SitePoint Sponsor

User Tag List

Page 1 of 3 123 LastLast
Results 1 to 25 of 59

Thread: Login

  1. #1
    designer
    Join Date
    Dec 2004
    Location
    Over the hill and through the woods...
    Posts
    306
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Login

    Ok, so I built this MySQL based login file, from scratch. It connects to the database and fetches data from the tables. Everything works except it always defaults to your login has failed. Could anyone help me fix this? Thanks.

    Code for login.php:

    PHP Code:
    <?php

    //FORM DATA
    $user2 Trim($_POST[user]);
    $pass Trim($_POST[pass]);

    //MySQL Data
    require("util.php");
    $sql = new MySQL_class;
    $sql->Create("demiur_helpdesk");

    //check users
    if ($users != "") {
        
    $sql->Query("select users from helpdesk");
        for (
    $i 0$i $sql->rows$i++) {
            if (
    $exists == "1") {
                break;
            }
            
    $sql->Fetch($i);
            
    $users $sql->data[0];
            if (
    $user2 == $users) {
            
    $exists "1";
            }
            if (
    $user2 != $users) {
            
    $exists "0";
            }
            if(
    $exists == "0"){
             
    header("Location: index.php?login=false");
            exit;
            } else {
            
    header("Location:index.php?login=false");
            }
        }
    }

    //check password
    $sql->Query("select pass from helpdesk");
        for (
    $i 0$i $sql->rows$i++) {
            
    $sql->Fetch($i);
            
    $passwd $sql->data[1];
            if (
    $pass == $passwd) {
            
    session_start();
            
    $_SESSION['auth'] == "true";
            
    $_SESSION['user'] = $users;
            
    header("Location: index2.php");
            } else {
            
    header("Location: index.php?login=false");
            }
        }
        
    exit;
    die;

    ?>
    Code for the include, util.php:

    PHP Code:
    <?
    /*
     * Utility routines for MySQL.
     */

    class MySQL_class {
        var 
    $db$id$result$rows$data$a_rows;
        var 
    $user$pass$host;

        
    /* Make sure you change the USERNAME and PASSWORD to your name and
         * password for the DB
         */

        
    function Setup ($user$pass$host$db) {
            
    $this->user $user;
            
    $this->pass $pass;
            
    $this->host $host;
            
    $this->db   $db;
        }

        function 
    Create ($db) {
            if (!
    $this->user) {
                
    # Set this to your default username
                
    $this->user "demiur_helpdesk";
            }
            if (!
    $this->pass) {
                
    # Set this to your default password
                
    $this->pass "me1234";
            }
            if (!
    $this->host) {
                
    # Set this to your default database host
                
    $this->host "localhost";
            }
            if (!
    $this->db && !$db) {
                
    # Set this to your default database
                
    $this->db "demiur_helpdesk";
            } else {
                
    $this->db $db;
        }

            
    $this->id = @mysql_pconnect($this->host$this->user$this->pass) or
                
    MySQL_ErrorMsg("Unable to connect to MySQL server: $this->host : '$SERVER_NAME'");
            
    $this->selectdb($this->db);
        }

        function 
    SelectDB ($db) {
            @
    mysql_select_db($db$this->id) or
                
    MySQL_ErrorMsg ("Unable to select database: $db");
        }

        
    # Use this function is the query will return multiple rows.  Use the Fetch
        # routine to loop through those rows.
        
    function Query ($query) {
            
    $this->result = @mysql_query($query$this->id) or
                
    MySQL_ErrorMsg ("Unable to perform query: $query");
            
    $this->rows = @mysql_num_rows($this->result);
            
    $this->a_rows = @mysql_affected_rows($this->id);
        }

        
    # Use this function if the query will only return a
        # single data element.
        
    function QueryItem ($query) {
            
    $this->result = @mysql_query($query$this->id) or
                
    MySQL_ErrorMsg ("Unable to perform query: $query");
            
    $this->rows = @mysql_num_rows($this->result);
            
    $this->a_rows = @mysql_affected_rows($this->id);
            
    $this->data = @mysql_fetch_array($this->result) or
                
    MySQL_ErrorMsg ("Unable to fetch data from query: $query");
            return(
    $this->data[0]);
        }

        
    # This function is useful if the query will only return a
        # single row.
        
    function QueryRow ($query) {
            
    $this->result = @mysql_query($query$this->id) or
                
    MySQL_ErrorMsg ("Unable to perform query: $query");
            
    $this->rows = @mysql_num_rows($this->result);
            
    $this->a_rows = @mysql_affected_rows($this->id);
            
    $this->data = @mysql_fetch_array($this->result) or
                
    MySQL_ErrorMsg ("Unable to fetch data from query: $query");
            return(
    $this->data);
        }

        function 
    Fetch ($row) {
            @
    mysql_data_seek($this->result$row) or
                
    MySQL_ErrorMsg ("Unable to seek data row: $row");
            
    $this->data = @mysql_fetch_array($this->result) or
                
    MySQL_ErrorMsg ("Unable to fetch row: $row");
        }

        function 
    Insert ($query) {
            
    $this->result = @mysql_query($query$this->id) or
                
    MySQL_ErrorMsg ("Unable to perform insert: $query");
            
    $this->a_rows = @mysql_affected_rows($this->id);
        }

        function 
    InsertID () {
            return 
    mysql_insert_id();
        }

        function 
    Update ($query) {
            
    $this->result = @mysql_query($query$this->id) or
                
    MySQL_ErrorMsg ("Unable to perform update: $query");
            
    $this->a_rows = @mysql_affected_rows($this->id);
        }

        function 
    Delete ($query) {
            
    $this->result = @mysql_query($query$this->id) or
                
    MySQL_ErrorMsg ("Unable to perform Delete: $query");
            
    $this->a_rows = @mysql_affected_rows($this->id);
        }
    }

    /* ********************************************************************
     * MySQL_ErrorMsg
     *
     * Print out an MySQL error message
     *
     */

    function MySQL_ErrorMsg ($msg) {
        
    # Close out a bunch of HTML constructs which might prevent
        # the HTML page from displaying the error text.
        
    echo("</ul></dl></ol>\n");
        echo(
    "</table></script>\n");

        
    # Display the error message
        
    $text  "<font color=\"#ff0000\" size=+2><p>Error: $msg :";
        
    $text .= mysql_error();
        
    $text .= "</font>\n";
        die(
    $text);
    }
    ?>
    If anyone could fix this, it would be most appreciated. Thanks!

  2. #2
    SitePoint Addict
    Join Date
    Jun 2005
    Posts
    294
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well...with all the this-> stuff...It gets a bit confusing. Could probably take those out and leave just the value it's pointing to..

    IE: $this -> id could just be $id. I dunno...That's just my personal opinion.

  3. #3
    designer
    Join Date
    Dec 2004
    Location
    Over the hill and through the woods...
    Posts
    306
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nope. Sorry, -> is definately not the problem. My guess is it lies in my password validation section.

  4. #4
    SitePoint Addict
    Join Date
    Jun 2005
    Posts
    294
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Actually...I think it is the problem...I don't think you have have special characters inside a variable....I would suggest just trying it...taking ALL of the $this-> stuff out.

  5. #5
    designer
    Join Date
    Dec 2004
    Location
    Over the hill and through the woods...
    Posts
    306
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I tried it. It didn't fix the problem. Thanks for the help, but I swear to god the problem is in the password validation.

  6. #6
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Add some debugging, for example:
    PHP Code:
    echo 'Comparing '.$pass.' with '.$passwd.'<br />';
    if (
    $pass == $passwd) { 
    Put error_reporting(E_ALL); as the first line of the script too.

  7. #7
    SitePoint Addict
    Join Date
    Jun 2005
    Posts
    294
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Lets see..I tried a simple code in of my own to test this $this->stuff
    PHP Code:
    <?php
    $user 
    ="Ben";
    $this->user $user;
    echo 
    $this->user;
    ?>
    It Returned:
    Fatal error: Using $this when not in object context in C:\Program Files\xampp\htdocs\tests\test.php on line 3.

    If I change it to
    PHP Code:
    <?php
    $username 
    ="Ben";
    $user $username;
    echo 
    $user;
    ?>
    It works perfectly

  8. #8
    SitePoint Addict
    Join Date
    Jun 2005
    Posts
    294
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You might want to take out your little @ in front of your MYSQL queries...So that you can see for youself..What exactly the problem is.
    PHP Code:
     $sql->Query("select users from helpdesk"); 
    Shouldn't it be
    PHP Code:
    $sql mysql_query("select users from helpdesk"); 

  9. #9
    designer
    Join Date
    Dec 2004
    Location
    Over the hill and through the woods...
    Posts
    306
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    $this-> is defined in util.php. I do not need to worry about it. But, I ran marks code, and these are my errors.

    Notice: Use of undefined constant user - assumed 'user' in /home/demiur/public_html/demo/helpdesk/login.php on line 6

    Notice: Use of undefined constant pass - assumed 'pass' in /home/demiur/public_html/demo/helpdesk/login.php on line 7

    Notice: Undefined offset: 1 in /home/demiur/public_html/demo/helpdesk/login.php on line 43
    Comparing me1234 with

    Warning: Cannot modify header information - headers already sent by (output started at /home/demiur/public_html/demo/helpdesk/login.php:6) in /home/demiur/public_html/demo/helpdesk/login.php on line 51

    Notice: Undefined offset: 1 in /home/demiur/public_html/demo/helpdesk/login.php on line 43
    Comparing me1234 with

    Warning: Cannot modify header information - headers already sent by (output started at /home/demiur/public_html/demo/helpdesk/login.php:6) in /home/demiur/public_html/demo/helpdesk/login.php on line 51
    Honest to god. I have no idea how to fix em.

  10. #10
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Change:
    PHP Code:
    $user2 Trim($_POST[user]);
    $pass Trim($_POST[pass]); 
    to:
    PHP Code:
    $user2 trim($_POST['user']);
    $pass trim($_POST['pass']); 
    Change:
    PHP Code:
    $passwd $sql->data[1]; 
    to:
    PHP Code:
    $passwd $sql->data['pass']; 

  11. #11
    designer
    Join Date
    Dec 2004
    Location
    Over the hill and through the woods...
    Posts
    306
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well. That almost worked.

    Notice: Undefined variable: users in /home/demiur/public_html/demo/helpdesk/login.php on line 21

    Notice: Undefined variable: users in /home/demiur/public_html/demo/helpdesk/login.php on line 24

    Warning: Cannot modify header information - headers already sent by (output started at /home/demiur/public_html/demo/helpdesk/login.php:21) in /home/demiur/public_html/demo/helpdesk/login.php on line 31
    Any ideas?

  12. #12
    SitePoint Addict
    Join Date
    Jun 2005
    Posts
    294
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What are the variables on like 21 and 24?

    Might need a session_start(); at the top of login.php

  13. #13
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    if ($users != "") { 
    Not sure what that's doing there as you never define/set it and $users seems be being set below, so you might not need that block.

    PHP Code:
    $users $sql->data[0]; 
    Change to:
    PHP Code:
    $users $sql->data['users']; 

  14. #14
    SitePoint Addict
    Join Date
    Jun 2005
    Posts
    294
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I will let mark handle it...He's the guru here!! lol

    Mark..maybe you can shoot over to my post...Over at my post and take a look at my problem
    http://www.sitepoint.com/forums/showthread.php?t=306980

  15. #15
    designer
    Join Date
    Dec 2004
    Location
    Over the hill and through the woods...
    Posts
    306
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well. I got a bigger problem. Now it is comparing the password with the value 0.

    Comparing me1234 with 0

    Warning: Cannot modify header information - headers already sent by (output started at /home/demiur/public_html/demo/helpdesk/login.php:40) in /home/demiur/public_html/demo/helpdesk/login.php on line 47
    Comparing me1234 with 0

    Warning: Cannot modify header information - headers already sent by (output started at /home/demiur/public_html/demo/helpdesk/login.php:40) in /home/demiur/public_html/demo/helpdesk/login.php on line 47

  16. #16
    designer
    Join Date
    Dec 2004
    Location
    Over the hill and through the woods...
    Posts
    306
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nvm. That is the sql. I musta somehow input 0 into the password field. :P

  17. #17
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm not sure why you're doing 2 queries, one for user and one for pass and not just doing one query, something like, $sql->Query("SELECT users FROM helpdesk WHERE username='{$_POST['user']}' AND pass='{$_POST['pass']}'");

    You currently seem to be fetching all the users with no WHERE clause .. then all the passwords .. ?

  18. #18
    designer
    Join Date
    Dec 2004
    Location
    Over the hill and through the woods...
    Posts
    306
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Umm. Ok. So, what do I fix to make a where?

    Also, if I input the data into my pass field in sql as a password, and it auto-encrypts as numbers, will the password I type in work?

  19. #19
    SitePoint Addict
    Join Date
    Jun 2005
    Posts
    294
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes...as long as the input field is md5();

    example...
    $pass = md5($_POST['pass']);
    <input type="text" name="pass">

    Will indeed recognize encrypted password...As long as the password on the DB is md5 encrypted...

    If it's not..then change the MD5 to whatever encryption type it is.

  20. #20
    SitePoint Guru mwolfe's Avatar
    Join Date
    Mar 2005
    Posts
    912
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    btw nav3n, you might want to checkout some basic principles of OOP..

    $this->variable is a way to reference a variable within the scope of the class you are in.

    In a class such as
    PHP Code:
    class Foo {

      var 
    $blah;
      var 
    $bar;

      function 
    setbar($val) {
          
    $this->bar $val;
      }

       function 
    setblah($val) {
         
    $this->blah $val;
       }

       function 
    getbar() {
          return 
    $this->bar;
        }

        function 
    getblah() {
           return 
    $this->blah;
        }


    }


    $foobar = new Foo;

    $foobar->setBar("hello");
    $foobar->setBlah("OOP is cool");

    echo 
    $foobar->getBar();
    echo 
    $foobar->getBlah(); 
    now wasnt that pointless. I'm sure you'll find good uses for it though if you learn more about it.

    as far as the original problem.. You probably need to learn SQL, and possibly try some tutorials on php IMHO before tackling this kind of thing..


    a few tips.. you'll need a login form with a text input for username and password input for password, and you'll need to process the request.. it should look something something like this
    PHP Code:

    if (isset($_POST['submit'])) {
     
    $username mysql_escape_string($_POST['username']);
     
    $password md5($_POST['password']);

      
    $query "SELECT users FROM helpdesk  
       WHERE Username = '
    $username' AND password='$password'";
      
    //then do whatever you have to do to fetch that row..
    //the class you are using seems like its making this wayy too difficult
    //but goodluck



    PHP Code:
    $form '
    <form method="post" action="'
    .$_SERVER['PHP_SELF'].'">
    Username <br />
    <input type="text" name="username" />
    <br />Password<br />
    <input type="password" name="password" />
    <br />
    <input type="submit" name="submit" value="login"/>
    </form>'
    ;

    echo 
    $form

  21. #21
    SitePoint Addict
    Join Date
    Jun 2005
    Posts
    294
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Mwolfe...For the explanation on the $this->stuff...I had no idea...

    But this post wasn't posted by myself..I was trying to help that's all..

    Im affraid I made it worse though.

  22. #22
    designer
    Join Date
    Dec 2004
    Location
    Over the hill and through the woods...
    Posts
    306
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hell. This code is so confusing. Ok. I want to switch over to this system like you said

    PHP Code:
    if (isset($_POST['submit'])) {
    $username mysql_escape_string($_POST['username']);
    $password md5($_POST['password']);

      
    $query "SELECT users FROM helpdesk  
       WHERE Username = '
    $username' AND password='$password'";
      
    //then do whatever you have to do to fetch that row..
    //the class you are using seems like its making this wayy too difficult
    //but goodluck



    But waht exactly would I do to fetch those rows? Would my code look like this?

    PHP Code:
    if (isset($_POST['submit'])) {
    $username mysql_escape_string($_POST['username']);
    $password md5($_POST['password']);

      
    $query "SELECT users FROM helpdesk  
       WHERE Username = '
    $username' AND password='$password'";
        for (
    $i 0$i $sql->rows$i++) {
            
    $sql->Fetch($i);
            
    $passwd $sql->data['pass']; 
                    
    $users $sql->data['users']; 
            if (
    $user2 == $users && $pass == $passwd) {
            
    session_start();
            
    $_SESSION['auth'] == "true";
            
    $_SESSION['user'] = $user2;
            
    header("Location: index2.php");
            } else {
            
    header("Location: index.php?login=false");
            }
        } 
    Or would I have to do something else?

  23. #23
    Spacebug Beansprout's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    464
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    //check users
    if ($users != "") {
    $sql->Query("select users from helpdesk");
    for ($i = 0; $i < $sql->rows; $i++) {
    if ($exists == "1") {
    break;
    }
    $sql->Fetch($i);
    $users = $sql->data[0];
    if ($user2 == $users) {
    $exists = "1";
    }
    if ($user2 != $users) {
    $exists = "0";
    }
    if($exists == "0"){
    header("Location: index.php?login=false");
    exit;
    } else {
    header("Location:index.php?login=false");
    }
    }
    }

    //check password
    $sql->Query("select pass from helpdesk");
    for ($i = 0; $i < $sql->rows; $i++) {
    $sql->Fetch($i);
    $passwd = $sql->data[1];
    if ($pass == $passwd) {
    session_start();
    $_SESSION['auth'] == "true";
    $_SESSION['user'] = $users;
    header("Location: index2.php");
    } else {
    header("Location: index.php?login=false");
    }
    }

    exit;
    die;
    Wow, that is quite possibly the most amazing code I've seen

    1) No need to check all the users then all the passwords. Do a WHERE clause, as mentioned above.

    2) Why all those header()s? You're probably getting the output already sent errors because of this bit:

    PHP Code:
            if($exists == "0"){
            
    header("Location: index.php?login=false");
            exit;
            } else {
            
    header("Location:index.php?login=false");
            } 
    You're not exiting after that.

    Change to what mwolfe suggested. Or I think you'll melt the server it's running on

    Your code would need to be something like this:

    PHP Code:
    if (isset($_POST['submit'])) {
    $username mysql_escape_string($_POST['username']);
    $password md5($_POST['password']);

      
    $query "SELECT users FROM helpdesk  
       WHERE Username = '
    $username' AND password='$password'";
    $conn mysql_connect(credentials);
        
    $result mysql_query($sql,$conn);
    if(
    mysql_num_rows($result) != 1) {
    die(
    "Not authed.")
    } else {
            
    session_start();
            
    $_SESSION['auth'] == "true";
            
    $_SESSION['user'] = $user2;
            
    header("Location: index2.php");

    That's very rough, but should give you an idea.
    Thermal Degree - web design with standards! (View our portfolio)
    Vidahost - shared and reseller linux hosting with real support
    Use my free file uploader!
    5.99 .com/net/org/biz/us/name domains; 2.99 .info!

  24. #24
    designer
    Join Date
    Dec 2004
    Location
    Over the hill and through the woods...
    Posts
    306
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am changing it. I was just hoping someone could tell me if my modified code above would work. This being the modified code.

    PHP Code:
    <?php

    $user2 
    trim($_POST['user']);
    $pass md5($_POST['pass']); 

    require(
    "util.php");
    $sql = new MySQL_class;
    $sql->Create("demiur_helpdesk");

    if (isset(
    $_POST['submit'])) {
    $username mysql_escape_string($_POST['username']);
    $password md5($_POST['password']);

      
    $query "SELECT users FROM helpdesk  
       WHERE users = '
    $users' AND pass='$passwd'";
        for (
    $i 0$i $sql->rows$i++) {
            
    $sql->Fetch($i);
            
    $passwd $sql->data['pass'];
            
    $users $sql->data['users'];
            if (
    $user2 == $users && $pass == $passwd) {
            
    session_start();
            
    $_SESSION['auth'] == "true";
            
    $_SESSION['user'] = $user2;
            
    header("Location: index2.php");
            } else {
            
    header("Location: index.php?login=false");
            }
        } 

    ?>
    Btw.

    PHP Code:
     $query "SELECT users FROM helpdesk WHERE users = '$users' AND pass='$passwd'"
    To avoid confusion, users is my username data in the MySQL db and pass is the value of password in the MySQL db.

  25. #25
    Spacebug Beansprout's Avatar
    Join Date
    Oct 2005
    Location
    UK
    Posts
    464
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Refresh, I think you missed my edit

    To avoid confusion, users is my username data in the MySQL db and pass is the value of password in the MySQL db.
    Surely you want to put the user-submitted values in the query, not values from the db?
    PHP Code:
    $user mysql_real_escape_string($_POST['user']);
    $pass md5($_POST['pass']);
    ...
      
    $query "SELECT users FROM helpdesk  
       WHERE users = '
    $user' AND pass='$pass'"
    Because then if there's no matches, you know the user didn't supply the correct combination
    Thermal Degree - web design with standards! (View our portfolio)
    Vidahost - shared and reseller linux hosting with real support
    Use my free file uploader!
    5.99 .com/net/org/biz/us/name domains; 2.99 .info!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •