ardyandkari Posted February 24, 2008 Share Posted February 24, 2008 hello, trying to make a login script work...having problems... i basically dont want a whole bunch of pages, just one...(demo.php) i want the page to call itself when the user logs in. i cant get it to do that...probably a screw up of mine. when i fill in the login form, it does nothing...just reloads the login form... code posted below: <?php session_start(); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Demonstration</title> </head> <body> <?php include "dbconnect.php"?> <?PHP if ((isset($_POST['user'])) || (isset($_POST['pass']))) { $user=$_POST['user']; $pass=$_POST['pass']; $sql="SELECT * FROM login WHERE username='$user' and password='$pass'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("$user"); session_register("$pass"); echo "poop is funny";} else { echo '<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="form1" method="post" action="demo.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="user" type="text" id="user"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="pass" type="text" id="pass"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table>';} ?> </body> </html> please remember that i am a total noob at php...just trying to learn the basics yet...no training. dont rip me apart......please :'( Link to comment https://forums.phpfreaks.com/topic/92733-learning-sessions-stuffconfused/ Share on other sites More sharing options...
paul2463 Posted February 24, 2008 Share Posted February 24, 2008 the problem is that you are missing a semi colon from your include statement which would have caused your sql to throw an error, as you did not have a catch error statement you would never know. try this include "dbconnect.php"; //dont forget the semi colon ! $sql="SELECT * FROM login WHERE username='$user' and password='$pass'"; $result=mysql_query($sql) or die ("Error in query" . mysql_error());// this will throw an error if there is one in the sql Link to comment https://forums.phpfreaks.com/topic/92733-learning-sessions-stuffconfused/#findComment-475119 Share on other sites More sharing options...
schilly Posted February 24, 2008 Share Posted February 24, 2008 Couple things I would try <?php session_start(); include "dbconnect.php"; if ((isset($_POST['user'])) || (isset($_POST['pass']))) { $user=$_POST['user']; $pass=$_POST['pass']; $sql="SELECT * FROM login WHERE username='$user' and password='$pass'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['user'] = $user; $_SESSION['pass'] = $pass; echo "poop is funny";} } // close top if else { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Demonstration</title> </head> <body> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="form1" method="post" action="demo.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="user" type="text" id="user"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="pass" type="text" id="pass"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table> <?php } ?> </body> </html> Is your poop echo showing up? You had a missing } on your initial If statement. Also if you end up putting in a redirect you will need the code at the top before the html like the code above. Also don't store the password in the session unless it's hashed or encrypted somehow. Link to comment https://forums.phpfreaks.com/topic/92733-learning-sessions-stuffconfused/#findComment-475123 Share on other sites More sharing options...
ardyandkari Posted February 24, 2008 Author Share Posted February 24, 2008 thanks to paul who found my dumb mistake...thanks also to schilly who basically re-wrote the script and made it worked perfectly. i added a little bit to your script though...if you input a username/password that did not exist, it would just load a blank page... i added if($count!=1) { echo '<div align="center">INCORRECT USERNAME AND/OR PASSWORD</div> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Demonstration</title> </head> <body> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form name="form1" method="post" action="demo.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="user" type="text" id="user"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="pass" type="text" id="pass"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table>';} after the first count to make the script kick you back to the main login if it didnt find your username/password. now...how do i go about hashing a password??? i will do some reading, but if anyone wants to post an example here that is fine too...thanks so much for your hard work and for helping an idiot do some coding. Link to comment https://forums.phpfreaks.com/topic/92733-learning-sessions-stuffconfused/#findComment-475354 Share on other sites More sharing options...
ardyandkari Posted February 24, 2008 Author Share Posted February 24, 2008 ok...i just decided that i dont care about hashing this password, because it is not protecting anything that needs to be that secure... i would like some information on stopping injection attacks though.... but.....SEARCH FIRST!.....right??? Link to comment https://forums.phpfreaks.com/topic/92733-learning-sessions-stuffconfused/#findComment-475410 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.