Welcome to WebmasterWorld Guest from 54.146.174.220

Forum Moderators: coopster & jatar k

My login script has stopped working :-(

   
2:06 pm on May 28, 2011 (gmt 0)



I have no idea what I've done to my login script, it was working fine and then all of a sudden its not, I have obviously changed something accidentally but after an hour or so of looking I'll have to admit defeat! I've got the error reporting turned on but Firefox just produces a blank document, I've taken all of the code out and my page renders correctly. Does any one have any ideas pretty, pretty please :-)

login.php
<?php 

session_start();

error_reporting(E_ALL|E_STRICT);

// Connect to server and select database.
require_once("connections/connection.php"); // Connection to the server

$tbl_name="users"; // Table name

$userid = $_POST['userid'];
$password = $_POST['password'];
//$submitted = $_POST['submitted'];

if ($userid && $password){
/////////////////////////////////////////////////////////////////////////
$query = sprintf("SELECT * FROM users WHERE username='$userid' and password='$password'");
$result = @mysql_query($query);
$rowAccount = @mysql_fetch_array($result);
/////////////////////////////////////////////////////////////////////////
}

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Input Validations
if($userid == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
echo header("location: login.php");
exit();
}

if($rowAccount) {
if(mysql_num_rows($result) == 1) {
$member = mysql_fetch_assoc($rowAccount);
$_SESSION['ID'] = $member['id'];
$_SESSION['USERNAME'] = $member['username'];
header("location:index.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'Username or Password incorrect ';
$errflag = true;
}
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login.php");
exit();
}
}else {
die("Query failed");
}

?>

<title>Owner Login</title>
</head>

<body>
<div id="user_box">
<?php
if(!isset($_SESSION['ID']) || (trim($_SESSION['id']) == '')) {
header("location: access-denied.php");
exit();
}else{
if(isset($_SESSION['id']) && (!empty($_SESSION['id']))){
echo "<font color='white'>" . 'You are already logged in as '.{$_SESSION['USERNAME']} . "</font>";
echo '<input type="button" name="logout" value="Logout" onclick="document.location.href=\'logout.php\'"/>';
}?>
</div>
</body>
</html>
6:18 pm on May 28, 2011 (gmt 0)

5+ Year Member



The IF on Line 82 does not have a closing curly brace, and you do not need curly braces around the $_SESSION['USERNAME'] on line 83.

The last few lines should look like this:

<body>
<div id="user_box">
<?php
if(!isset($_SESSION['ID']) || (trim($_SESSION['id']) == '')) {
header("location: access-denied.php");
exit();
} else{
if(isset($_SESSION['id']) && (!empty($_SESSION['id']))){
echo "<font color='white'>" . 'You are already logged in as '. $_SESSION['USERNAME'] . "</font>";
echo '<input type="button" name="logout" value="Logout" onclick="document.location.href=\'logout.php\'"/>';
}
} ?>
</div>
</body>
11:39 pm on May 28, 2011 (gmt 0)



When I now run the script I get an error from Firefox:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

to check from browser compatibility issues I also ran it though Safari and got:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
12:40 pm on May 29, 2011 (gmt 0)

10+ Year Member



What is "echo" doing on this line:
echo header("location: login.php");
5:17 pm on May 30, 2011 (gmt 0)



It's going into an infinite loop because when first run there is no post data, therefore the MySQL query doesn't get run, therefore it drops through to this code


if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login.php");
exit();


and does the whole thing over again.
4:56 pm on May 31, 2011 (gmt 0)



Now I look at it, your right it is going into an infinite loop. Everything seems to be entered correctly though so I'm not sure why it's doing it. I think I'll have another read just encase but this is what I have so far. I don't think its the first piece of code that's actually causing the problem

This bit
<?php 
//Start session
session_start();

//Enable error reporting
error_reporting(E_ALL|E_STRICT);

// Connect to server and select database.
require_once("connections/connection.php"); // Connection to the server

$tbl_name="users"; // Table name

$userid = $_POST['userid'];
$password = $_POST['password'];
//$submitted = $_POST['submitted'];

if ($userid && $password){
/////////////////////////////////////////////////////////////////////////
$query = sprintf("SELECT * FROM users WHERE username='$userid' and password='$password'");
$result = mysql_query($query);
$rowAccount = mysql_fetch_array($result);
/////////////////////////////////////////////////////////////////////////
}

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Input Validations
if($userid == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
echo header("location: login.php");
exit();
}

if($rowAccount) {
if(mysql_num_rows($result) == 1) {
$member = mysql_fetch_assoc($rowAccount);
$_SESSION['ID'] = $member['id'];
$_SESSION['USERNAME'] = $member['username'];
header("location:index.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'Username or Password incorrect ';
$errflag = true;
}
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login.php");
exit();
}
}else {
die("Query failed");
}
?>


It merely starts the session and handles the data that's been entered into the form and if this code is removed only the header to the page loads... hummm... I think a cup of tea is needed first!
5:01 pm on May 31, 2011 (gmt 0)



The form appears to be correct too:

<form id="form1" name="form1" method="POST" action="<?php $_SERVER['../PHP_SELP'];?>">
<table width="20%" border="1" align="center">
<tr>
<td bgcolor="#FFFFFF">User ID</td>
<td bgcolor="#FFFFFF"><input type="text" name="userid" id="userid" /></td>
</tr>
<tr>
<td bgcolor="#FFFFFF">Password</td>
<td bgcolor="#FFFFFF"><input type="password" name="password" id="password" /></td>
</tr>
<tr>
<td bgcolor="#FFFFFF">&nbsp;
</td>
<td bgcolor="#FFFFFF"><label>
<input name="submitted" type="hidden" id="submitted" value="1" />
<input type="submit" name="button" id="button" value="Submit" />
</label></td>
</tr>
</table>
</form>
5:56 pm on May 31, 2011 (gmt 0)



There appears to be two seperate issues here, the first part is infact the validation, if the first being the redirect section:

//If there are input validations, redirect back to the login form 
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:login.php");
exit();
}


If this is commented out then the query fails which is to be expected:

if($rowAccount) {
if(mysql_num_rows($result) == 1) {
$member = mysql_fetch_assoc($rowAccount);
$_SESSION['ID'] = $member['id'];
$_SESSION['USERNAME'] = $member['username'];
header("location:index.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'Username or password incorrect';
$errflag = true;
}
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:login.php");
exit();
}
}else {
die("Query failed");
}


The only thing I can think is that its running the code before anything been submitted hence its looping round and round.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month