|
-
Apr 18th, 2010, 11:26 PM
#41
Re: login problems
you didn't even change anything :/
possibly because you're trying to set the value of the cookie to a constant that doesn't exist (you need to use strings, as I've mentioned before). this may or may not be a problem.
this is the code that needs to change from using constants to "strings".
PHP Code:
setcookie("ID_my_site", gone, $past);
setcookie("Key_my_site", gone, $past);
setcookie("Admin_my_site", gone, $past);
as for the $errors thing not working -- take it one step at a time. if you don't understand it, don't just throw it into your script and hope it works. it won't. I tried to tell you it was simply an example of a concept; it is not something you could actually use in your script. don't worry about that for now.
-
Apr 19th, 2010, 04:50 AM
#42
Thread Starter
Hyperactive Member
Re: login problems
 Originally Posted by kows
you didn't even change anything :/
PHP Code:
setcookie("ID_my_site", gone, $past);
setcookie("Key_my_site", gone, $past);
setcookie("Admin_my_site", gone, $past);
How?
PHP Code:
setcookie("ID_my_site", "gone", $past);
setcookie("Key_my_site", "gone", $past);
setcookie("Admin_my_site", "gone", $past);
You mean like that?
-
Apr 19th, 2010, 08:02 AM
#43
-
Apr 19th, 2010, 03:46 PM
#44
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by kows
yes.
Didn't work.
-
Apr 19th, 2010, 11:08 PM
#45
Re: login problems
Your script should end after transmitting the Location header. There is no point in sending a response body as well as a redirection header.
The Location header must be an absolute URL.
PHP Code:
<?php
# ...
header('HTTP/1.1 303 See Other');
header('Location: http://example.com/index.php');
?>
You are making it difficult for us to assist you because your responses (such as "Didn't work") are unhelpful. If it does not work, tell us exactly what happens and what you expect to happen instead.
-
Apr 19th, 2010, 11:09 PM
#46
Re: login problems
are you including the logout page in another page, or anything? I don't see any reason for it to not be working. the only thing I can think of offhand is that the domain might be changing (from www.domain.com to domain.com, for example) and this may be causing problems because you're not specifying a domain when you set your cookies. this would mean that some of your links are linking to another subdomain under the same domain name. but it also seems like this may not be the case.
and also what penagate said about the location header!
-
Apr 19th, 2010, 11:22 PM
#47
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by penagate
Your script should end after transmitting the Location header. There is no point in sending a response body as well as a redirection header.
The Location header must be an absolute URL.
PHP Code:
<?php
# ...
header('HTTP/1.1 303 See Other');
header('Location: http://example.com/index.php');
?>
You are making it difficult for us to assist you because your responses (such as "Didn't work") are unhelpful. If it does not work, tell us exactly what happens and what you expect to happen instead.
Oh I see. The logout page is a different page. I thought you would understand when you read the script wrapped with the html tags. What it does is the link is a new page and after logging out redirects to the main index page. But the main index page shows logged in after I attempt to log out.
-
Apr 19th, 2010, 11:58 PM
#48
Re: login problems
Are you using a session? If so, you need to destroy the session as well as delete other cookies.
-
Apr 20th, 2010, 05:58 AM
#49
Addicted Member
Re: login problems
There is alot to read and take in here. I finding the postings informative and interesting so far. I am working on a project at the moment and I was a bit worried when I read Kows quote below.
and lastly, I would suggest that for development you run PHP in a strict environment so that you can easily see any warnings and errors that might be thrown at you -- to not catch some of these would seem like you're running on a production environment.
Could you explain this a bit further please? I want to be sure that I am testing my work properly before I get to the deployment stage. I am using both Xampp and Mamp for my work at the moment and I will upload the final work to a live server later. Am I developing on a strict environment at the moment?
Menre
-
Apr 20th, 2010, 08:27 AM
#50
Re: login problems
I doubt it -- but I've never used either of those and I don't know what they set up for the php.ini file when installing. to run in a strict environment is just to change the value of the error_reporting value in the php.ini file to show all errors. for example, this is what my development machine runs PHP with:
Code:
error_reporting = E_ALL | E_STRICT
this will display all errors (E_ALL) and allow PHP to show you run-time notices that will suggest any changes that should be made to your code to ensure forward-compatibility (E_STRICT).
for example, if I create this PHP file and try to run it:
PHP Code:
<?php echo $myvar; ?>
I get the following message printed out:
Code:
Notice: Undefined variable: myvar in C:\webdev\php\strict.php on line 1
this happens because I haven't initialized my variable before using it, and E_ALL will let me know so.
-
Apr 20th, 2010, 10:17 AM
#51
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by penagate
Are you using a session? If so, you need to destroy the session as well as delete other cookies.
It's not working:
PHP Code:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
/*
session_start();
include("dbconnection.php");
$past = time() - 100;
//this makes the time in the past to destroy the cookie
setcookie("ID_my_site", "gone", $past);
setcookie("Key_my_site", "gone", $past);
setcookie("Admin_my_site", "gone", $past);
*/
header("Location: ../index.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Logout</title>
</head>
<body>
<?php
?>
</body>
</html>
-
Apr 20th, 2010, 07:32 PM
#52
Re: login problems
Look,
Here is an example. I cannot make it much simpler than this. It consists of three files: index.php, login.php, and logout.php.
PHP Code:
<?php
# index.php
session_start();
$logged_in = isset($_SESSION['logged_in']);
?><!DOCTYPE html>
<p>You are <?php if (!$logged_in) echo 'not '?>logged in.</p>
<?php if ($logged_in): ?>
<form action="logout.php" method="POST">
<input type="submit" value="Log out">
</form>
<?php else: ?>
<form action="login.php" method="POST">
<input type="submit" value="Log in">
</form>
<?php endif; ?>
PHP Code:
<?php
# login.php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
session_start();
$_SESSION['logged_in'] = true;
header('HTTP/1.1 303 See Other');
}
header('Location: http://'.$_SERVER['SERVER_NAME'].'/index.php');
?>
PHP Code:
<?php
# logout.php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
session_start();
session_destroy();
header('HTTP/1.1 303 See Other');
}
header('Location: http://'.$_SERVER['SERVER_NAME'].'/index.php');
?>
-
Apr 20th, 2010, 08:50 PM
#53
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by penagate
Look,
Here is an example. I cannot make it much simpler than this. It consists of three files: index.php, login.php, and logout.php.
PHP Code:
<?php
# index.php
session_start();
$logged_in = isset($_SESSION['logged_in']);
?><!DOCTYPE html>
<p>You are <?php if (!$logged_in) echo 'not '?>logged in.</p>
<?php if ($logged_in): ?>
<form action="logout.php" method="POST">
<input type="submit" value="Log out">
</form>
<?php else: ?>
<form action="login.php" method="POST">
<input type="submit" value="Log in">
</form>
<?php endif; ?>
PHP Code:
<?php
# login.php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
session_start();
$_SESSION['logged_in'] = true;
header('HTTP/1.1 303 See Other');
}
header('Location: http://'.$_SERVER['SERVER_NAME'].'/index.php');
?>
PHP Code:
<?php
# logout.php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
session_start();
session_destroy();
header('HTTP/1.1 303 See Other');
}
header('Location: http://'.$_SERVER['SERVER_NAME'].'/index.php');
?>
I'm trying to understand. One's giving me one solution and another's giving me something else.
-
Apr 20th, 2010, 09:09 PM
#54
Re: login problems
I've no idea what you mean by that.
-
Apr 20th, 2010, 09:53 PM
#55
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by penagate
I've no idea what you mean by that.
What's this:
PHP Code:
header('HTTP/1.1 303 See Other');
-
Apr 20th, 2010, 10:23 PM
#56
Re: login problems
The 303 status code instructs the user agent not to cache the response and to follow up the resource specified in the Location header. The reason for redirection after handling a POST request is to avoid the annoying "Do you want to resend the data" message that occurs if the user navigates back then forward or refreshes the page. The 303 redirection means that the page is not cached and so this problem does not occur. You should always use this approach to handling posted data; if not, it is easy for the user to accidentally perform a POST action twice, which can have severe consequences (for example, if that action is to delete some data).
Last edited by penagate; Apr 20th, 2010 at 10:27 PM.
-
Apr 21st, 2010, 03:58 AM
#57
Addicted Member
Re: login problems
Maybe I am running my work in a none strict environment. I followed your explanation to create and run a file, but the error message that I had expected was not displayed. I tried to echo a variable that I did not define and intialize. I was expecting an error message to occure at run time, but none and my other code was printed out successfully. Or am I doing something wrong? In the XAMPP environment that I am working in, I cannot find the php.ini file.
You can see my code below.
Code:
<html>
<head>
<title>Modern Day car dealers</title>
</head>
<body>
<?php
echo "<p>Welcome to Modern Day car dealers!</p>";
?>
<?php
$carsInStock = array("Honda", "Volvo", "Ford", "Toyota");
$prices = array("$23,000", "$34,000", "$36,000", "$22,000");
echo "At Modern Day car dealers, a brand new" . " " . "$carsInStock[3]" . " " .
" car costs only" . " " . "$prices[3].";
echo "<br />";
echo "$decoration"; //I was expecting an error here as it was never declared
?>
<?php echo $myvar; ?> //I lifted this from your post and was also expecting an error
</body>
</html>
When I run the code above, I get the output below.
Code:
Welcome to Modern Day car dealers!
At Modern Day car dealers, a brand new Toyota car costs only $22,000.
-
Apr 21st, 2010, 12:08 PM
#58
Re: login problems
I don't know what XAMPP or any of those package setups use as defaults; you'll just have to find the php.ini file! display_errors and error_reporting needs to be set to display messages, that's all.
-
Apr 21st, 2010, 12:30 PM
#59
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by penagate
The 303 status code instructs the user agent not to cache the response and to follow up the resource specified in the Location header. The reason for redirection after handling a POST request is to avoid the annoying "Do you want to resend the data" message that occurs if the user navigates back then forward or refreshes the page. The 303 redirection means that the page is not cached and so this problem does not occur. You should always use this approach to handling posted data; if not, it is easy for the user to accidentally perform a POST action twice, which can have severe consequences (for example, if that action is to delete some data).
You're code does impress me. I'm wondering if all the if statements in my script necessary:
PHP Code:
session_start();
include("dbconnection.php");
//say goodbye to magic_quotes_gpc! no false security.
/*
$errors = array();
if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['username'])){
$errors[] = "username was empty";
}
if(empty($_POST['password'])){
$errors[] = "password was empty";
}
if(empty($_POST['email'])){
$errors[] = "e-mail was empty";
}
if(count($errors) == 0){*/
//fix magic_quotes_gpc() being on
if(get_magic_quotes_gpc()){
foreach($_GET as $k => $v){
$_GET[$k] = stripslashes($v);
}
foreach($_POST as $k => $v){
$_POST[$k] = stripslashes($v);
}
foreach($_COOKIE as $k => $v){
$_COOKIE[$k] = stripslashes($v);
}
}
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page
$myusername = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$admin = $_COOKIE['Admin_my_site'];
$user = $_COOKIE['User_my_site'];
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'";
$check = mysql_query($sql)or die(mysql_error());
while($info = mysql_fetch_array( $check )){
if($pass == $info['password']){
$writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\"login/member.php\">member's stat</a> <br /><a href=\"login/logout.php\">Logout</a>";
}
}
}
//variable to keep track of whether to show the user the login form or not
$showlogin = true; //we show the form by default, -unless- we know they have logged in
//if the login form is submitted
if (isset($_POST['submit'])){ // if form has been submitted
if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in
$writeemptyfield = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">You did not fill in a required field.</td></tr>";
}// checks it against the database
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$db['username'] = mysql_real_escape_string($_POST['username']);
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".$db['username']."'";
$check = mysql_query($sql) or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
$writeusernoexist = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">That user does not exist in our database.</td></tr>";
}
while($info = mysql_fetch_array( $check )){
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']){
$writewrongpassword = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">Incorrect password, please try again.</td></tr>";
}else{
// if login is ok then we add a cookie
$hour = time() + 3600;
setcookie("ID_my_site", $_POST['username'], $hour);
setcookie("Key_my_site", $_POST['pass'], $hour);
//they are logged in. no need to show the login form
$showlogin = false;
if($_POST["admin"]=="yes"){
setcookie("Admin_my_site", $_POST['admin'], $hour);
}else{
setcookie("User_my_site", $_POST['admin'], $hour);
}
header("Location: ../index.php");
}
}
}
/* }
}*/
$_SESSION['logged_in'] = 1;
-
Apr 21st, 2010, 12:41 PM
#60
Re: login problems
menre - the php.ini file for xampp is located in the "php" directory, in your xampp root (so "C:\xampp\php\", if you installed in the default location on Windows). The file even outlines suggestions for you:
Code:
; Common Values:
; E_ALL & ~E_NOTICE (Show all errors, except for notices and coding standards warnings.)
; E_ALL & ~E_NOTICE | E_STRICT (Show all errors, except for notices)
; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
; E_ALL | E_STRICT (Show all errors, warnings and notices including coding standards.)
; Default Value: E_ALL & ~E_NOTICE
; Development Value: E_ALL | E_STRICT
; Production Value: E_ALL & ~E_DEPRECATED
; http://php.net/error-reporting
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED
Only the last line (the one that's not commented out by a semicolon) is the actual setting.
-
Apr 22nd, 2010, 01:24 AM
#61
Re: login problems
Originally Posted by gilgalbiblewhee
I'm wondering if all the if statements in my script necessary
no, most of them aren't. however, if the if statements in your code are not the problem (which they aren't), then I believe they're serving their purpose. it's up to you to find a more logical, efficient way to handle your data afterward (of course, we're here to provide help with that in the future, too).
-
Apr 22nd, 2010, 01:56 AM
#62
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by kows
no, most of them aren't. however, if the if statements in your code are not the problem (which they aren't), then I believe they're serving their purpose. it's up to you to find a more logical, efficient way to handle your data afterward (of course, we're here to provide help with that in the future, too).
I'm still stuck. Penagate gave the examples. The examples alone work but when I paste my code in it, it doesn't work.
Penagate's version:
PHP Code:
<?php
# index.php
session_start();
$logged_in = isset($_SESSION['logged_in']);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Logout</title>
</head>
<body>
<p>You are <?php if (!$logged_in) echo 'not '?>logged in.</p>
<?php if ($logged_in): ?>
<form action="logout.php" method="POST">
<input type="submit" value="Log out">
</form>
<?php else: ?>
<form action="login.php" method="POST">
<input type="submit" value="Log in">
</form>
<?php endif; ?>
</body>
</html>
PHP Code:
<?php
# login.php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
session_start();
$_SESSION['logged_in'] = true;
header('HTTP/1.1 303 See Other');
}
header('Location: index.php');
?>
PHP Code:
<?php
# logout.php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
session_start();
session_destroy();
header('HTTP/1.1 303 See Other');
}
header('Location: index.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Logout</title>
</head>
<body>
<?php
?>
</body>
</html>
Now my version:
PHP Code:
<?php
# index.php
session_start();
$logged_in = isset($_SESSION['logged_in']);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Logout</title>
</head>
<body>
<p>You are <?php if (!$logged_in) echo 'not '?>logged in.</p>
<?php if ($logged_in): ?>
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="POST">
<span style="float: left; text-align: left; padding: 5px 5px 5px 5px;">
Welcome <span id="myusername"><?php echo $myusername; ?> </span>!<br />
Visit your <a style="text-decoration: none;" href="login/member.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >member's stat</a><br />
<a style="text-decoration: none;" href="login/logout.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >Logout</a>
</span>
</form>
<?php else: ?>
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="POST">
<table border="0">
<tr>
<td>Administrator:</td><td><input type="checkbox" id="adminid" name="admin" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C;" value="no" onClick="if(this.value=='no'){this.value='yes'; document.getElementById('register').style.display = 'none';} else{this.value='no';document.getElementById('register').style.display = 'block';};" /></td>
</tr>
<?php echo $writeemptyfield; ?>
<?php echo $writeusernoexist; ?>
<tr>
<td>Username:</td>
<td><input type="text" name="username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" /></td>
</tr>
<?php echo $writewrongpassword; ?>
<tr>
<td>Password:</td><td><input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" name="pass" id="pass" /></td></tr>
<tr>
<td><a id="register" href="login/register.php" style="float: left; display: block; background-color: #7C7C7C; text-align: left; padding: 0px 0px 0px 5px; width: 80px; height: 20px; text-decoration: none; color: #ffffff; border: 1px solid #7C7C7C; font-weight: bold;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'">Register</a></td><td align="right"><input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Login" /></td>
</tr>
</table>
</form>
<?php endif; ?>
</body>
</html>
The login's the same. And the logout I haven't looked at yet. It's not logging in. It's showing that I haven't logged in.
-
Apr 22nd, 2010, 02:05 AM
#63
Re: login problems
uhh.. that would be because you're missing the most crucial part of that code -- the code that logs you in:
PHP Code:
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$_SESSION['logged_in'] = true;
}
your script is posting to $_SERVER['PHP_SELF'] (which means itself) -- if you are not setting $_SESSION['logged_in'] within that script (which unless you cut it out, you're not), then you're never going to get logged in.
-
Apr 22nd, 2010, 02:08 AM
#64
Re: login problems
Well, you are posting to the same location, but you don't have any code which handles the post request. Just change the form target to login.php.
-
Apr 22nd, 2010, 10:25 AM
#65
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by penagate
Well, you are posting to the same location, but you don't have any code which handles the post request. Just change the form target to login.php.
Ok. That's right. What about the logout then?
PHP Code:
<?php
# logout.php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
session_start();
session_destroy();
header('HTTP/1.1 303 See Other');
}
header('Location: index.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Logout</title>
</head>
<body>
<?php
?>
</body>
</html>
It's not logging out.
Also if I'm going to use the checking in the db table then I will have to copy paste the following within the if statement if ($_SERVER['REQUEST_METHOD'] == 'POST'){ of login.php, right?
PHP Code:
if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['username'])){
$errors[] = "username was empty";
}
if(empty($_POST['password'])){
$errors[] = "password was empty";
}
if(empty($_POST['email'])){
$errors[] = "e-mail was empty";
}
if(count($errors) == 0){*/
//fix magic_quotes_gpc() being on
if(get_magic_quotes_gpc()){
foreach($_GET as $k => $v){
$_GET[$k] = stripslashes($v);
}
foreach($_POST as $k => $v){
$_POST[$k] = stripslashes($v);
}
foreach($_COOKIE as $k => $v){
$_COOKIE[$k] = stripslashes($v);
}
}
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page
$myusername = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$admin = $_COOKIE['Admin_my_site'];
$user = $_COOKIE['User_my_site'];
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'";
$check = mysql_query($sql)or die(mysql_error());
while($info = mysql_fetch_array( $check )){
if($pass == $info['password']){
$writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\"login/member.php\">member's stat</a> <br /><a href=\"login/logout.php\">Logout</a>";
}
}
}
//variable to keep track of whether to show the user the login form or not
$showlogin = true; //we show the form by default, -unless- we know they have logged in
//if the login form is submitted
if (isset($_POST['submit'])){ // if form has been submitted
if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in
$writeemptyfield = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">You did not fill in a required field.</td></tr>";
}// checks it against the database
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$db['username'] = mysql_real_escape_string($_POST['username']);
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".$db['username']."'";
$check = mysql_query($sql) or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
$writeusernoexist = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">That user does not exist in our database.</td></tr>";
}
while($info = mysql_fetch_array( $check )){
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']){
$writewrongpassword = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">Incorrect password, please try again.</td></tr>";
}else{
// if login is ok then we add a cookie
$hour = time() + 3600;
setcookie("ID_my_site", $_POST['username'], $hour);
setcookie("Key_my_site", $_POST['pass'], $hour);
//they are logged in. no need to show the login form
$showlogin = false;
if($_POST["admin"]=="yes"){
setcookie("Admin_my_site", $_POST['admin'], $hour);
}else{
setcookie("User_my_site", $_POST['admin'], $hour);
}
header("Location: login/login.php");
}
}
}
/* }
}*/
Last edited by gilgalbiblewhee; Apr 22nd, 2010 at 10:30 AM.
-
Apr 22nd, 2010, 07:07 PM
#66
Re: login problems
Why have you put that HTML into the log out page? As I said before, you do not need any response body after the redirection headers.
Are you POSTing the log out request as I did in my example?
Also if I'm going to use the checking in the db table then I will have to copy paste the following within the if statement
Yes, correct.
Last edited by penagate; Apr 22nd, 2010 at 07:10 PM.
-
Apr 22nd, 2010, 09:10 PM
#67
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by penagate
Why have you put that HTML into the log out page? As I said before, you do not need any response body after the redirection headers.
Are you POSTing the log out request as I did in my example?
Yes, correct.
Aaaaahh! I learn new things every day. I was using the <a> tag to try to log out.
Last edited by gilgalbiblewhee; Apr 22nd, 2010 at 09:26 PM.
-
Apr 22nd, 2010, 09:22 PM
#68
Re: login problems
As a rule of thumb, use GET for any action which does not change state and POST for those which do.
You should be able to GET all links on a page without consequence.
-
Apr 22nd, 2010, 09:26 PM
#69
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by penagate
As a rule of thumb, use GET for any action which does not change state and POST for those which do.
You should be able to GET all links on a page without consequence.
Something tells me this is not right:
PHP Code:
<?php
# index.php
session_start();
$logged_in = isset($_SESSION['logged_in']);
include("../dbconnection.php");
//say goodbye to magic_quotes_gpc! no false security.
$errors = array();
if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['username'])){
$errors[] = "username was empty";
}
if(empty($_POST['password'])){
$errors[] = "password was empty";
}
if(empty($_POST['email'])){
$errors[] = "e-mail was empty";
}
if(count($errors) == 0){
//fix magic_quotes_gpc() being on
if(get_magic_quotes_gpc()){
foreach($_GET as $k => $v){
$_GET[$k] = stripslashes($v);
}
foreach($_POST as $k => $v){
$_POST[$k] = stripslashes($v);
}
foreach($_COOKIE as $k => $v){
$_COOKIE[$k] = stripslashes($v);
}
}
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page
$myusername = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$admin = $_COOKIE['Admin_my_site'];
$user = $_COOKIE['User_my_site'];
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'";
$check = mysql_query($sql)or die(mysql_error());
while($info = mysql_fetch_array( $check )){
if($pass == $info['password']){
$writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\"login/member.php\">member's stat</a> <br /><a href=\"login/logout.php\">Logout</a>";
}
}
}
//variable to keep track of whether to show the user the login form or not
$showlogin = true; //we show the form by default, -unless- we know they have logged in
//if the login form is submitted
if (isset($_POST['submit'])){ // if form has been submitted
if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in
$writeemptyfield = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">You did not fill in a required field.</td></tr>";
}// checks it against the database
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$db['username'] = mysql_real_escape_string($_POST['username']);
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".$db['username']."'";
$check = mysql_query($sql) or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
$writeusernoexist = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">That user does not exist in our database.</td></tr>";
}
while($info = mysql_fetch_array( $check )){
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']){
$writewrongpassword = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">Incorrect password, please try again.</td></tr>";
}else{
// if login is ok then we add a cookie
$hour = time() + 3600;
setcookie("ID_my_site", $_POST['username'], $hour);
setcookie("Key_my_site", $_POST['pass'], $hour);
//they are logged in. no need to show the login form
$showlogin = false;
if($_POST["admin"]=="yes"){
setcookie("Admin_my_site", $_POST['admin'], $hour);
}else{
setcookie("User_my_site", $_POST['admin'], $hour);
}
header("Location: login/login.php");
}
}
}
}
}
//$_SESSION['logged_in'] = 1;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>
<body>
<?php if ($logged_in): ?>
<form action="<?php echo "logout.php";//$_SERVER['PHP_SELF'];?>" method="POST">
<span style="float: left; text-align: left; padding: 5px 5px 5px 5px;">
Welcome <span id="myusername"><?php echo $myusername; ?> </span>!<br />
Visit your <a style="text-decoration: none;" href="login/member.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >member's stat</a><br />
<input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Logout" />
</span>
</form>
<?php else: ?>
<form action="<?php echo "login.php";//$_SERVER['PHP_SELF'];?>" method="POST">
<table border="0">
<tr>
<td>Administrator:</td><td><input type="checkbox" id="adminid" name="admin" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C;" value="no" onClick="if(this.value=='no'){this.value='yes'; document.getElementById('register').style.display = 'none';} else{this.value='no';document.getElementById('register').style.display = 'block';};" /></td>
</tr>
<?php echo $writeemptyfield; ?>
<?php echo $writeusernoexist; ?>
<tr>
<td>Username:</td>
<td><input type="text" name="username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" /></td>
</tr>
<?php echo $writewrongpassword; ?>
<tr>
<td>Password:</td><td><input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" name="pass" id="pass" /></td></tr>
<tr>
<td><a id="register" href="login/register.php" style="float: left; display: block; background-color: #7C7C7C; text-align: left; padding: 0px 0px 0px 5px; width: 80px; height: 20px; text-decoration: none; color: #ffffff; border: 1px solid #7C7C7C; font-weight: bold;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'">Register</a></td><td align="right"><input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Login" /></td>
</tr>
</table>
</form>
<?php endif; ?>
</body>
</html>
Maybe the top part should be in the login? But then what should be added in the index.php?
-
Apr 22nd, 2010, 10:10 PM
#70
Re: login problems
It looks fine to me. What do you feel is not right about it?
The query code and the HTML could be tidied a little (starting by separating the CSS into its own file) but they are not "wrong" per se.
-
Apr 22nd, 2010, 10:56 PM
#71
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by penagate
It looks fine to me. What do you feel is not right about it?
The query code and the HTML could be tidied a little (starting by separating the CSS into its own file) but they are not "wrong" per se.
It doesn't show the username:
Welcome !
Also when I put a non-existent username it logs in.
Last edited by gilgalbiblewhee; Apr 22nd, 2010 at 11:00 PM.
-
Apr 22nd, 2010, 11:24 PM
#72
Re: login problems
Ah, I didn't read the code carefully enough.
Your login processing logic should be in login.php. The log in example I gave you does not take any parameters.
Did you write that code?
-
Apr 23rd, 2010, 06:19 AM
#73
Addicted Member
Re: login problems
Thanks guys. I have now changed the original php.ini file and it shows errors on a page. The old file has the code below.
Code:
Common Values:
; E_ALL & ~E_NOTICE (Show all errors, except for notices and coding standards warnings.)
; E_ALL & ~E_NOTICE | E_STRICT (Show all errors, except for notices)
; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
; E_ALL | E_STRICT (Show all errors, warnings and notices including coding standards.)
; Default Value: E_ALL & ~E_NOTICE
; Development Value: E_ALL | E_STRICT
; Production Value: E_ALL & ~E_DEPRECATED
; http://php.net/error-reporting
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED
After changing it, the new file looks like what is shown below.
Code:
Common Values:
; E_ALL & ~E_NOTICE (Show all errors, except for notices and coding standards warnings.)
; E_ALL & ~E_NOTICE | E_STRICT (Show all errors, except for notices)
; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
; E_ALL | E_STRICT (Show all errors, warnings and notices including coding standards.)
; Default Value: E_ALL & ~E_NOTICE
; Development Value: E_ALL | E_STRICT
; Production Value: E_ALL & ~E_DEPRECATED
; http://php.net/error-reporting
error_reporting = E_ALL | E_STRICT
And when I previewed my work below,
Code:
<html>
<head>
<title>Modern Day car dealers</title>
</head>
<body>
<?php
echo "<p>Welcome to Modern Day car dealers!</p>";
?>
<?php
$carsInStock = array("Honda", "Volvo", "Ford", "Toyota");
$prices = array("$23,000", "$34,000", "$36,000", "$22,000");
echo "At Modern Day car dealers, a brand new" . " " . "$carsInStock[3]" .
" " . " car costs only" . " " . "$prices[3].";
echo "<br />";
echo "$decoration";
?>
<?php echo $myvar; ?>
</body>
</html>
it shows the information below.
Code:
Welcome to Modern Day car dealers!
At Modern Day car dealers, a brand new Toyota car costs only $22,000.
Notice: Undefined variable: decoration in C:\xampp\htdocs\menre\md.php on line 19
Notice: Undefined variable: myvar in C:\xampp\htdocs\menre\md.php on line 23
-
Apr 23rd, 2010, 03:19 PM
#74
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by penagate
Ah, I didn't read the code carefully enough.
Your login processing logic should be in login.php. The log in example I gave you does not take any parameters.
Did you write that code?
What do you mean write? I used your method with 3 php files: login.php, logout.php and index.php.
I think the checking the $_POST[] should be in the login.php. But then I'm guessing that the index.php page needs to read cookies which the login.php has set right?
PHP Code:
<?php
# index.php
session_start();
$logged_in = isset($_SESSION['logged_in']);
include("../dbconnection.php");
//say goodbye to magic_quotes_gpc! no false security.
$errors = array();
if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['username'])){
$errors[] = "username was empty";
}
if(empty($_POST['password'])){
$errors[] = "password was empty";
}
if(empty($_POST['email'])){
$errors[] = "e-mail was empty";
}
if(count($errors) == 0){
//fix magic_quotes_gpc() being on
if(get_magic_quotes_gpc()){
foreach($_GET as $k => $v){
$_GET[$k] = stripslashes($v);
}
foreach($_POST as $k => $v){
$_POST[$k] = stripslashes($v);
}
foreach($_COOKIE as $k => $v){
$_COOKIE[$k] = stripslashes($v);
}
}
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page
$myusername = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$admin = $_COOKIE['Admin_my_site'];
$user = $_COOKIE['User_my_site'];
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'";
$check = mysql_query($sql)or die(mysql_error());
while($info = mysql_fetch_array( $check )){
if($pass == $info['password']){
$writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\"member.php\">member's stat</a> <br /><a href=\"login/logout.php\">Logout</a>";
}
}
}
//variable to keep track of whether to show the user the login form or not
$showlogin = true; //we show the form by default, -unless- we know they have logged in
//if the login form is submitted
if (isset($_POST['submit'])){ // if form has been submitted
if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in
$writeemptyfield = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">You did not fill in a required field.</td></tr>";
}// checks it against the database
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$db['username'] = mysql_real_escape_string($_POST['username']);
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".$db['username']."'";
$check = mysql_query($sql) or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
$writeusernoexist = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">That user does not exist in our database.</td></tr>";
}
while($info = mysql_fetch_array( $check )){
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']){
$writewrongpassword = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">Incorrect password, please try again.</td></tr>";
}else{
// if login is ok then we add a cookie
$hour = time() + 3600;
setcookie("ID_my_site", $_POST['username'], $hour);
setcookie("Key_my_site", $_POST['pass'], $hour);
//they are logged in. no need to show the login form
$showlogin = false;
if($_POST["admin"]=="yes"){
setcookie("Admin_my_site", $_POST['admin'], $hour);
}else{
setcookie("User_my_site", $_POST['admin'], $hour);
}
header("Location: login.php");
}
}
}
}
}
//$_SESSION['logged_in'] = 1;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>
<body>
<?php if ($logged_in): ?>
<form action="<?php echo "logout.php";//$_SERVER['PHP_SELF'];?>" method="POST">
<span style="float: left; text-align: left; padding: 5px 5px 5px 5px;">
Welcome <span id="myusername"><?php echo $myusername; ?> </span>!<br />
Visit your <a style="text-decoration: none;" href="member.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >member's stat</a><br />
<input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Logout" />
</span>
</form>
<?php else: ?>
<form action="<?php echo "login.php";//$_SERVER['PHP_SELF'];?>" method="POST">
<table border="0">
<tr>
<td>Administrator:</td><td><input type="checkbox" id="adminid" name="admin" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C;" value="no" onClick="if(this.value=='no'){this.value='yes'; document.getElementById('register').style.display = 'none';} else{this.value='no';document.getElementById('register').style.display = 'block';};" /></td>
</tr>
<?php echo $writeemptyfield; ?>
<?php echo $writeusernoexist; ?>
<tr>
<td>Username:</td>
<td><input type="text" name="username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" /></td>
</tr>
<?php echo $writewrongpassword; ?>
<tr>
<td>Password:</td><td><input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" name="pass" id="pass" /></td></tr>
<tr>
<td><a id="register" href="login/register.php" style="float: left; display: block; background-color: #7C7C7C; text-align: left; padding: 0px 0px 0px 5px; width: 80px; height: 20px; text-decoration: none; color: #ffffff; border: 1px solid #7C7C7C; font-weight: bold;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'">Register</a></td><td align="right"><input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Login" /></td>
</tr>
</table>
</form>
<?php endif; ?>
</body>
</html>
PHP Code:
<?php
# login.php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
session_start();
$_SESSION['logged_in'] = true;
header('HTTP/1.1 303 See Other');
}
header('Location: index.php');
?>
PHP Code:
<?php
# logout.php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
session_start();
session_destroy();
header('HTTP/1.1 303 See Other');
}
header('Location: index.php');
?>
-
Apr 29th, 2010, 03:46 PM
#75
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by gilgalbiblewhee
What do you mean write? I used your method with 3 php files: login.php, logout.php and index.php.
I think the checking the $_POST[] should be in the login.php. But then I'm guessing that the index.php page needs to read cookies which the login.php has set right?
PHP Code:
<?php
# index.php
session_start();
$logged_in = isset($_SESSION['logged_in']);
include("../dbconnection.php");
//say goodbye to magic_quotes_gpc! no false security.
$errors = array();
if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['username'])){
$errors[] = "username was empty";
}
if(empty($_POST['password'])){
$errors[] = "password was empty";
}
if(empty($_POST['email'])){
$errors[] = "e-mail was empty";
}
if(count($errors) == 0){
//fix magic_quotes_gpc() being on
if(get_magic_quotes_gpc()){
foreach($_GET as $k => $v){
$_GET[$k] = stripslashes($v);
}
foreach($_POST as $k => $v){
$_POST[$k] = stripslashes($v);
}
foreach($_COOKIE as $k => $v){
$_COOKIE[$k] = stripslashes($v);
}
}
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page
$myusername = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$admin = $_COOKIE['Admin_my_site'];
$user = $_COOKIE['User_my_site'];
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'";
$check = mysql_query($sql)or die(mysql_error());
while($info = mysql_fetch_array( $check )){
if($pass == $info['password']){
$writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\"member.php\">member's stat</a> <br /><a href=\"login/logout.php\">Logout</a>";
}
}
}
//variable to keep track of whether to show the user the login form or not
$showlogin = true; //we show the form by default, -unless- we know they have logged in
//if the login form is submitted
if (isset($_POST['submit'])){ // if form has been submitted
if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in
$writeemptyfield = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">You did not fill in a required field.</td></tr>";
}// checks it against the database
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$db['username'] = mysql_real_escape_string($_POST['username']);
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".$db['username']."'";
$check = mysql_query($sql) or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
$writeusernoexist = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">That user does not exist in our database.</td></tr>";
}
while($info = mysql_fetch_array( $check )){
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']){
$writewrongpassword = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">Incorrect password, please try again.</td></tr>";
}else{
// if login is ok then we add a cookie
$hour = time() + 3600;
setcookie("ID_my_site", $_POST['username'], $hour);
setcookie("Key_my_site", $_POST['pass'], $hour);
//they are logged in. no need to show the login form
$showlogin = false;
if($_POST["admin"]=="yes"){
setcookie("Admin_my_site", $_POST['admin'], $hour);
}else{
setcookie("User_my_site", $_POST['admin'], $hour);
}
header("Location: login.php");
}
}
}
}
}
//$_SESSION['logged_in'] = 1;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>
<body>
<?php if ($logged_in): ?>
<form action="<?php echo "logout.php";//$_SERVER['PHP_SELF'];?>" method="POST">
<span style="float: left; text-align: left; padding: 5px 5px 5px 5px;">
Welcome <span id="myusername"><?php echo $myusername; ?> </span>!<br />
Visit your <a style="text-decoration: none;" href="member.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >member's stat</a><br />
<input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Logout" />
</span>
</form>
<?php else: ?>
<form action="<?php echo "login.php";//$_SERVER['PHP_SELF'];?>" method="POST">
<table border="0">
<tr>
<td>Administrator:</td><td><input type="checkbox" id="adminid" name="admin" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C;" value="no" onClick="if(this.value=='no'){this.value='yes'; document.getElementById('register').style.display = 'none';} else{this.value='no';document.getElementById('register').style.display = 'block';};" /></td>
</tr>
<?php echo $writeemptyfield; ?>
<?php echo $writeusernoexist; ?>
<tr>
<td>Username:</td>
<td><input type="text" name="username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" /></td>
</tr>
<?php echo $writewrongpassword; ?>
<tr>
<td>Password:</td><td><input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" name="pass" id="pass" /></td></tr>
<tr>
<td><a id="register" href="login/register.php" style="float: left; display: block; background-color: #7C7C7C; text-align: left; padding: 0px 0px 0px 5px; width: 80px; height: 20px; text-decoration: none; color: #ffffff; border: 1px solid #7C7C7C; font-weight: bold;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'">Register</a></td><td align="right"><input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Login" /></td>
</tr>
</table>
</form>
<?php endif; ?>
</body>
</html>
PHP Code:
<?php
# login.php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
session_start();
$_SESSION['logged_in'] = true;
header('HTTP/1.1 303 See Other');
}
header('Location: index.php');
?>
PHP Code:
<?php
# logout.php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
session_start();
session_destroy();
header('HTTP/1.1 303 See Other');
}
header('Location: index.php');
?>
So what should I do?
-
Apr 29th, 2010, 07:08 PM
#76
Re: login problems
You need to read my reply again. I have already advised you what to do.
-
May 11th, 2010, 04:50 PM
#77
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by penagate
You need to read my reply again. I have already advised you what to do.
Which post number? I'm not reading all 76 postings. I took a break from this because it's tiring to my eyes.
-
Jun 12th, 2010, 10:16 PM
#78
Thread Starter
Hyperactive Member
Re: login problems
Ok I want to finish this. Why isn't the username showing when I login?
PHP Code:
<?php
# login.php
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
session_start();
$_SESSION['logged_in'] = true;
header('HTTP/1.1 303 See Other');
}
header('Location: index.php');
?>
PHP Code:
<?php
# index.php
session_start();
$logged_in = isset($_SESSION['logged_in']);
include("../dbconnection.php");
//say goodbye to magic_quotes_gpc! no false security.
$errors = array();
if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['username'])){
$errors[] = "username was empty";
}
if(empty($_POST['password'])){
$errors[] = "password was empty";
}
if(empty($_POST['email'])){
$errors[] = "e-mail was empty";
}
if(count($errors) == 0){
//fix magic_quotes_gpc() being on
if(get_magic_quotes_gpc()){
foreach($_GET as $k => $v){
$_GET[$k] = stripslashes($v);
}
foreach($_POST as $k => $v){
$_POST[$k] = stripslashes($v);
}
foreach($_COOKIE as $k => $v){
$_COOKIE[$k] = stripslashes($v);
}
}
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site'])){ //if there is, it logs you in and directs you to the members page
$myusername = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$admin = $_COOKIE['Admin_my_site'];
$user = $_COOKIE['User_my_site'];
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".mysql_real_escape_string($myusername)."'";
$check = mysql_query($sql)or die(mysql_error());
while($info = mysql_fetch_array( $check )){
if($pass == $info['password']){
$writeusername = "Welcome ".$myusername."! <br />Visit your <a href=\"member.php\">member's stat</a> <br /><a href=\"login/logout.php\">Logout</a>";
}
}
}
//variable to keep track of whether to show the user the login form or not
$showlogin = true; //we show the form by default, -unless- we know they have logged in
//if the login form is submitted
if (isset($_POST['submit'])){ // if form has been submitted
if(!$_POST['username'] || !$_POST['pass']) {// makes sure they filled it in
$writeemptyfield = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">You did not fill in a required field.</td></tr>";
}// checks it against the database
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$db['username'] = mysql_real_escape_string($_POST['username']);
$sql = "SELECT * FROM ";
if($admin=="yes"){
$sql .= $dbTable2;
}else{
$sql .= $dbTable;
}
$sql .= " WHERE username = '".$db['username']."'";
$check = mysql_query($sql) or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
$writeusernoexist = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">That user does not exist in our database.</td></tr>";
}
while($info = mysql_fetch_array( $check )){
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']){
$writewrongpassword = "<tr><td colspan=\"2\" style=\"text-align: left; color: red;\">Incorrect password, please try again.</td></tr>";
}else{
// if login is ok then we add a cookie
$hour = time() + 3600;
setcookie("ID_my_site", $_POST['username'], $hour);
setcookie("Key_my_site", $_POST['pass'], $hour);
//they are logged in. no need to show the login form
$showlogin = false;
if($_POST["admin"]=="yes"){
setcookie("Admin_my_site", $_POST['admin'], $hour);
}else{
setcookie("User_my_site", $_POST['admin'], $hour);
}
header("Location: login.php");
}
}
}
}
}
//$_SESSION['logged_in'] = 1;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>
<body>
<?php if ($logged_in): ?>
<form action="<?php echo "logout.php";//$_SERVER['PHP_SELF'];?>" method="POST">
<span style="float: left; text-align: left; padding: 5px 5px 5px 5px;">
Welcome <span id="myusername"><?php echo $writeusername; ?> </span>!<br />
Visit your <a style="text-decoration: none;" href="member.php" onmouseover="this.style.textDecoration='underline';" onmouseout="this.style.textDecoration='none';" >member's stat</a><br />
<input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Logout" />
</span>
</form>
<?php else: ?>
<form action="<?php echo "login.php";//$_SERVER['PHP_SELF'];?>" method="POST">
<table border="0">
<tr>
<td>Administrator:</td><td><input type="checkbox" id="adminid" name="admin" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C;" value="no" onClick="if(this.value=='no'){this.value='yes'; document.getElementById('register').style.display = 'none';} else{this.value='no';document.getElementById('register').style.display = 'block';};" /></td>
</tr>
<?php echo $writeemptyfield; ?>
<?php echo $writeusernoexist; ?>
<tr>
<td>Username:</td>
<td><input type="text" name="username" id="username" style="float: left; border: 1px solid #7C7C7C; font: 9px verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" value="User Name" onBlur="if (this.value == '') this.value = 'User Name';" onFocus="if (this.value == 'User Name') this.value = '';" /></td>
</tr>
<?php echo $writewrongpassword; ?>
<tr>
<td>Password:</td><td><input type="password" style="float: left; border: 1px solid #7C7C7C; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; width: 100px; height: 15px;" name="pass" id="pass" /></td></tr>
<tr>
<td><a id="register" href="login/register.php" style="float: left; display: block; background-color: #7C7C7C; text-align: left; padding: 0px 0px 0px 5px; width: 80px; height: 20px; text-decoration: none; color: #ffffff; border: 1px solid #7C7C7C; font-weight: bold;" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'">Register</a></td><td align="right"><input type="submit" style="float: left; border: 1px solid #7C7C7C; background-color: #7C7C7C; color: #ffffff; font: 9pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; font-weight: bold; width: 100px; height: 20px;" name="submit" onMouseOver="this.style.backgroundColor='#B4B3A9'" onMouseOut="this.style.backgroundColor='#7C7C7C'" value="Login" /></td>
</tr>
</table>
</form>
<?php endif; ?>
</body>
</html>
-
Jun 12th, 2010, 11:07 PM
#79
Re: login problems
in this script? all you do is POST to login.php, where $_SESSION['logged_in'] is set -- then, when you redirect back to index.php, you're not POSTing anymore, so your index.php script doesn't process the login or do any of that stuff.
the problem here is that you have authentication-oriented logic mixed with greeting-logic. once you have authenticated the user (should be done in login.php), you can store the username in the session or something so that you don't need to query the database every time you want it.
login.php should authenticate the login. index.php should greet the user.
-
Jun 13th, 2010, 12:23 AM
#80
Thread Starter
Hyperactive Member
Re: login problems
Originally Posted by kows
in this script? all you do is POST to login.php, where $_SESSION['logged_in'] is set -- then, when you redirect back to index.php, you're not POSTing anymore, so your index.php script doesn't process the login or do any of that stuff.
the problem here is that you have authentication-oriented logic mixed with greeting-logic. once you have authenticated the user (should be done in login.php), you can store the username in the session or something so that you don't need to query the database every time you want it.
login.php should authenticate the login. index.php should greet the user.
I'm trying to echo $sql but nothing shows wherever i put it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote