homepage Welcome to WebmasterWorld Guest from 54.197.94.241
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
My login script has stopped working :-(
Jamier101




msg:4318986
 2:06 pm on May 28, 2011 (gmt 0)

I have no idea what I've done to my login script, it was working fine and then all of a sudden its not, I have obviously changed something accidentally but after an hour or so of looking I'll have to admit defeat! I've got the error reporting turned on but Firefox just produces a blank document, I've taken all of the code out and my page renders correctly. Does any one have any ideas pretty, pretty please :-)

login.php
<?php

session_start();

error_reporting(E_ALL|E_STRICT);

// Connect to server and select database.
require_once("connections/connection.php"); // Connection to the server

$tbl_name="users"; // Table name

$userid = $_POST['userid'];
$password = $_POST['password'];
//$submitted = $_POST['submitted'];

if ($userid && $password){
/////////////////////////////////////////////////////////////////////////
$query = sprintf("SELECT * FROM users WHERE username='$userid' and password='$password'");
$result = @mysql_query($query);
$rowAccount = @mysql_fetch_array($result);
/////////////////////////////////////////////////////////////////////////
}

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Input Validations
if($userid == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
echo header("location: login.php");
exit();
}

if($rowAccount) {
if(mysql_num_rows($result) == 1) {
$member = mysql_fetch_assoc($rowAccount);
$_SESSION['ID'] = $member['id'];
$_SESSION['USERNAME'] = $member['username'];
header("location:index.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'Username or Password incorrect ';
$errflag = true;
}
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login.php");
exit();
}
}else {
die("Query failed");
}

?>

<title>Owner Login</title>
</head>

<body>
<div id="user_box">
<?php
if(!isset($_SESSION['ID']) || (trim($_SESSION['id']) == '')) {
header("location: access-denied.php");
exit();
}else{
if(isset($_SESSION['id']) && (!empty($_SESSION['id']))){
echo "<font color='white'>" . 'You are already logged in as '.{$_SESSION['USERNAME']} . "</font>";
echo '<input type="button" name="logout" value="Logout" onclick="document.location.href=\'logout.php\'"/>';
}?>
</div>
</body>
</html>

 

webfoo




msg:4319048
 6:18 pm on May 28, 2011 (gmt 0)

The IF on Line 82 does not have a closing curly brace, and you do not need curly braces around the $_SESSION['USERNAME'] on line 83.

The last few lines should look like this:

<body>
<div id="user_box">
<?php
if(!isset($_SESSION['ID']) || (trim($_SESSION['id']) == '')) {
header("location: access-denied.php");
exit();
} else{
if(isset($_SESSION['id']) && (!empty($_SESSION['id']))){
echo "<font color='white'>" . 'You are already logged in as '. $_SESSION['USERNAME'] . "</font>";
echo '<input type="button" name="logout" value="Logout" onclick="document.location.href=\'logout.php\'"/>';
}
} ?>
</div>
</body>

Jamier101




msg:4319155
 11:39 pm on May 28, 2011 (gmt 0)

When I now run the script I get an error from Firefox:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

to check from browser compatibility issues I also ran it though Safari and got:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

FromBelgium




msg:4319293
 12:40 pm on May 29, 2011 (gmt 0)

What is "echo" doing on this line:
echo header("location: login.php");

agent_x




msg:4319636
 5:17 pm on May 30, 2011 (gmt 0)

It's going into an infinite loop because when first run there is no post data, therefore the MySQL query doesn't get run, therefore it drops through to this code


if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login.php");
exit();


and does the whole thing over again.

Jamier101




msg:4320059
 4:56 pm on May 31, 2011 (gmt 0)

Now I look at it, your right it is going into an infinite loop. Everything seems to be entered correctly though so I'm not sure why it's doing it. I think I'll have another read just encase but this is what I have so far. I don't think its the first piece of code that's actually causing the problem

This bit
<?php
//Start session
session_start();

//Enable error reporting
error_reporting(E_ALL|E_STRICT);

// Connect to server and select database.
require_once("connections/connection.php"); // Connection to the server

$tbl_name="users"; // Table name

$userid = $_POST['userid'];
$password = $_POST['password'];
//$submitted = $_POST['submitted'];

if ($userid && $password){
/////////////////////////////////////////////////////////////////////////
$query = sprintf("SELECT * FROM users WHERE username='$userid' and password='$password'");
$result = mysql_query($query);
$rowAccount = mysql_fetch_array($result);
/////////////////////////////////////////////////////////////////////////
}

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Input Validations
if($userid == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
echo header("location: login.php");
exit();
}

if($rowAccount) {
if(mysql_num_rows($result) == 1) {
$member = mysql_fetch_assoc($rowAccount);
$_SESSION['ID'] = $member['id'];
$_SESSION['USERNAME'] = $member['username'];
header("location:index.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'Username or Password incorrect ';
$errflag = true;
}
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login.php");
exit();
}
}else {
die("Query failed");
}
?>


It merely starts the session and handles the data that's been entered into the form and if this code is removed only the header to the page loads... hummm... I think a cup of tea is needed first!

Jamier101




msg:4320062
 5:01 pm on May 31, 2011 (gmt 0)

The form appears to be correct too:

<form id="form1" name="form1" method="POST" action="<?php $_SERVER['../PHP_SELP'];?>">
<table width="20%" border="1" align="center">
<tr>
<td bgcolor="#FFFFFF">User ID</td>
<td bgcolor="#FFFFFF"><input type="text" name="userid" id="userid" /></td>
</tr>
<tr>
<td bgcolor="#FFFFFF">Password</td>
<td bgcolor="#FFFFFF"><input type="password" name="password" id="password" /></td>
</tr>
<tr>
<td bgcolor="#FFFFFF">&nbsp;
</td>
<td bgcolor="#FFFFFF"><label>
<input name="submitted" type="hidden" id="submitted" value="1" />
<input type="submit" name="button" id="button" value="Submit" />
</label></td>
</tr>
</table>
</form>

Jamier101




msg:4320089
 5:56 pm on May 31, 2011 (gmt 0)

There appears to be two seperate issues here, the first part is infact the validation, if the first being the redirect section:

//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:login.php");
exit();
}


If this is commented out then the query fails which is to be expected:

if($rowAccount) {
if(mysql_num_rows($result) == 1) {
$member = mysql_fetch_assoc($rowAccount);
$_SESSION['ID'] = $member['id'];
$_SESSION['USERNAME'] = $member['username'];
header("location:index.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'Username or password incorrect';
$errflag = true;
}
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:login.php");
exit();
}
}else {
die("Query failed");
}


The only thing I can think is that its running the code before anything been submitted hence its looping round and round.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved