Ads Posted November 5, 2007 Share Posted November 5, 2007 my Login pages logins no matter what i enter Login.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login</title> <link href="style1.css" rel="stylesheet" type="text/css" /> </head> <body> <form method="post" action="loginck.php" target="_parent"> <p align="center"> <span class="style2">Enter Email:</span> <br> <input type="text" name="email"> <br> <span class="style2">Enter Passowrd:</span><br> <input type="password" name="password"> <br> <input name="Submit" type="submit" class="top" value="Submit"> </p> <p align="center"> </p> <p align="center"> </div> <strong>Messages:</strong> </p> </p> <div align="center">Working on</div> </body> </html> loginck.php <? session_start(); ?> <?php include "include/db.php"; ?> <!doctype html public "-//w3c//dtd html 3.2//en"> <html> <head> <link href="style1.css" rel="stylesheet" type="text/css"> <title>(Type a title for your page here)</title> </head> <body> <? // convert username and password from _POST or _SESSION if($_POST['submit']){ $_SESSION['email']=$_POST["email"]; $_SESSION['password']=$_POST["password"]; } // query for a user/pass match $result=mysql_query("select * from players where email='" . $_SESSION['email'] . "' and password='" . $_SESSION['password'] . "'"); // retrieve number of rows resulted $num=mysql_num_rows($result); // print login form and exit if failed. if($num < 1){ echo "You are not authenticated. Please login.<br><br> "; exit; } print "<script>"; print " self.location='main.php';"; // Comment this line if you don't want to redirect print "</script>"; ?> </body> </html> main.php <?php session_start(); ?> <?php include "include/db.php"; ?> <html> <head> <title>Apples xD </title> <link href="style1.css" rel="stylesheet" type="text/css"> </head> <body> <?php $email = trim($_SESSION['email']); $sql = "SELECT username FROM players WHERE email = '$email'"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); echo $row['username'] . "<br />"; } else { echo "No results found"; } } else { echo "Query failed<br />" . mysql_error() . "<br />$sql"; } ?> </body> </html> Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/ Share on other sites More sharing options...
poizn Posted November 5, 2007 Share Posted November 5, 2007 You should read up on SQL injection and other php security related topics http://www.ilovejackdaniels.com/php/writing-secure-php/ http://ocliteracy.com/techtips/sql-injection.html Or just google SQL injections Cheers Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-384958 Share on other sites More sharing options...
farkewie Posted November 5, 2007 Share Posted November 5, 2007 this should do the same thing. <?php $email = trim($_SESSION['email']); $sql = "SELECT username FROM players WHERE email='$email'"; $sql = mysql_query($sql); $row = mysql_fetch_assoc($sql); $email = $row['email']; if (!isset($email)) { echo "you are not allowed to acces this page"; exit; } ?> Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-384965 Share on other sites More sharing options...
Ads Posted November 5, 2007 Author Share Posted November 5, 2007 this should do the same thing. <?php $email = trim($_SESSION['email']); $sql = "SELECT username FROM players WHERE email='$email'"; $sql = mysql_query($sql); $row = mysql_fetch_assoc($sql); $email = $row['email']; if (!isset($email)) { echo "you are not allowed to acces this page"; exit; } ?> only Problem now is i can't Login in at all. Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-384975 Share on other sites More sharing options...
rajivgonsalves Posted November 5, 2007 Share Posted November 5, 2007 this $email = $row['email']; should be $email = $row['username']; and also check for the password in the query SELECT username FROM players WHERE email='$email' and password='xxx' Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-384979 Share on other sites More sharing options...
Ads Posted November 5, 2007 Author Share Posted November 5, 2007 this $email = $row['email']; should be $email = $row['username']; and also check for the password in the query SELECT username FROM players WHERE email='$email' and password='xxx' Fixes the Error, but Gives back Nothing Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-384983 Share on other sites More sharing options...
rajivgonsalves Posted November 5, 2007 Share Posted November 5, 2007 you if statement should be if (!isset($email)) { echo "you are not allowed to acces this page"; exit; } else { echo "logged in"; } Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-384985 Share on other sites More sharing options...
Ads Posted November 5, 2007 Author Share Posted November 5, 2007 you if statement should be if (!isset($email)) { echo "you are not allowed to acces this page"; exit; } else { echo "logged in"; } I want it to echo the users name? if that is possible Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-384988 Share on other sites More sharing options...
rajivgonsalves Posted November 5, 2007 Share Posted November 5, 2007 else { echo "logged in as ".$email; } actually change the names of your variables they will become confusing after some time <?php $email = trim($_SESSION['email']); $password = trim($_SESSION['password']); $sql = "SELECT username FROM players WHERE email='$email' and password='$password'"; $sql = mysql_query($sql); $row = mysql_fetch_assoc($sql); $username = $row['username']; if (!isset($username)) { echo "you are not allowed to acces this page"; exit; } else { echo "Logged in as ".$username; } ?> Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-384991 Share on other sites More sharing options...
farkewie Posted November 5, 2007 Share Posted November 5, 2007 logincheck.php <?php include ("db.php"); $username = $_POST['username']; $password = $_POST['password']; $check = =mysql_query("select * from players where username='$username'"); $check = mysql_query($check); $row = mysql_fetch_assoc($check); $db_user = $row['username']; $db_password = $row['password']; if (!$db_user) { $message = "<head><link href=\"styles.css\" rel=\stylesheet\" type=\"text/css\" /></head> <p class=\"errortext\"><strong>$user_name</strong> is not in the database...</p>"; } // give error if user exists but wrong password else if (($db_user)&& ($password !== $db_password)) { $message = "<head><link href=\"styles.css\" rel=\stylesheet\" type=\"text/css\" /></head> <p class=\"errortext\"> Your password is wrong...</p>"; } else if (($db_user) && ($password == $db_password)){ setcookie ("username",$username,+3600); } ?> then in main.php if (!isset($_COOKIE['username'])) { echo "you are not allowed to acces this page"; exit; } else { echo "logged in"; } Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-384992 Share on other sites More sharing options...
Ads Posted November 5, 2007 Author Share Posted November 5, 2007 Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource useing that code above Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-384993 Share on other sites More sharing options...
farkewie Posted November 5, 2007 Share Posted November 5, 2007 <?php include ("db.php"); $username = $_POST['username']; $password = $_POST['password']; $check = mysql_query("select * from players where username='$username'"); $check = mysql_query($check); $row = mysql_fetch_assoc($check); $db_user = $row['username']; $db_password = $row['password']; if (!$db_user) { $message = "<head><link href=\"styles.css\" rel=\stylesheet\" type=\"text/css\" /></head> <p class=\"errortext\"><strong>$user_name</strong> is not in the database...</p>"; } // give error if user exists but wrong password else if (($db_user)&& ($password !== $db_password)) { $message = "<head><link href=\"styles.css\" rel=\stylesheet\" type=\"text/css\" /></head> <p class=\"errortext\"> Your password is wrong...</p>"; } else if (($db_user) && ($password == $db_password)){ setcookie ("username",$username,+3600); } ?> Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-384994 Share on other sites More sharing options...
Ads Posted November 5, 2007 Author Share Posted November 5, 2007 $row = mysql_fetch_assoc($check); Thats where the error is Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-384996 Share on other sites More sharing options...
adam291086 Posted November 5, 2007 Share Posted November 5, 2007 change $check = mysql_query("select * from players where username='$username'"); $check = mysql_query($check); $row = mysql_fetch_assoc($check); To this $sql = mysql_query("select * from players where username='$username'"); $result = mysql_query($sql); $row = mysql_fetch_assoc($result); That should work Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-384998 Share on other sites More sharing options...
Ads Posted November 5, 2007 Author Share Posted November 5, 2007 Still nothing sorry Still getting the Erros Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-385000 Share on other sites More sharing options...
trq Posted November 5, 2007 Share Posted November 5, 2007 This.... <?php $check = mysql_query("select * from players where username='$username'"); $check = mysql_query($check); $row = mysql_fetch_assoc($check); ?> Should be.... <?php $sql = "SELECT * FROM players WHERE username='$username'"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { // user is valid. // do login. } else { // username not found. } } else { echo mysql_error(); } ?> Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-385004 Share on other sites More sharing options...
Ads Posted November 5, 2007 Author Share Posted November 5, 2007 Cool loginck.php works, but now Main.php doesn;t, It says i am entering Incorrect Stuff <?php session_start(); ?> <?php include "include/db.php"; ?> <html> <head> <title> </title> <link href="style1.css" rel="stylesheet" type="text/css"> </head> <body> <?php $email = trim($_SESSION['email']); $password = trim($_SESSION['password']); $sql = "SELECT username FROM players WHERE email='$email' and password='$password'"; $sql = mysql_query($sql); $row = mysql_fetch_assoc($sql); $username = $row['username']; if (!isset($_COOKIE['username'])) { echo "you are not allowed to acces this page"; exit; } else { echo "logged in"; } ?> </body> </html> Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-385008 Share on other sites More sharing options...
farkewie Posted November 5, 2007 Share Posted November 5, 2007 $check = mysql_query($check)or die (mysql_error()); and for debug place this at top of all pages <?php ini_set('error_reporting', E_ALL); ?> Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-385010 Share on other sites More sharing options...
Ads Posted November 5, 2007 Author Share Posted November 5, 2007 Notice: Undefined index: email line 17 Notice: Undefined index: password line 18 Notice: Undefined variable: check line 23 Query was empty Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-385012 Share on other sites More sharing options...
farkewie Posted November 5, 2007 Share Posted November 5, 2007 OK give these at try .. Loginform.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login</title> <link href="style1.css" rel="stylesheet" type="text/css" /> </head> <body> <form method="post" action="loginck.php" target="_parent"> <p align="center"> <span class="style2">Enter Email:</span> <br> <input type="text" name="email" id="email"> <br> <span class="style2">Enter Passowrd:</span><br> <input type="password" name="password"> <br> <input name="Submit" type="submit" class="top" value="Submit"> </p> <p align="center"> </p> <p align="center"> </div> <strong>Messages:</strong> </p> </p> <div align="center">Working on</div> </body> </html> loginck.php <?php include ("db.php"); $email = $_POST['email']; $password = $_POST['password']; $check = =mysql_query("select * from players where email='$email'"); $check = mysql_query($check); $row = mysql_fetch_assoc($check); $db_user = $row['email']; $db_password = $row['password']; if (!$db_user) { $message = "<head><link href=\"styles.css\" rel=\stylesheet\" type=\"text/css\" /></head> <p class=\"errortext\"><strong>$email</strong> is not in the database...</p>"; } // give error if user exists but wrong password else if (($db_user)&& ($password !== $db_password)) { $message = "<head><link href=\"styles.css\" rel=\stylesheet\" type=\"text/css\" /></head> <p class=\"errortext\"> Your password is wrong...</p>"; } else if (($db_user) && ($password == $db_password)){ setcookie ("email",$email,+3600); header ("Location:main.php"); } ?> main.php <?php $email = trim($_COOKIE['email']); $password = trim($_SESSION['password']); $sql = "SELECT username FROM players WHERE email='$email' and password='$password'"; $sql = mysql_query($sql); $row = mysql_fetch_assoc($sql); $username = $row['username']; if (!isset($username)) { echo "you are not allowed to acces this page"; exit; } else { echo "Logged in as ".$username; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> content here </body> </html> Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-385014 Share on other sites More sharing options...
trq Posted November 5, 2007 Share Posted November 5, 2007 Why do you keep removing the if statements from the examples I post? Thay are there for a reason. To trap errors. Do you want this code to work properly into the future or just get some makeshift hack working? Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-385015 Share on other sites More sharing options...
farkewie Posted November 5, 2007 Share Posted November 5, 2007 Sorry which ones did i remove? i am not intending to i was just rying to get something working, i noticed the varibles were changed between pages. ill take a look through the post too see what i changed and re post it. im not going to argue with you you hae WAY more stars than me...lol Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-385017 Share on other sites More sharing options...
Ads Posted November 6, 2007 Author Share Posted November 6, 2007 Am still getting this Error: Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-385487 Share on other sites More sharing options...
farkewie Posted November 6, 2007 Share Posted November 6, 2007 on what page? are you getting any other errors on he screen? did you copy those pages exactly asi posted them or did you add/ change some stuff? Im fairly new to php but this should just be a simplescript so please postall the text our of the browser when it displayed the error and ill take a look. Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-385516 Share on other sites More sharing options...
Ads Posted November 6, 2007 Author Share Posted November 6, 2007 umm fixed that error, When I log in It Just Displays "you are not allowed to acces this page" On mina.php And If i enter in the wrong info, loginck.php displays nothing. and On Loginck.php i changed that 'header location' thingy to this print "<script>"; print " self.location='main.php';"; print "</script>"; Link to comment https://forums.phpfreaks.com/topic/76051-solved-login-not-working/#findComment-385522 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.