homepage Welcome to WebmasterWorld Guest from 23.20.77.156
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
login/registration page coding
whatson




msg:4442822
 7:02 am on Apr 19, 2012 (gmt 0)

I am fairly new to php coding, and trying to follow a tutorial on generating login for users and creating members.

The code I have generated doesn't generate any errors, but when I try to login with the username and password it does not acknowledge it, nor if I use an incorrect username/password does it tell me they are incorrect. It seems like it is not reading the table, but it connected.

Anyone have any ideas or can refer me to anywhere that can further shed some light on my issue?

 

incrediBILL




msg:4442895
 9:43 am on Apr 19, 2012 (gmt 0)

Share some code so we can see what you're doing and then we can share some insights ;)

whatson




msg:4442929
 10:36 am on Apr 19, 2012 (gmt 0)

Ok, I think this is the page that is causing the problem.

<?php

if (isset($_POST['username'])&&isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];

$password_hash = md5($password);

if (!empty($username)&&!empty($password)) {

$query = "SELECT `id` FROM `users` WHERE `username`=`$username` AND `password`=`$password_hash`";
if ($query_run = mysql_query($query)) {
$query_num_rows = mysql_num_rows($query_run);

if ($query_num_rows==0) {
echo 'Invalid username/password combination.';
} else if ($query_num_rows==1){
$user_id = mysql_result($query_run, 0, 'id');
$_SESSION['user_id']=$user_id;
header('Location: login.php');
}
}

} else {
echo 'You must supply a username and password';
}

}

?>

<form action="<?php echo $current_file; ?>" method="POST">
Username: <input type="text" name="username"> Password: <input type="password" name="password">
<input type="submit" value="log In">
</form>

I can't get it to echo 'Invalid username/password combination.'; or
log in.

enigma1




msg:4442937
 11:20 am on Apr 19, 2012 (gmt 0)

Can you change the if/else for the rows check so it's like:

if (!$query_num_rows) {
echo 'Invalid username/password combination.';
} else {
$user_id = mysql_result($query_run, 0, 'id');
$_SESSION['user_id']=$user_id;
header('Location: login.php');
}

In case you have the same account multiple times. And add an exit after the redirect header.

whatson




msg:4442979
 12:54 pm on Apr 19, 2012 (gmt 0)

That didn't make any difference, I also get the following error
"Notice: Undefined index: HTTP_REFERER in C:\xampp\htdocs\2\databases\login\core-inc.php on line 5"

for:

<?php
ob_start();
session_start();
$current_file = $_SERVER['SCRIPT_NAME'];
$http_referer = $_SERVER['HTTP_REFERER'];

function loggedin() {
if (isset($_SESSION['user_id'])&&!empty($_SESSION['user_id'])) {
return true;
} else {
return false;
}
}


?>

Anyone know what I am doing wrong here. Sorry, I really am quite noob.

enigma1




msg:4442993
 2:10 pm on Apr 19, 2012 (gmt 0)

Maybe you need to post the whole code as the problem could be elsewhere.

If some server variables aren't set you can check that before assignment.

$http_referer = isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'';

whatson




msg:4443162
 9:34 pm on Apr 19, 2012 (gmt 0)

How do I change the settings of my server variables, and how do I want them set?

whatson




msg:4443166
 9:39 pm on Apr 19, 2012 (gmt 0)

And can someone possible show me somewhere I can get the code for a login page.

cffrost2




msg:4443243
 3:10 am on Apr 20, 2012 (gmt 0)

Hi. Looking over your code, it looks like you have a good start. I wouldn't give up on it yet. I usually echo things as I write code to make sure the variables are being passed correctly. And try using mysql_error() after you do a query so you can trouble shoot bad queries.

$query_run = mysql_query($query)or die(mysql_error());
If($query_run)
{ do something }
//echo the $user_id and the $query_num_rows to make sure they are being set.
$user_id = mysql_result($query,0);//no need to specify the 'id' as you already did that in the query.
echo $user_id;//if it's empty, something above that line is broken.
echo 'User id: '.$user_id;

Hope this helps.

rowtc2




msg:4443301
 8:35 am on Apr 20, 2012 (gmt 0)

Do not forget to filter what user are typing to not be hacked. For example this is a function (includes multiple PHP functions).

// my function
function MyCustomizedFunction($string){
$string = substr($string,0,40); // cut the number of characters
$string = strip_tags($string); // get rid of html,php code that may be malicious
$string = htmlentities($string); // convert symbols that may be malicious
$string = htmlentities($string,ENT_QUOTES);
$string = mysql_real_escape_string($string);
return $string;
}


// here i use the function that i have built
$password = MyCustomizedFunction($_POST['password']);

whatson




msg:4443339
 10:41 am on Apr 20, 2012 (gmt 0)

Thanks a lot, for hacking I have done the following:

$query = "INSERT INTO `users` VALUES ('','".mysql_real_escape_string($username)."', '".mysql_real_escape_string($password_hash)."','".mysql_real_escape_string($firstname)."', '".mysql_real_escape_string($surname)."')";

adding the real_escape_string, will that be enough? I also limited the characters with php and the html form.

[edited by: eelixduppy at 12:50 pm (utc) on Apr 20, 2012]
[edit reason] fixed side scroll [/edit]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved