[SOLVED] Help with login script

[cs1h]

Hi,

 

I have a login in script so that people can login to my site, the problem is that its creating the cookie (so allowing acces to the site) but it comes up with the message that

Sorry, there is no username or password with:

Try again

 

I can't work out why it would do this, but I think it might have something to do with my auto_redirect.

 

The script is,

<?php
ob_start();

include("config.php"); 

// connect to the mysql server 
$link = mysql_connect($server, $db_user, $db_pass) 
or die ("Could not connect to mysql because ".mysql_error()); 

// select the database
mysql_select_db($database) 
or die ("Could not select database because ".mysql_error()); 

$match = "select id from $table where username = '".$_POST['username']."' 
and password = '".$_POST['password']."';"; 

$qry = mysql_query($match) 
or die ("Could not match data because ".mysql_error()); 
$num_rows = mysql_num_rows($qry); 

if ($num_rows <= 0) { 
echo "Sorry, there is no username or password with: <strong>".$_POST['username']."</strong><br>"; 
echo "<a href=index.php>Try again</a>"; 
exit;

} else { 

setcookie("loggedin", "".$_POST['username']."", time()+(3600 * 4));
}
ob_end_flush();

?>

<?php

$abc = $_POST['hiddenField'];

echo "<meta http-equiv=\"refresh\" content=\"0; URL=$abc\">"; 

?>

 

Any one have any ideas?

 

Thanks,

 

Colin

[revraz]

What does your form code look like?

 

It's returning that result because this line is true

 

if ($num_rows <= 0)

 

Which means either the username/pw doesn't match or your form isn't passing the $_POST data correctly

[cs1h]

The form looks like this,

 

<FORM onsubmit="return validate()" action=test_login.php method=post>
      <table id="table13" cellspacing="0" cellpadding="0" width="574" border="0">
        <tbody>
          <tr>
            <td width="14" background="line_left_corner_top.png"> </td>
            <td background="line_top.png" colspan="2" height="28"> </td>
            <td align="middle" width="14" background="line_top.png" height="28"> </td>
            <td align="middle" width="14" background="line_top.png" height="28"> </td>
            <td align="middle" width="14" background="line_top.png" height="28"> </td>
            <td align="middle" background="line_top.png" colspan="2" height="28"> </td>
            <td align="middle" width="14" background="line_right_corner_top.png"> </td>
          </tr>
          <tr>
            <td width="14" background="line_left.png" rowspan="6"> </td>
            <td align="left" colspan="2"><font color="#00518d"><span class="Large_Blue">SIGN IN</span></font></td>
            <td align="left" width="14" background="line_right.png" rowspan="6"> </td>
            <td align="left" width="14" rowspan="6"> </td>
            <td align="left" width="14" rowspan="6"> </td>
            <td valign="top" align="left" colspan="2"><font color="#00518d"><span class="Large_Blue">NOT A MEMBER?</span></font></td>
            <td valign="top" align="left" width="14" background="line_right.png" rowspan="6"> </td>
          </tr>
          <tr>
            <td align="left" colspan="2"><input name="hiddenField2" type="hidden" id="hiddenField2" value="<?php echo $_GET["old"]; ?>" /></td>
            <td valign="top" align="left" colspan="2"> </td>
          </tr>
          <tr>
            <td width="70" height="0" align="left" valign="middle"><span class="style3"><font face="Verdana" color="#000000">Email:</font></span></td>
            <td width="150" height="0" align="right" valign="middle"><input id="username" size="14" name="username" /></td>
            <td valign="top" align="left" colspan="2" rowspan="2"><p class="Small_Black">Myroho is an independent travel magazine, a backpacking  guide-book, a news service, a volunteer and travel work directory, and a positive campaign group. At myroho, we believe that  everyone in the global backpacking community, seasoned campaigners and novices alike, has something helpful to add and share.</p></td>
          </tr>
          <tr>
            <td width="70" height="0" align="left"><span class="style3"><b><font face="Verdana" color="#000000">Password:</font></b></span></td>
            <td width="150" height="0" align="right"><input id="password" type="password" size="14" name="password" /></td>
          </tr>
          <tr>
            <td align="left" colspan="2"> </td>
            <td valign="top" align="left" colspan="2"> </td>
          </tr>
          <tr>
            <td align="left"><span class="Small_Blue"><a href="#" onclick="MM_openBrWindow('forget_password.html','','width=500,height=250')">Forget your password?</a></span></td>
            <td align="right"><input type="image" height="28" alt="Sign in" width="110" src="sign_in.gif" value="submitname" border="0" name="image" /></td>
            <td class="Small_Blue" valign="top" align="left" width="131">Register with myroho......</td>
            <td valign="top" align="left" width="153"><label><a href="register.html"><img height="28" src="register.png" width="110" border="0" /></a></label></td>
          </tr>
          <tr>
            <td background="line_left_corner.png"> </td>
            <td background="line_base.png" colspan="2" height="19"> </td>
            <td background="line_base.png" height="19"> </td>
            <td background="line_base.png" height="19"> </td>
            <td background="line_base.png" height="19"> </td>
            <td valign="top" align="left" background="line_base.png" colspan="2" height="28"> </td>
            <td valign="top" align="left" background="line_right_corner.png"> </td>
          </tr>
          <tr>
            <td height="21" colspan="9"></td>
          </tr>
        </tbody>
      </table>
    </FORM>

 

All help is appriciated,

 

Colin

[boushley]

Did you say that it was setting the cookie as well?

 

All the fields seem to match up... other than the hiddenfield... you have hiddenfield2 in the form and just hiddenfield in the php page... but that should not be causing the error you're reporting!

[cs1h]

yeh its setting the cooky.

[boushley]

Are you sure the cookie wasn't already set?  Because... it really has no way to get into the if & the else.

 

What does the security that you're putting onto each page look like?

 

Try putting some echo statments in there... and see if it is really getting into both sides of the if (it really shouldn't be).

[revraz]

Your error indicates that form data is not being passed, since the $_POST['username'] is blank in the error.

 

And I can't see how both, the cookie gets set and it ruturns the error above it since its a IF ELSE statement.

[revraz]

What I would do is just use a plain form, and see if it works:

 

<form action="test_login.php " method="post">
<tr><td>Username</td></tr>
<tr><td><input class="input" type="text" id="username" name="username" /> </td></tr>
<tr><td>Password</td></tr>
<tr><td><input class="input" type="text" id="password" name="password"  /></td></tr>
</form>

[cs1h]

When I run it, it looks like its proccesing the data twice i.e. the first time it sets the cooky and the second time it doesn't because its already used the data.

 

Does any one this might be right? and why it is doing it?

 

Cheers,

Colin

[boushley]

Well, are there any pages that forward someone to this page?  AKA On each page when you check if they are logged in... do you send them back here?  Obviously there is something funky happening if you are hitting both the if and the else. 

 

My guess is that you are correct, that it is processing the information twice.  So try taking out your redirect first... just to confirm this is the case...

 

Then start looking elsewhere... when they redirect, why would they be sent back to this page?

[cs1h]

Hi thanks for the help, I found the problem.

 

The hiddenfield name was wrong, it should have had a two on the end.

 

Thanks again for all the help.

 

Colin