SitePoint Sponsor

User Tag List

Page 2 of 3 FirstFirst 123 LastLast
Results 26 to 50 of 53
  1. #26
    SitePoint Guru
    Join Date
    Feb 2004
    Location
    Oregon
    Posts
    686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    is this section the very top?
    Code:
    <?php
    session_start(); 
    if ($_SESSION['loggedin'] = 1 )
    echo"Welcome back dear member";
    else
    echo"Welcome. It seems that it is your first visit here";
    ?>
    wha is after it or what are lines 10-16
    success is not by chance, it is by choice.

  2. #27
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Code:
     <?php
    13: session_start(); 
    14: if ($_SESSION['loggedin'] = 1 )
    15: echo"Welcome back dear member";
    16 :else
    17 :echo"Welcome. It seems that it is your first visit here";
    ?>

  3. #28
    SitePoint Guru
    Join Date
    Feb 2004
    Location
    Oregon
    Posts
    686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    session_start() has to be like line: 2

    it will be the line right after <?php

    so session_start() has to go before any output to the browser. that is why you should have it at the very top
    success is not by chance, it is by choice.

  4. #29
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks for the advice

    I will try it asap

  5. #30
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok I got rid of the error message on index.php. However the message is always 'welcome back dear member' as if the session was true. Weird isn't it? And unfortunatly the login.php page doesn't redirect. So here are the full code of the two pages in case someone would feel like spoting my mistakes

    index.php:

    Code:
     <?php
    session_start(); 
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
    <link rel="stylesheet" type="text/css"
    href="style.css" />
    <title>learning css and PHP</title>
    </head>
    <body>
    <div id="container"> 
      <div id="pageHeader"> page header <br />
      
    <?php
    if ($_SESSION['loggedin'] = 1 )
    echo"Welcome back dear member";
    else
    echo"Welcome. It seems that it is your first visit here";
    ?>
      </div>
      <div id="intro"> 
     <div id="nav"> nav left <br />
    <?php
    //Prints something like: Monday
    echo date("l");//Prints something like: Monday 15th of January 2003 05:51:38 AM
    echo date("l dS of F Y h:i:s A");//Prints something like: Monday the 15th
    echo date("l \\t\h\e jS");
    ?>
    <br />
    <br />
    <p>
    <a href="results.php">results</a>
    </p>
     </div>
     <div id="content">
    record:
    <br />
    <form action="record.php" method="POST">
    username: <input type="text" name="username" />
    <br />
    password: <input type="password" name="password" />
    <br />
    <input type="submit" value="send" />
    </form>
    <br />
    login:
    <br />
    <form action="login.php" method="POST">
    username: <input type="text" name="username" />
    <br />
    password: <input type="password" name="password" />
    <br />
    <input type="submit" value="send" />
    </form>
    </div>
      </div>
      <div id="footer"> footer <br />  
      
    <p>
    <?php
    echo "User's IP address: " . $_SERVER["REMOTE_ADDR"];
    ?>
    </p>
      </div>
    </div>
    </body>
    </html>
    login.php:

    Code:
     <?php
    session_start(); 
     // Connect to the database server 
     $dbcnx = @mysql_connect('localhost', 'root', ''); 
     if (!$dbcnx) { 
       die( '<p>Unable to connect to the ' . 
    		'database server at this time.</p>' ); 
     } 
     // Select the huh database 
     if (! @mysql_select_db('firststep') ) { 
       die( '<p>Unable to locate the firststep ' . 
    		'database at this time.</p>' ); 
     } 
    $sql = "SELECT username, password FROM huh WHERE username = '$username' AND password = '$password' LIMIT 0,1"; 
    $result = mysql_query($sql); 
    if ( mysql_num_rows($result) == 1 ) // mysql_num_rows() returns the record count from the query result.  you want one (1) matching record to verify the login was successful. 
    { 
    	 $_SESSION['loggedin'] = 1; // Setting session var 'loggedin' to true 
    } 
    else 
    { 
    	 header('Location:index.php'); // Redirect to login page, as a matching record was not found in the table. 
    	 exit;  // always 'exit' 
    } 
    ?>
    sorry if my code doesn't look good.

    thank you very much for all your help.

    take care.

  6. #31
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,644
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Gaheris explained it on the previous page:



    The login page should have a session_start call at the top.

    PHP:

    // This ...
    if ($_SESSION['loggedin'] = 1 )
    // ... should be
    if ($_SESSION['loggedin'] == 1 )
    // ... or else it would be always true

    Delete any whitespace before the PHP open code (<?php).
    He earned his Member of the Month to listen up to him (and thanks to MoonChild and Sahajin as I've learned a bit about sessions, too)!

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  7. #32
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thank you very much

    I missed the trick.

    I also figured out something by myself
    If the login page only redirects after the "else" statement, in other words if the login is correct there is no redirection. So I have changed a little bit my code to get rid of this problem. Unfortunatly a new error occured:
    Parse error: parse error in c:\phpdev\www\blog\php\login.php on line 24
    PHP Code:
    session_start(); 
     
    // Connect to the database server 
     
    $dbcnx = @mysql_connect('localhost''root'''); 
     if (!
    $dbcnx) { 
       die( 
    '<p>Unable to connect to the ' 
            
    'database server at this time.</p>' ); 
     } 
     
    // Select the huh database 
     
    if (! @mysql_select_db('firststep') ) { 
       die( 
    '<p>Unable to locate the firststep ' 
            
    'database at this time.</p>' ); 
     } 
    $sql "SELECT username, password FROM huh WHERE username = '$username' AND password = '$password' LIMIT 0,1"
    $result mysql_query($sql); 
    if ( 
    mysql_num_rows($result) == // mysql_num_rows() returns the record count from the query result.  you want one (1) matching record to verify the login was successful. 

         
    $_SESSION['loggedin'] = 1// Setting session var 'loggedin' to true 
    }    header('Location:index.php');
     
     
     
     

    else 
    //LINE24

     
     
     
     

         
    header('Location:error.php'); // Redirect to login page, as a matching record was not found in the table. 
         
    exit;  // always 'exit' 


  8. #33
    SitePoint Wizard
    Join Date
    Oct 2001
    Posts
    2,686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi.
    Format your code properly and you'll see the problem.
    This should solve it:
    PHP Code:
    if ( mysql_num_rows($result) == // mysql_num_rows() returns the record count from the query result.  you want one (1) matching record to verify the login was successful. 
    {    
        
    $_SESSION['loggedin'] = 1// Setting session var 'loggedin' to true 
        
    header('Location:index.php');

    else 

        
    header('Location:error.php'); // Redirect to login page, as a matching record was not found in the table. 
        
    exit;  // always 'exit' 

    Edit:

    When the parser/engine return an error message and a line number, you always have to check the lines before (and after) the given number.
    -Helge

  9. #34
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)


    it works now. yippie.

    thank you very much guys. It's just great to be helped like that. thumbs up.

    Expect to see me around in the near future.

    Once again all I can say is thank you for your precious time.

  10. #35
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well it seems that I will keep on asking a few questions. If I enter a bogus login I'm not redirected to the error page but always to the index page.

    PHP Code:
    if ( mysql_num_rows($result) == // mysql_num_rows() returns the record count from the query result.  you want one (1) matching record to verify the login was successful. 
    {     
        
    $_SESSION['loggedin'] = 1// Setting session var 'loggedin' to true 
        
    header('Location:index.php'); 

    else 

        
    header('Location:error.php'); // Redirect to login page, as a matching record was not found in the table. 
        
    exit;  // always 'exit' 

    Code:
    <html> 
    <head> 
    <title>error</title> 
    </head> 
    <body> 
    <p> Here are all the words in our database: </p> 
    <blockquote> 
    <?php 
    
       echo"error"; 
    
    
    ?> 
    </blockquote> 
    </body> 
    </html>
    Thank you for your time and your patience.

  11. #36
    SitePoint Wizard
    Join Date
    Oct 2001
    Posts
    2,686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That means that the mysql_num_rows if-clause always evaluate to true.
    Try this code and see what you get. I've just added some code to output the result from the db:
    PHP Code:
    <?php
    session_start
    ();

    // Connect to the database server
    $dbcnx mysql_connect('localhost''root''')
                 or die(
    '<p>Unable to connect to the database server at this time.<br />Error: ' mysql_error() . '</p>');

    // Select the huh database
    mysql_select_db('firststep')
                 or die(
    '<p>Unable to locate the firststep database at this time.<br />Error: ' mysql_error() . '</p>');


    $sql "SELECT username, password
              FROM huh
             WHERE username = '
    $username'
               AND password = '
    $password'
             LIMIT 0,1"
    ;

    $result mysql_query($sql)
                 or die(
    '<p>Unable to query the firststep database at this time.<br />Error: ' mysql_error() . '</p>');

    $row mysql_fetch_array($result);
    echo 
    '<p>sql: ' $sql '<br />Username: ' $row['username'] , '<br />Password: ' $row['password'] , '</p>';

    if(
    mysql_num_rows($result) == 1// mysql_num_rows() returns the record count from the query result.  you want one (1) matching record to verify the login was successful.
    {
         
    $_SESSION['loggedin'] = 1// Setting session var 'loggedin' to true
         //header('Location:index.php');
         
    exit;
    }
    else
    {
         
    //header('Location:error.php'); // Redirect to login page, as a matching record was not found in the table.
         
    exit;  // always 'exit'
    }
    ?>
    Post the ouput from the script. I've commented out the redirect so you can get the ourput this page produces.

    -Helge

  12. #37
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)


    I am not sure that I understand what you want me to do. Here is the output (I have entered bogus info like '234789dsfhjg'):

    sql: SELECT username, password FROM huh WHERE username = '' AND password = '' LIMIT 0,1
    Username:
    Password:
    Unfortunatly, it still doesn't redirect the page to error.php.

    Thank you again for your time and your energy in helping me Helge.


  13. #38
    SitePoint Wizard
    Join Date
    Oct 2001
    Posts
    2,686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks. That confirmed my assumption.
    Look at the query/sql. Do you see the username/password you entered into the form in that sql? Aren't they supposed to be there?

    Before you think more about the redirect you need to get the variable passed from the form correctly and get the query working.

    Would you like to post the log in form?

    -Helge

  14. #39
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes they are actually... Thanky for pointing it out Helge. You'er a great help.

    Here is the form:
    Code:
    login:
    <br />
    <form action="login.php" method="POST">
    username: <input type="text" name="username" />
    <br />
    password: <input type="password" name="password" />
    <br />
    <input type="submit" value="send" />
    </form>
    if you need something more jst let me know. Thanks a lot.

  15. #40
    SitePoint Enthusiast Mike Perrott's Avatar
    Join Date
    Jun 2003
    Location
    Wales, UK
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I may have missed something along the line, but shouldn't you get the values for username and password into your script from the form by putting
    $username = $_POST['username'];
    $password = $_POST['password'];
    put these lines immediately before the sql statement line

    Mike

  16. #41
    SitePoint Wizard
    Join Date
    Oct 2001
    Posts
    2,686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Paste these three lines into login.php:
    PHP Code:
    // At the very top
    error_reporting(E_ALL);


    // Right before the sql
    $username strip_tags(trim($_POST['username']));
    $password strip_tags(trim($_POST['password'])); 
    Try to log in again now and see what the result is.

    Another thing (that is not directly related to the problem above). I would have added an $_SESSION['loggedin'] = 0; before you redirect to error.php. That is only to make absolutly sure that the person is not logged in when the login fails.

    -Helge

  17. #42
    SitePoint Guru
    Join Date
    Feb 2004
    Location
    Oregon
    Posts
    686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Helge
    Thanks. That confirmed my assumption.
    Look at the query/sql. Do you see the username/password you entered into the form in that sql? Aren't they supposed to be there?

    Before you think more about the redirect you need to get the variable passed from the form correctly and get the query working.

    Would you like to post the log in form?

    -Helge
    that is all good and everything, but if they are empty it still should have went to the error page, unless there is a empty column in the table which is a big security hazard. it still shouldn't have found anything if they are empty.
    success is not by chance, it is by choice.

  18. #43
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First of all, let me thank you all for your support. I really appreciate it. Each one of your posts makes me learn something new.

    I forgot to set a value for the $username var. What a novice mistake. Sahajin, I haven't taken care of the field length yet. So there are empty fields at the moment. But I will correct this as soon as the basic login will work.

    I know I could cut and paste someone else's code but all the mistakes I am making right now are teaching me what to do and what not. Anyways, here is the full script of my login.php page. It still doesn't redirect unfortunatly...
    PHP Code:
    session_start(); 
    error_reporting(E_ALL);

    // Connect to the database server 
    $dbcnx mysql_connect('localhost''root'''
                 or die(
    '<p>Unable to connect to the database server at this time.<br />Error: ' mysql_error() . '</p>'); 

    // Select the huh database 
    mysql_select_db('firststep'
                 or die(
    '<p>Unable to locate the firststep database at this time.<br />Error: ' mysql_error() . '</p>'); 

    $username strip_tags(trim($_POST['username'])); 
    $password strip_tags(trim($_POST['password'])); 

    $sql "SELECT username, password 
              FROM huh 
             WHERE username = '
    $username
               AND password = '
    $password
             LIMIT 0,1"


    $result mysql_query($sql
                 or die(
    '<p>Unable to query the firststep database at this time.<br />Error: ' mysql_error() . '</p>'); 

    $row mysql_fetch_array($result); 

    if(
    mysql_num_rows($result) == 1// mysql_num_rows() returns the record count from the query result.  you want one (1) matching record to verify the login was successful. 

         
    $_SESSION['loggedin'] = 1// Setting session var 'loggedin' to true 
         //header('Location:index.php'); 
         
    exit; 

    else 

         
    $_SESSION['loggedin'] = 0// Setting session var 'loggedin' to true 
         //header('Location:error.php'); // Redirect to login page, as a matching record was not found in the table. 
         
    exit;  // always 'exit' 


  19. #44
    SitePoint Guru
    Join Date
    Feb 2004
    Location
    Oregon
    Posts
    686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what does your form look like?
    success is not by chance, it is by choice.

  20. #45
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Sahajin
    what does your form look like?
    here you go

    Code:
    login:
    <br />
    <form action="login.php" method="POST">
    username: <input type="text" name="username" />
    <br />
    password: <input type="password" name="password" />
    <br />
    <input type="submit" value="send" />
    </form>

  21. #46
    SitePoint Guru
    Join Date
    Feb 2004
    Location
    Oregon
    Posts
    686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sorry, didn't realize that you posted that in the last page.

    do you know if register_globals are OFF or ON? you can find tha tinfo in the phpinfo() page if you have one.
    success is not by chance, it is by choice.

  22. #47
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't know... I will check it. However I can record data. I've done it to record the password/username I am checking.

    But I will check my phpinfo() page.

    Thank you very much for your help.

  23. #48
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    from my phpinfo() page:
    register_globals Off Off
    should it be On?

  24. #49
    SitePoint Wizard
    Join Date
    Oct 2001
    Posts
    2,686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by duuudie
    should it be On?
    No.

    Having Register Globals off makes it's "easier" to write more secure scripts.

    -Helge

  25. #50
    gimme the uuuuuuuuuuu duuudie's Avatar
    Join Date
    Feb 2004
    Location
    Switzerland
    Posts
    2,253
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good thing
    Thank you for your answer Helge.
    So where does the problem with my actual login script come from? I must admit that I am clueless about it....


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •