Login page problem

ayoubelamine · June 23, 2018, 5:09pm

Hi,
Please, I have some code for a login page i have except it doesn’t seem to be working and by this i mean when i enter a correct username and password and click log in, the form just reloads and stays on the same login page. If anyone could suggest some possible solution that would be great, im quite new to PHP and haven’t had any luck with fixing this so far. Here is my code :

<?php require_once('../Connections/conexao.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?>
<?php 
// *** Validate request to login to this site. 
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['login'])) {
  $loginUsername=$_POST['login'];
  $password=$_POST['senha'];
  $MM_fldUserAuthorization = "id_nivel";
  $MM_redirectLoginSuccess = "base.php";
  $MM_redirectLoginFailed = "index.php";
  $MM_redirecttoReferrer = false;
  
  mysql_select_db($tabela, $con);
  	
  $LoginRS__query=sprintf("SELECT id_usuario, login, senha, id_nivel FROM usuarios WHERE login=%s AND senha=password('$password') AND activo = 1",
  GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $con) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
    
    $loginStrGroup  = mysql_result($LoginRS,0,'id_nivel');
	$loginStrId	  	= mysql_result($LoginRS,0,'id_usuario');
    
    //declare two session variables and assign them
    $_SESSION['MM_Username'] 	= $loginUsername;
    $_SESSION['MM_UserGroup'] 	= $loginStrGroup;
	$_SESSION['MM_UserId'] 		= $loginStrId;	      

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Locbat - Website Management</title>
<link rel="shortcut icon" href="../imagens/empresas/locbat_icon.ico">
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<script type="text/javascript">
function setfocus(){
	document.getElementById('login').focus();
};
</script>
<body onload="setfocus();">
<div id="box">
  
  <div id="header">
     <div id="header_logo">
    </div><!--header logo--> 
    
  </div>
 
  <div id="painel_de_login">
   <div class="alert">
 </div>
   
     <form method="POST" action="<?php echo $loginFormAction; ?>" name="login_erro">
      <fieldset>
        <legend>Efectue a autenticação</legend>
       <label>
         <span>Utilizador</span>
          <input type="text" name="login" id="login" />
        </label>
        
        <label>
         <span>Password</span> 
          <input type="password" name="senha" id="senha" />
        </label>
        
        <input type="submit" name="logar" value="entrare" class="login_btn"/>
        
       </fieldset>
     </form>   
   <span style="color:#FFF; text-align:right" ><a href="forgot_password.php">Esqueci a senha!</a></span>
   </div><!-- Painel de login-->

</div>

</body>
</html>

Gandalf · June 23, 2018, 5:16pm

What version of PHP are you using?

ayoubelamine · June 23, 2018, 5:40pm

Php version used is 5.3.29

droopsnoot · June 23, 2018, 6:28pm

What version of MySQL is it? A note on the password function suggests it has changed and the later version requires a longer column to store the hashed password.

Also it’s only a matter of time before someone points out that you need to stop using the old-style mysql functions because they’re not part of PHP 7, for various reasons.

If you’re relatively new to PHP, is there any reason you are using such an old version of the language?

ayoubelamine · June 23, 2018, 6:41pm

MySQL Version: 10.1.34-MariaDB

I have this file from my customer and i have to resolve this problem

Mittineague · June 23, 2018, 6:44pm

When forms are submitted, where the values go depends on the action attribute value.
$loginFormAction = $_SERVER['PHP_SELF'];

So that part is working as expected.

It looks like you are relying on SESSION values and header() to have different pages load after the form is submitted.

Because session_start was not the first line of the file it seems you should have gotten a “headers already sent” error message, but I suspect that is why those header() lines are not working as you want them to.

ayoubelamine · June 23, 2018, 6:56pm

What i have to do to resolve this ?

Mittineague · June 23, 2018, 7:43pm

http://php.net/manual/en/function.session-start.php

Note:
To use cookie-based sessions, session_start() must be called before outputing anything to the browser.

http://php.net/manual/en/function.header.php

Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include, or require, functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file.

The easiest way to ensure there is no prior output is to have session_start() and header() code at the very beginning of the file.

spaceshiptrooper · June 23, 2018, 7:50pm

Then I would advise you to inform your client that they need to upgrade their PHP version because 5.3 is actually really old. 5.3 was released back in 2009 and the security patch for it has ended a long time ago. Without security patches, you and your customers are at a huge risk. If the host supports higher versions, take advantage of PHP 7 since it will help you in the long run. It is also 10x faster than PHP 5.

As you can see in the picture below, PHP 5.3 isn’t even on the list which means that the end of life for it was long over due. Most likely back in 2014 or earlier.

system · September 23, 2018, 2:50am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.