wwwroot\wcc\admin\authenticate.php

 

Logon User: Anonymous

 

Logon Method: Anonymous

 

Handler: PHP

 

Most likely causes:

 

IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.

IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.

IIS was not able to process configuration for the Web site or application.

The authenticated user does not have permission to use this DLL.

The request is mapped to a managed handler but the .NET Extensibility Feature is not installed.

What you can try:

 

Ensure that the NTFS permissions for the web.config file are correct and allow access to the Web server's machine account.

Check the event logs to see if any additional information was logged.

Verify the permissions for the DLL.

Install the .NET Extensibility feature if the request is mapped to a managed handler.

Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.

More Information... This error means that there was a problem while processing the request. The request was received by the Web server, but during processing a fatal error occurred, causing the 500 error.

 

Microsoft Knowledge Base Articles:

 

294807

 

--------------------------------------------------------------------------------

Server Version Information: Internet Information Services 7.0.

this code.........

 

<?PHP

session_start();

header("Cache-Control: no-cache, must-revalidate");

include 'connection.php';

 

$User = $_POST["user"];

$Pass = $_POST["pass"];

 

$sql = "select ID, FirstName, LastName from users where users.UserName ='".$User."' and users.Password ='".$Pass."'";

$result = mysql_query($sql);

$num_rows = mysql_num_rows($result);

if($num_rows >0)

{

$_SESSION['User'] = $row['FirstName']." ".$row['LastName'];

header("Location:".$link);

}

else

{

session_destroy();

echo "User:".$User."<br>";

echo "Pass:".$Pass."<br>";

echo "Query:".$sql."<br>";

echo "Rows:".$num_rows;

}

?>

 

 

produces this result..........

 

User:jkish

Pass:test

Query:select ID, FirstName, LastName from users where users.UserName ='jkish' and users.Password ='test'

Rows:

 

 

why is the result empty?

When I run that query directly against the db it works fine and returns this.......

 

ID          FirstName   LastName

1 Jocelyn   Kish

 

 

Thank you again for all of your help. This has me stumped

 

 

Perhaps connection.php isn't establishing the connection properly?

 

Someone else suggest removing users. from your column names, since you're only selecting from a single table.  I can't see how that'd make a difference, but it might.

 

You might also enclose all of your column names and the table name in backticks.

 

(EDIT)  You should really echo the output from mysql_error(); that'd be your biggest clue.

Thank you for all of your help. I feel very dumb now. I added .....

 

die(mysql_error() . " " . $sql);

 

and the problem was the connection.php file.... it contained a misspelled password.

 

It works fine now.

 

also, the error with the code provided by thorpe was that the last line .... die(mysql_error() . " " . $sql;  was missing a closing )

 

Again, thank you for all of your help. I am truly sorry if I wasted you time. However, being a newbie, I guess that is how you learn sometimes.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.