xjasonx Posted January 9, 2008 Share Posted January 9, 2008 I got this from the membership tutorial. It's suppose to validate a login then redirect to the admin page. All it does is bring up a blank screen, no error or anything. <?php session_start(); header("Cache-control: private"); include("include/connect.php"); $user = $_POST['user']; $pass = $_POST['pass']; $sql_check_user = "select * from admin where username='$user'"); $result_name_check = mysql_query($sql_check_user); $usersfound = mysql_num_rows($result_name_check); if ($usersfound < 1) { $error = "The user $user was not found."; } else { $sql_check_pass = "select * from admin where username='$user'"); $user_info = mysql_fetch_array(mysql_query($sql_check_pass)); $dbpass = $user_info['password']; if ($pass != $dbpass) { $error = "The password is incorrect."; } else { $_SESSION['username'] = $user_info['username']; $_SESSION['password'] = $user_info['password']; $_SESSION['name'] = $user_info['name']; $_SESSION['email'] = $user_info['email']; header("Location:http://www.scriptsforgames.com/admin.php"); } } if ($error) { echo $error; include("login.html"); } else { echo "WTF!"; } ?> Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted January 9, 2008 Share Posted January 9, 2008 Try this code,But i am not sure about paging flow and db,plz change any thing according to ur needs. <?php session_start(); header("Cache-control: private"); include("include/connect.php"); $user = mysql_real_escape_string($_POST['user']); $pass = mysql_real_escape_string($_POST['pass']); $sql_check_user = "select * from admin where username='$user' and password='$pass'"); $result_name_check = mysql_query($sql_check_user); $usersfound = mysql_num_rows($result_name_check); if ($usersfound < 1) { $error = "The user $user was not found."; echo $error; include("login.html"); } else { $_SESSION['username'] = $user_info['username']; $_SESSION['password'] = $user_info['password']; $_SESSION['name'] = $user_info['name']; $_SESSION['email'] = $user_info['email']; header("Location:http://www.scriptsforgames.com/admin.php"); } ?> Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted January 9, 2008 Share Posted January 9, 2008 People should hash passwords. Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted January 9, 2008 Share Posted January 9, 2008 Yeh ppl hash passwords.This is upto him.No comments on this.but for security hashing is more than better. Now another in ur code: $_SESSION['name'] = $user_info['name']; $_SESSION['email'] = $user_info['email']; From where u store these values to sessions. I did not see these in ur post variables or retrieving it from db. Quote Link to comment Share on other sites More sharing options...
xjasonx Posted January 9, 2008 Author Share Posted January 9, 2008 I'm not worried about getting hacked. If I do, then maybe they'll post some inappropriate news? Until that happens, I won't worry. $_SESSION['name'] = $user_info['name']; $_SESSION['email'] = $user_info['email']; From where u store these values to sessions. I did not see these in ur post variables or retrieving it from db. I retrieved them from db. $user_info = mysql_fetch_array(mysql_query($sql_check_user)); unless that doesn't work? I tryed the code you posted, mmarif4u and still a blank screen. I even tryed adding some text after the closing php tag and that doesn't even show up, so somethings weird. I'm using webhostfreaks as my host if that helps. Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted January 9, 2008 Share Posted January 9, 2008 Why you are double checking,just try this: $user_info = mysql_fetch_object($result_name_check); Quote Link to comment Share on other sites More sharing options...
simcoweb Posted January 9, 2008 Share Posted January 9, 2008 This line: $sql_check_user = "select * from admin where username='$user'"); Take out the ) as it's not needed as is throwing an error in your code. Probably making it die. Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted January 9, 2008 Share Posted January 9, 2008 Complete updated code: <?php session_start(); header("Cache-control: private"); include("include/connect.php"); $user = mysql_real_escape_string($_POST['user']); $pass = mysql_real_escape_string($_POST['pass']); $sql_check_user = "select * from admin where username='$user' and password='$pass'"; $result_name_check = mysql_query($sql_check_user); $usersfound = mysql_num_rows($result_name_check); $user_info = mysql_fetch_object($result_name_check); if ($usersfound < 1) { $error = "The user $user was not found."; echo $error; include("login.html"); } else { $_SESSION['username'] = $user_info['username']; $_SESSION['password'] = $user_info['password']; $_SESSION['name'] = $user_info['name']; $_SESSION['email'] = $user_info['email']; header("Location:http://www.scriptsforgames.com/admin.php"); } ?> Quote Link to comment Share on other sites More sharing options...
xjasonx Posted January 9, 2008 Author Share Posted January 9, 2008 Sorry, I had to work so I couldn't reply. I removed the ")" and now it works. Thanks, mmar, I'm using the code you posted. It's a lot simpler and looks better. Thanks for all your help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.