psychowolvesbane Posted February 4, 2008 Share Posted February 4, 2008 I have a form for logging in to an Admin folder which should restrict access to the pages there (I will also have a htaccess file stopping access in the address bar but no password file) but the form comes up blank on the screen so it must be some vital thing I have missed on the page like a if statement { or something, yet I have tried searching and can't find anything so I need another pair of eyes to help me find the bugger. <?php session_Start(); include "admin/connect_details.php"; $LoginB = $_POST['LoginB']; $UserLogin = $_POST['Username']; $PasswordLogin = $_POST'['Password']; if($_SESSION['AdminLogin']==true) { $_SESSION['AdminLogin']=true; $ValidLogin = true; } else { if(empty($UserLogin)) { $Valid_Username = false; $Errors++; $MessageUser = "Please enter a Username"; } if(empty($PasswordLogin)) { $Valid_Password = false; $Errors++; $MessagePassword = "Please enter a Password"; } if($Errors==0) { $conn = mysql_connect($Host,$Username,$Password) or die(mysql_error()); $db = mysql_select_db($Dbname, $conn); $sql = "SELECT UserName,Password FROM Clothing WHERE Username='$UserLogin',Password='$PasswordLogin'"; $rs = mysql_query($sql,$conn) or die('Problem with query: ' . $sql . '<br />' . mysql_error()); if(mysql_affected_rows==0) { $Errors++; $MessageForm = "Invalid UserName/Password!"; $ValidLogin = false; } else { $_SESSION['AdminLogin']=true; $ValidLogin = true; } mysql_close($conn); } } ?> <html> <head> <title>Clothing Line</title> <link href="admin/stylesheetCL.css" rel="stylesheet"> <?php require('admin/jscript.inc') ?> <?php if($ValidLogin==true && $_SESSION['AdminLogin']==true) { ?> <meta HTTP-EQUIV="REFRESH" content="0; url=admin/admin.php"> <?php } ?> </head> <body> <?php require('admin/header.inc') ?> <?php require('menu.inc') ?> <div style="position:absolute; top:5px; left:200px; width:550px"> <?php if($ValidLogin==false) { echo "<span class='errmsg'>! $MessageForm</span><br><br>"; } ?> <form method="post" action='login_form.php'/> <?php if($LoginB != "Submit") { ?> Username: <input type="text" name="Username" value=""/> <br> <br> Password: <input type="password" name="Password" value=""/> <br> <br> <?php } elseif($LoginB == "Submit") { if($Valid_Username == false) { ?> <span class="errmsg">! $MessageUser</span><br> <?php } ?> Username: <input type="text" name="Username" value="<?php echo $UserLogin?>"/> <br> <br> <?php if($Valid_Password == false) { ?> <span class="errmsg">! $MessagePassword</span><br> <?php } ?> Password: <input type="password" name="Password" value="<?php echo $PasswordLogin?>"/> <br> <br> <?php } ?> <input type="submit" class="buttonS" name="LoginB" value="Go" onMouseOver="OverMouse(this)"; onMouseOut="OutMouse(this)"/> </form> </div> </body> </html> Link to comment https://forums.phpfreaks.com/topic/89354-solved-login-form-probs/ Share on other sites More sharing options...
trq Posted February 4, 2008 Share Posted February 4, 2008 Notcie the error on this line? $PasswordLogin = $_POST'['Password']; should be (for starters).... $PasswordLogin = $_POST['Password']; Link to comment https://forums.phpfreaks.com/topic/89354-solved-login-form-probs/#findComment-457541 Share on other sites More sharing options...
psychowolvesbane Posted February 4, 2008 Author Share Posted February 4, 2008 Okay now i'm getting a syntax error for the sql, most likely because of the WHERE part, I didn't know exactly how to specify more than 1 criteria so I made an educated guess. Link to comment https://forums.phpfreaks.com/topic/89354-solved-login-form-probs/#findComment-457548 Share on other sites More sharing options...
