anbdesigns Posted February 9, 2008 Share Posted February 9, 2008 This was taken from some old code 2+ years ago. It worked when I last used it, but have decided to re-use it. I modified it recently because of some changes regarding global variables/sessions (php 4.2.3). Anyway, when someone clicks the Login button on login.php, this code is processed. checkuser.php <?php ini_set ("display_errors", "1"); error_reporting(E_ALL); /* Check User Script */ session_start(); // Start Session include 'db.php'; // Convert to simple variables $username = $_POST['username']; $user_pass = $_POST['user_pass']; if((!$username) || (!$user_pass)){ echo "<center />Please enter Username and Password! <br />"; include 'login.php'; exit(); } // Convert password to md5 hash $user_pass = md5($user_pass); // check if the user info validates the db $sql = mysql_query("SELECT * FROM info WHERE username='$username' AND user_pass='$user_pass'"); $login_check = mysql_num_rows($sql); if($login_check > 0){ while($row = mysql_fetch_array($sql)){ foreach( $row AS $key => $val ){ $$key = stripslashes( $val ); } $fname = $_POST['fname']; $lname = $_POST['lname']; $email = $_POST['email']; $user_level = $_POST['user_level']; $_SESSION['username'] = $username; $_SESSION['fname'] = $fname; $_SESSION['lname'] = $lname; $_SESSION['email'] = $email; $_SESSION['user_level'] = $user_level; $_SESSION['user_pass'] = $user_pass; mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'"); header("Location: members.php"); } } else { echo "You could not be logged in! Your username and/or password were incorrect!<br /> Please try again!<br />"; include 'login.php'; } ?> I don't see where there is any output before the header. Am I missing something? I haven't coded at all lately, so I'm a bit rusty. Any help/advice is appreciated. See error below: Notice: Undefined index: fname in /home/*****/public_html/checkuser.php on line 34 Notice: Undefined index: lname in /home/*****/public_html/checkuser.php on line 35 Notice: Undefined index: email in /home/*****/public_html/checkuser.php on line 36 Notice: Undefined index: user_level in /home/*****/public_html/checkuser.php on line 37 Warning: Cannot modify header information - headers already sent by (output started at /home/*****/public_html/checkuser.php:34) in /home/*****/public_html/checkuser.php on line 48 members.php <?php session_start(); require 'db.php'; $username = $_POST['username']; $user_pass = $_POST['user_pass']; if (!$username || !$user_pass){ die('You are not logged in! <a href=login.php>Click here</a> to login.'); } ?> This is the code processed before the html code. I don't think it has to do with the header error, but I would like to know if I need to have the variables assigned on this page? Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted February 9, 2008 Share Posted February 9, 2008 you have very verbose error reporting on thus when POST isn't set the variables $_POST['VARNAME'] are dead and thus it errors Either bring error reporting down or add a check if(!EMPTY($_POST)){ before redeclaring post vars Edit: The header error is not reallly there its top down from the php producing output errors for undefined indexcies Quote Link to comment Share on other sites More sharing options...
anbdesigns Posted February 9, 2008 Author Share Posted February 9, 2008 Ok, so it looks like it's not a header problem I put in some junk for the undefined indexes. With error reporting on, it doesn't give any errors now, but apparently the username & password aren't being taken & executing the die string in members.php (see modified original post). Any ideas? :> Thanks for your help! Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted February 9, 2008 Share Posted February 9, 2008 put Print_R($_POST) at the top of the page and see what you get, maybe you TyPoed the Post Var names Quote Link to comment Share on other sites More sharing options...
anbdesigns Posted February 10, 2008 Author Share Posted February 10, 2008 It just gives: Array ( ) I believe this section was the only part changed. $fname = $_POST['fname']; $lname = $_POST['lname']; $email = $_POST['email']; $user_level = $_POST['user_level']; $_SESSION['username'] = $username; $_SESSION['fname'] = $fname; $_SESSION['lname'] = $lname; $_SESSION['email'] = $email; $_SESSION['user_level'] = $user_level; $_SESSION['user_pass'] = $user_pass; Quote Link to comment Share on other sites More sharing options...
nethnet Posted February 10, 2008 Share Posted February 10, 2008 The $_POST array is empty according to what you just said. Check your form to make sure the data is being passed along to this script. Quote Link to comment Share on other sites More sharing options...
anbdesigns Posted February 10, 2008 Author Share Posted February 10, 2008 Here is the form code. The only thing I can think of is something with the sessions. :| <form action="checkuser.php" method="POST"> <table class="text" border="0" cellspacing="0" cellpadding="2" align="center"> <tr> <td width="80">Username:</td> <td> <input type="text" name="username" id="username" size="16"> </td> </tr> <tr> <td width="80">Password:</td> <td> <input type="password" name="user_pass" id="user_pass" size="16"> </td> </tr> <tr> <td colspan="3"> <div align="center"><br> <input type="submit" name="Submit" value="Login"> </div> </td> </tr> </table> <div align="center"><br> <font size="2" face="Verdana, Arial, Helvetica, sans-serif">Don't have a <b>Username</b> & <b>Password</b>?<br> <br> <a href=# onClick=openBrWindow('register.php','Register','toolbar=no,directories=no,location=no,status=no,menubar=no,scrollbars=no,resizable=no,width=570,height=520')><img src=images/register.gif width=112 height=38 border=0 vspace=0 hspace=8 alt='Register Now!'></a></font><a href="contact.php"><img src="images/contact.jpg" width="112" height="38" hspace="8" border="0"></a> <br> <br> </div> </form> Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted February 10, 2008 Share Posted February 10, 2008 try writing POST in lowercase as the browser migth not like the uppercase. It isn't sessions because its simply the POST Data isn't being sent so thus the page gives index errors which in turn produces output warnings in turn sending headers preventing a header to be modified Quote Link to comment Share on other sites More sharing options...
anbdesigns Posted February 10, 2008 Author Share Posted February 10, 2008 Changing method="POST" to method="post" did not help I'm not getting header errors any more. It's just not setting the $_POST values. Array ( ) You could not be logged in! Your username and/or password were incorrect! Please try again! I've changed the files a bit, so here they are as of now. login.php <form action="checkuser.php" method="post" enctype="text/plain" id="login_form"> <table class="text" border="0" cellspacing="0" cellpadding="2" align="center"> <tr> <td width="80">Username:</td> <td> <input type="text" name="username" id="username" size="16"> </td> </tr> <tr> <td width="80">Password:</td> <td> <input type="password" name="user_pass" id="user_pass" size="16"> </td> </tr> <tr> <td colspan="3"> <div align="center"><br> <input type="submit" name="Submit" value="Login"> </div> </td> </tr> </table> </form> checkuser.php <?php session_start(); // Start Session PRINT_R($_POST); ini_set ("display_errors", "1"); error_reporting(E_ALL); /* Check User Script */ include 'db.php'; // Convert to simple variables if (isset ($_POST['username'])) { $username = $_POST['username']; //more code to test the validity of $userID } else { $username = "1"; //set some default value } if (isset ($_POST['user_pass'])) { $user_pass = $_POST['user_pass']; //more code to test the validity of $userID } else { $user_pass = "1"; //set some default value } // just filled with junk to remove undefined indexes $_POST['fname'] = "1"; $_POST['lname'] = "1"; $_POST['email'] = "1"; $_POST['user_level'] = "1"; if((!$username) || (!$user_pass)){ die("Please enter a username & password! Click <a href='login.php'>here</a> to return to the login page."); exit(); } // Convert password to md5 hash $user_pass = md5($user_pass); // check if the user info validates the db $sql = mysql_query("SELECT * FROM info WHERE username='$username' AND user_pass='$user_pass'"); $login_check = mysql_num_rows($sql); if($login_check > 0){ while($row = mysql_fetch_array($sql)){ foreach( $row AS $key => $val ){ $$key = stripslashes( $val ); } $fname = $_POST['fname']; $lname = $_POST['lname']; $email = $_POST['email']; $user_level = $_POST['user_level']; $_SESSION['username'] = $username; $_SESSION['fname'] = $fname; $_SESSION['lname'] = $lname; $_SESSION['email'] = $email; $_SESSION['user_level'] = $user_level; $_SESSION['user_pass'] = $user_pass; mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'"); header("Location: members.php"); } } else { echo "You could not be logged in! Your username and/or password were incorrect!<br /> Please try again!<br />"; include 'login.php'; } ?> snippet from top of members.php <?php include 'db.php'; if((!$username) || (!$user_pass)){ echo "<center />Please enter Username and Password! <br />"; include 'login.php'; exit(); } ?> Quote Link to comment Share on other sites More sharing options...
GameYin Posted February 10, 2008 Share Posted February 10, 2008 require 'db.php'; require ('db.php'); Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted February 10, 2008 Share Posted February 10, 2008 Remove this - enctype="text/plain" from your form tag. It is incorrect and prevents the form from submitting any data. Quote Link to comment Share on other sites More sharing options...
anbdesigns Posted February 11, 2008 Author Share Posted February 11, 2008 Ok, with enctype removed, it takes me to members.php, but it executes the echo statement. On members.php, I added this but it returns empty: echo $username; I tested, and $_POST values are sent to checkuser.php, they're just getting lost somewhere before going to members.php Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted February 11, 2008 Share Posted February 11, 2008 Your code is dependent on register globals (program variables magically and insecurely get populated from post/get/cookie/session variables.) Use the proper session array reference $_SESSION['username'] instead of $username (repeat for all session variables.) Quote Link to comment Share on other sites More sharing options...
nethnet Posted February 11, 2008 Share Posted February 11, 2008 You're not passing the data along to members.php at all... instead of using header("Location: ..."), why don't you just use include "members.php"; and remove the line include "db.php"; That way you have full access to all the variables you use in checkuser.php Quote Link to comment Share on other sites More sharing options...
anbdesigns Posted February 11, 2008 Author Share Posted February 11, 2008 Ok, that works, but how would I go about getting said data to members.php or other pages? I thought I could do that with a simple login check at the top of each page? Also, I've changed all $variable to $_SESSION['variable'] where I thought appropriate. Much thanks for all the help! Quote Link to comment Share on other sites More sharing options...
nethnet Posted February 11, 2008 Share Posted February 11, 2008 Sorry, I wasn't reading this very carefully.. You have everything set in your $_SESSION variables that you will need on your pages, right? So on a page like members.php where you are checking to see if they are logged in, have this: <?php include 'db.php'; $username = $_SESSION['username']; $user_pass = $_SESSION['user_pass']; if((!$username) || (!$user_pass)){ echo "<center />Please enter Username and Password! <br />"; include 'login.php'; exit(); } ?> A better way would be to have a PHP script with the above code named something like login_check.php, and for any page that you want to make sure the user is logged in, just put this at the top: <?php include "login_check.php"; ?> Theo Quote Link to comment Share on other sites More sharing options...
anbdesigns Posted February 12, 2008 Author Share Posted February 12, 2008 Ok, back to not being logged in on members.php (and other pages). Is header("Location: members.php"); acceptable, seeing as I have the login check on it & the other pages? And is my code correct regarding sessions? <?php session_start(); // Start Session //PRINT_R($_POST); ini_set ("display_errors", "1"); error_reporting(E_ALL); /* Check User Script */ include ('db.php'); // Convert to simple variables if (isset ($_POST['username'])) { $_SESSION['username'] = $_POST['username']; //more code to test the validity of $username } else { $_SESSION['username'] = "user"; //set some default value } if (isset ($_POST['user_pass'])) { $_SESSION['user_pass'] = $_POST['user_pass']; //more code to test the validity of $user_pass } else { $_SESSION['user_pass'] = "pass"; //set some default value } /* if (isset ($_POST['user_level'])) { $_SESSION['user_level'] = $_POST['user_level']; //more code to test the validity of $user_level } else { $_SESSION['user_level'] = "0"; //set some default value } */ if((!$_SESSION['username']) || (!$_SESSION['user_pass'])){ die("Please enter a username & password! Click <a href='login.php'>here</a> to return to the login page."); exit(); } // Convert password to md5 hash $_SESSION['user_pass'] = md5($_SESSION['user_pass']); $username = $_SESSION['username']; $user_pass = $_SESSION['user_pass']; //$user_level = $_SESSION['user_level']; // check if the user info validates the db $sql = mysql_query("SELECT * FROM info WHERE username='$username' AND user_pass='$user_pass'"); $login_check = mysql_num_rows($sql); if($login_check > 0){ while($row = mysql_fetch_array($sql)){ foreach( $row AS $key => $val ){ $$key = stripslashes( $val ); } mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'"); header("Location: members.php"); } } else { echo "You could not be logged in! Your username and/or password were incorrect!<br /> Please try again!<br />"; include 'login.php'; } ?> <?php include("login_check.php"); ?> <?php require ("db.php"); $username = $_SESSION['username']; $user_pass = $_SESSION['user_pass']; if((!$username) || (!$user_pass)){ echo "<center />Please enter Username and Password! <br />"; include 'login.php'; exit(); } ?> Quote Link to comment Share on other sites More sharing options...
anbdesigns Posted February 13, 2008 Author Share Posted February 13, 2008 Solved. How do I mark it as so? I needed session_start(); on the other pages. I was under the impression that the session would continue until terminated. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.