SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Member
    Join Date
    Feb 2009
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Help "Building a Database-Driven Web Site Using PHP and MySQL"

    Hello, I'm new to PHP and I'm reading
    "Building a Database-Driven Web Site Using PHP and MySQL" by Kevin Yank! I was trying to execute the code found in chapter 12, for controlling access to protected pages using php. In particular, I'm referring to the structured code for granting access to the administrator.
    Please, let me post the files as proposed by Kevin Yank.
    The problem is that if I run those script, I can't get access to the protected pages, because I get stuck in the login form! When I submit user and password, either correct or wrong, the browser always reload the login form.
    Maybe the problem is that login and password should be checked in the array $_Session rather then $_POST, but I'm not sure about it.
    Can u help me to manage that plz.
    Thank you!
    Attached Files Attached Files

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Write this at the top of the script which handles the form input (the script indicated by the "action" element on the html form).
    PHP Code:
    <?php

    ini_set
    "display_errors"1);
    error_reporting (E_ALL) ;

    var_dump($_SESSION);
    echo 
    '<hr>';
    var_dump$_POST );
    echo 
    '<hr>';

    ?>
    Take a good look at what is being stored in each variable, look at the source code of the page if that output appears as one long line.

    Comment out each line to slowly get back to where you were.

  3. #3
    SitePoint Member
    Join Date
    Feb 2009
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Cups View Post
    Write this at the top of the script which handles the form input (the script indicated by the "action" element on the html form).
    PHP Code:
    <?php

    ini_set
    "display_errors"1);
    error_reporting (E_ALL) ;

    var_dump($_SESSION);
    echo 
    '<hr>';
    var_dump$_POST );
    echo 
    '<hr>';

    ?>
    Take a good look at what is being stored in each variable, look at the source code of the page if that output appears as one long line.

    Comment out each line to slowly get back to where you were.
    Thank you very much for your help!

    The problem is that the function loggedIn() returns false,
    so the script 'secure_inc_php' keeps on showing the login form. How can I get true from that function? In the code proposed by Yank, a protected page requires secure_inc_php which contains the following lines:

    PHP Code:
    require_once 'access_inc_php';
    if (!
    loggedIn()) {
      include 
    'login_inc_php';
      exit; 
    The required script 'access_inc_php' is:

    PHP Code:
    session_start();

    function 
    loggedIn()
    {
      return isset(
    $_SESSION['authorized']);
    }

    // Process login attempt
    if (isset($_POST['login'])) {
      if (
    $_POST['username'] == ADMIN_USER and
          
    $_POST['password'] == ADMIN_PASS) {
        
    $_SESSION['authorized'] = TRUE;
      }
    }

    // Process logout
    if (isset($_REQUEST['logout'])) {
      unset(
    $_SESSION['authorized']);


    Finally the form is defined in 'login_inc_php':


    <html>
    <head>
    <title>Login Required for Access</title>
    <meta http-equiv="Content-Type"
    content="text/html; charset=iso-8859-1" />
    </head>
    <body>
    <h1>Please log in for access</h1>
    <div>
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <label>User name:
    <input type="text" name="username" /></label><br />
    <label>Password:
    <input type="password" name="password" /></label>
    <input type="submit" value="Log In" />
    </form>
    </div>
    </body>
    </html>

    So loggedIn() never returns true and it keeps on showing the form. Can you explain me why please?

  4. #4
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Why dont you

    var_dump( $_SESSION);

    and work out what is in the session?

    Then fiddle around with this:
    PHP Code:
    // Process login attempt

    if (isset($_POST['login'])) {

      if (
    $_POST['username'] == ADMIN_USER and

          
    $_POST['password'] == ADMIN_PASS) {

        
    $_SESSION['authorized'] = TRUE;

      }


    and force it to return TRUE until you can work out where in the equation this simple code is going wrong.

    Maybe the pass/username you are giving is wrong?

  5. #5
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,508
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    ADMIN_USER
    ADMIN_PASS

    Are you sure you have these constants defined before you call the function?

  6. #6
    SitePoint Member
    Join Date
    Feb 2009
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Grr!It was just a wrong variable name!In fact in the form Yank defines two variables, named username and password! But in processing login attempt he checks the value of a (not existing) variable named 'login' in the $_POST array!!!

    PHP Code:
    // Process login attempt

    if (isset($_POST['login'])) {

      if (
    $_POST['username'] == ADMIN_USER and

          
    $_POST['password'] == ADMIN_PASS) {

        
    $_SESSION['authorized'] = TRUE;

      }


    while the form was

    HTML Code:
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <label>User name:
    <input type="text" name="username" /></label><br />
    <label>Password:
    <input type="password" name="password" /></label>
    <input type="submit" value="Log In" />
    In fact, if I var_dump( $_SESSION) I always get an empty $_SESSION. So no 'login' variable no way to log in!
    Thank you again for your help!

  7. #7
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Yeah, no login. We should have spotted that, still, its better you become familiar with debugging simple scripts yourself. Using var_dump() as you go will reveal a lot of hidden secrets about PHP.

  8. #8
    Non-Member salahsoft's Avatar
    Join Date
    Feb 2009
    Location
    India
    Posts
    89
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    surely var_dump is a good way to test php variables.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •