Welcome to WebmasterWorld Guest from 54.167.86.211

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

My login script has stopped working :-(

     
2:06 pm on May 28, 2011 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 11, 2010
posts: 131
votes: 0


I have no idea what I've done to my login script, it was working fine and then all of a sudden its not, I have obviously changed something accidentally but after an hour or so of looking I'll have to admit defeat! I've got the error reporting turned on but Firefox just produces a blank document, I've taken all of the code out and my page renders correctly. Does any one have any ideas pretty, pretty please :-)

login.php
<?php 

session_start();

error_reporting(E_ALL|E_STRICT);

// Connect to server and select database.
require_once("connections/connection.php"); // Connection to the server

$tbl_name="users"; // Table name

$userid = $_POST['userid'];
$password = $_POST['password'];
//$submitted = $_POST['submitted'];

if ($userid && $password){
/////////////////////////////////////////////////////////////////////////
$query = sprintf("SELECT * FROM users WHERE username='$userid' and password='$password'");
$result = @mysql_query($query);
$rowAccount = @mysql_fetch_array($result);
/////////////////////////////////////////////////////////////////////////
}

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Input Validations
if($userid == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
echo header("location: login.php");
exit();
}

if($rowAccount) {
if(mysql_num_rows($result) == 1) {
$member = mysql_fetch_assoc($rowAccount);
$_SESSION['ID'] = $member['id'];
$_SESSION['USERNAME'] = $member['username'];
header("location:index.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'Username or Password incorrect ';
$errflag = true;
}
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login.php");
exit();
}
}else {
die("Query failed");
}

?>

<title>Owner Login</title>
</head>

<body>
<div id="user_box">
<?php
if(!isset($_SESSION['ID']) || (trim($_SESSION['id']) == '')) {
header("location: access-denied.php");
exit();
}else{
if(isset($_SESSION['id']) && (!empty($_SESSION['id']))){
echo "<font color='white'>" . 'You are already logged in as '.{$_SESSION['USERNAME']} . "</font>";
echo '<input type="button" name="logout" value="Logout" onclick="document.location.href=\'logout.php\'"/>';
}?>
</div>
</body>
</html>
6:18 pm on May 28, 2011 (gmt 0)

Full Member

5+ Year Member

joined:Mar 22, 2008
posts: 315
votes: 0


The IF on Line 82 does not have a closing curly brace, and you do not need curly braces around the $_SESSION['USERNAME'] on line 83.

The last few lines should look like this:

<body>
<div id="user_box">
<?php
if(!isset($_SESSION['ID']) || (trim($_SESSION['id']) == '')) {
header("location: access-denied.php");
exit();
} else{
if(isset($_SESSION['id']) && (!empty($_SESSION['id']))){
echo "<font color='white'>" . 'You are already logged in as '. $_SESSION['USERNAME'] . "</font>";
echo '<input type="button" name="logout" value="Logout" onclick="document.location.href=\'logout.php\'"/>';
}
} ?>
</div>
</body>
11:39 pm on May 28, 2011 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 11, 2010
posts: 131
votes: 0


When I now run the script I get an error from Firefox:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

to check from browser compatibility issues I also ran it though Safari and got:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
12:40 pm on May 29, 2011 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 14, 2004
posts:111
votes: 0


What is "echo" doing on this line:
echo header("location: login.php");
5:17 pm on May 30, 2011 (gmt 0)

Junior Member

joined:Apr 27, 2011
posts:96
votes: 0


It's going into an infinite loop because when first run there is no post data, therefore the MySQL query doesn't get run, therefore it drops through to this code


if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login.php");
exit();


and does the whole thing over again.
4:56 pm on May 31, 2011 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 11, 2010
posts: 131
votes: 0


Now I look at it, your right it is going into an infinite loop. Everything seems to be entered correctly though so I'm not sure why it's doing it. I think I'll have another read just encase but this is what I have so far. I don't think its the first piece of code that's actually causing the problem

This bit
<?php 
//Start session
session_start();

//Enable error reporting
error_reporting(E_ALL|E_STRICT);

// Connect to server and select database.
require_once("connections/connection.php"); // Connection to the server

$tbl_name="users"; // Table name

$userid = $_POST['userid'];
$password = $_POST['password'];
//$submitted = $_POST['submitted'];

if ($userid && $password){
/////////////////////////////////////////////////////////////////////////
$query = sprintf("SELECT * FROM users WHERE username='$userid' and password='$password'");
$result = mysql_query($query);
$rowAccount = mysql_fetch_array($result);
/////////////////////////////////////////////////////////////////////////
}

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Input Validations
if($userid == '') {
$errmsg_arr[] = 'Username missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
echo header("location: login.php");
exit();
}

if($rowAccount) {
if(mysql_num_rows($result) == 1) {
$member = mysql_fetch_assoc($rowAccount);
$_SESSION['ID'] = $member['id'];
$_SESSION['USERNAME'] = $member['username'];
header("location:index.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'Username or Password incorrect ';
$errflag = true;
}
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login.php");
exit();
}
}else {
die("Query failed");
}
?>


It merely starts the session and handles the data that's been entered into the form and if this code is removed only the header to the page loads... hummm... I think a cup of tea is needed first!
5:01 pm on May 31, 2011 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 11, 2010
posts: 131
votes: 0


The form appears to be correct too:

<form id="form1" name="form1" method="POST" action="<?php $_SERVER['../PHP_SELP'];?>">
<table width="20%" border="1" align="center">
<tr>
<td bgcolor="#FFFFFF">User ID</td>
<td bgcolor="#FFFFFF"><input type="text" name="userid" id="userid" /></td>
</tr>
<tr>
<td bgcolor="#FFFFFF">Password</td>
<td bgcolor="#FFFFFF"><input type="password" name="password" id="password" /></td>
</tr>
<tr>
<td bgcolor="#FFFFFF">&nbsp;
</td>
<td bgcolor="#FFFFFF"><label>
<input name="submitted" type="hidden" id="submitted" value="1" />
<input type="submit" name="button" id="button" value="Submit" />
</label></td>
</tr>
</table>
</form>
5:56 pm on May 31, 2011 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 11, 2010
posts: 131
votes: 0


There appears to be two seperate issues here, the first part is infact the validation, if the first being the redirect section:

//If there are input validations, redirect back to the login form 
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:login.php");
exit();
}


If this is commented out then the query fails which is to be expected:

if($rowAccount) {
if(mysql_num_rows($result) == 1) {
$member = mysql_fetch_assoc($rowAccount);
$_SESSION['ID'] = $member['id'];
$_SESSION['USERNAME'] = $member['username'];
header("location:index.php");
exit();
}else {
//Login failed
$errmsg_arr[] = 'Username or password incorrect';
$errflag = true;
}
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:login.php");
exit();
}
}else {
die("Query failed");
}


The only thing I can think is that its running the code before anything been submitted hence its looping round and round.