psychowolvesbane Posted February 4, 2008 Author Share Posted February 4, 2008 I changed the sql to $sql = "SELECT UserName,Password FROM UserAccount WHERE Username='$UserLogin' AND Password='$PasswordLogin'"; Link to comment https://forums.phpfreaks.com/topic/89354-solved-login-form-probs/#findComment-457556 Share on other sites More sharing options...
psychowolvesbane Posted February 4, 2008 Author Share Posted February 4, 2008 However it is going to my "Invalid Usernamer/Password" message when I enter the correct details. Here's my current code <?php session_Start(); include "admin/connect_details.php"; $LoginB = $_POST['LoginB']; $UserLogin = $_POST['Username']; $PasswordLogin = $_POST['Password']; if($_SESSION['AdminLogin']==true) { $_SESSION['AdminLogin']=true; $ValidLogin = true; } else { if(empty($UserLogin)) { $Valid_Username = false; $Errors++; $MessageUser = "Please enter a Username"; } if(empty($PasswordLogin)) { $Valid_Password = false; $Errors++; $MessagePassword = "Please enter a Password"; } if($Errors==0) { $conn = mysql_connect($Host,$Username,$Password) or die(mysql_error()); $db = mysql_select_db($Dbname, $conn); $sql = "SELECT UserName,Password FROM UserAccount WHERE Username='$UserLogin' AND Password='$PasswordLogin'"; $rs = mysql_query($sql,$conn) or die('Problem with query: ' . $sql . '<br />' . mysql_error()); if(mysql_affected_rows==0) { $Errors++; $MessageForm = "Invalid UserName/Password!"; $ValidLogin = false; } else { $_SESSION['AdminLogin']=true; $ValidLogin = true; } mysql_close($conn); } } ?> <html> <head> <title>Clothing Line</title> <link href="admin/stylesheetCL.css" rel="stylesheet"> <?php require('admin/jscript.inc') ?> <?php if($ValidLogin==true && $_SESSION['AdminLogin']==true) { ?> <meta HTTP-EQUIV="REFRESH" content="0; url=admin/admin.php"> <?php } ?> </head> <body> <?php require('admin/header.inc') ?> <?php require('menu.inc') ?> <div style="position:absolute; top:5px; left:200px; width:550px"> <?php if($ValidLogin==false) { echo "<span class='errmsg'>! $MessageForm</span><br><br>"; } ?> <form method="post" action='login_form.php'/> <?php if($LoginB != "Submit") { ?> Username: <input type="text" name="Username" value=""/> <br> <br> Password: <input type="password" name="Password" value=""/> <br> <br> <?php } elseif($LoginB == "Submit") { if($Valid_Username == false) { ?> <span class="errmsg">! $MessageUser</span><br> <?php } ?> Username: <input type="text" name="Username" value="<?php echo $UserLogin?>"/> <br> <br> <?php if($Valid_Password == false) { ?> <span class="errmsg">! $MessagePassword</span><br> <?php } ?> Password: <input type="password" name="Password" value="<?php echo $PasswordLogin?>"/> <br> <br> <?php } ?> <input type="submit" class="buttonS" name="LoginB" value="Go" onMouseOver="OverMouse(this)"; onMouseOut="OutMouse(this)"/> </form> </div> </body> </html> Link to comment https://forums.phpfreaks.com/topic/89354-solved-login-form-probs/#findComment-457562 Share on other sites More sharing options...
trq Posted February 4, 2008 Share Posted February 4, 2008 Its usually easiest to check the manual rather than have a guess. $sql = "SELECT UserName,`Password` FROM Clothing WHERE Username='$UserLogin' && `Password` = '$PasswordLogin'"; Link to comment https://forums.phpfreaks.com/topic/89354-solved-login-form-probs/#findComment-457568 Share on other sites More sharing options...
trq Posted February 4, 2008 Share Posted February 4, 2008 mysql_affected_rows works on inserts and deletes only. Try... if(mysql_num_rows($rs)==0) { $Errors++; $MessageForm = "Invalid UserName/Password!"; $ValidLogin = false; } else { $_SESSION['AdminLogin']=true; $ValidLogin = true; } Link to comment https://forums.phpfreaks.com/topic/89354-solved-login-form-probs/#findComment-457571 Share on other sites More sharing options...
psychowolvesbane Posted February 4, 2008 Author Share Posted February 4, 2008 The username and password still are not being accepted :-\ <?php session_Start(); include "admin/connect_details.php"; $LoginB = $_POST['LoginB']; $UserLogin = $_POST['Username']; $PasswordLogin = $_POST['Password']; echo "Username = $UserLogin<br>"; echo "Password = $PasswordLogin<br>"; if($_SESSION['AdminLogin']==true) { $_SESSION['AdminLogin']=true; $ValidLogin = true; } else { if(empty($UserLogin)) { $Valid_Username = false; $Errors++; $MessageUser = "Please enter a Username"; } if(empty($PasswordLogin)) { $Valid_Password = false; $Errors++; $MessagePassword = "Please enter a Password"; } if($Errors==0) { $conn = mysql_connect($Host,$Username,$Password) or die(mysql_error()); $db = mysql_select_db($Dbname, $conn); //$sql = "SELECT Username,Password FROM UserAccount WHERE Username='$UserLogin' && Password='$PasswordLogin'"; $sql = "SELECT `Username`, `Password` FROM `UserAccount` WHERE `Username` = 'UserLogin' AND `Password` = '$PasswordLogin'"; $rs = mysql_query($sql,$conn) or die('Problem with query: ' . $sql . '<br />' . mysql_error()); if(mysql_num_rows==0) { $Errors++; $MessageForm = "Invalid UserName/Password!"; $ValidLogin = false; } else { $_SESSION['AdminLogin']=true; $ValidLogin = true; } mysql_close($conn); } } ?> <html> <head> <title>Clothing Line</title> <link href="admin/stylesheetCL.css" rel="stylesheet"> <?php require('admin/jscript.inc') ?> <?php if($ValidLogin==true && $_SESSION['AdminLogin']==true) { ?> <meta HTTP-EQUIV="REFRESH" content="0; url=admin/admin.php"> <?php } ?> </head> <body> <?php //require('admin/header.inc') ?> <?php require('menu.inc') ?> <div style="position:absolute; top:5px; left:200px; width:550px"> <?php if($ValidLogin==false) { echo "<span class='errmsg'>! $MessageForm</span><br><br>"; } ?> <form method="post" action='login_form.php'/> <?php if($LoginB != "Submit") { ?> Username: <input type="text" name="Username" value=""/> <br> <br> Password: <input type="password" name="Password" value=""/> <br> <br> <?php } elseif($LoginB == "Submit") { if($Valid_Username == false) { ?> <span class="errmsg">! $MessageUser</span><br> <?php } ?> Username: <input type="text" name="Username" value="<?php echo $UserLogin?>"/> <br> <br> <?php if($Valid_Password == false) { ?> <span class="errmsg">! $MessagePassword</span><br> <?php } ?> Password: <input type="password" name="Password" value="<?php echo $PasswordLogin?>"/> <br> <br> <?php } ?> <input type="submit" class="buttonS" name="LoginB" value="Go" onMouseOver="OverMouse(this)"; onMouseOut="OutMouse(this)"/> </form> </div> </body> </html> [code] [/code] Link to comment https://forums.phpfreaks.com/topic/89354-solved-login-form-probs/#findComment-457579 Share on other sites More sharing options...
trq Posted February 4, 2008 Share Posted February 4, 2008 Are you sure the passwords are not md5'd? They should be. Link to comment https://forums.phpfreaks.com/topic/89354-solved-login-form-probs/#findComment-457583 Share on other sites More sharing options...
trq Posted February 4, 2008 Share Posted February 4, 2008 Also, it should be... if(mysql_num_rows($rs) ==0) Link to comment https://forums.phpfreaks.com/topic/89354-solved-login-form-probs/#findComment-457585 Share on other sites More sharing options...
psychowolvesbane Posted February 4, 2008 Author Share Posted February 4, 2008 That was it! Thank you, now I just need to add all the SESSION stuff to the other pages so it won't need to re-login everytime. Link to comment https://forums.phpfreaks.com/topic/89354-solved-login-form-probs/#findComment-457597 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.