Login

Hey there,

i spend half the day with writing a login script and i still dont got it the way i want it. The problem here is that i get a blank page whenever i login with a valid account or invalid account information.


<?php
include('/mnt/web1/10/10/52175010/htdocs/XProject/funcs.php');
$funcs = new funcs();

if(isset($_POST['submit']))
{
$account = $funcs->protect($_POST['account']);
$password = $funcs->protect($_POST['password']);
$key = $funcs->protect($_POST['key']);

$connection = mysql_connect(funcs::mysql_host, funcs::mysql_user, funcs::mysql_password);

if (!$connection) {
print('Could not connect: ' . mysql_error());
print('<br/>');
print('<br/>');
$funcs->MYSQLerror_msg("There seems to be an error in MYSQL.");
}

mysql_select_db(funcs::mysql_database);
$query = sprintf("SELECT * FROM ACCOUNTS WHERE Account=".$account.",Password=".$password.",Key=".$key."");


while($result = mysql_query($query)){
if(mysql_num_rows($result)>0) {

session_start();
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;
print('SUccesfully logged in to account!');


}


}



}

else{

exit('Please submit the form first!');


}
?>







Basicaly what i want to do is check for the rowcount, if it is greater than 1 in table ACCOUNTS proceed and assign the variables to $_SESSION.

That's because you're switching up your variables a bit:


<?php

while($result = mysql_query($query)){
if(mysql_num_rows($query)>0) { // <--- Use $query, not $result

session_start();
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;
print('SUccesfully logged in to account!');


}


}

?>
Having said that this method will still not show anything if you've entered wrong account information. In addition the loop will continue to run after the account is found which is inefficient. I propose you go this route:


<?php

while( $row = mysql_fetch_array( $query ) ){ // <-- You need to use mysql_fetch_array to assign your variables. Yours wouldn't work

$account = $row['Account'];
$password = $row['Password'];
$key = $row['Key'];

}

// <-- We don't need the loop anymore
if( mysql_num_rows( $query ) > 0 ){ // <-- Make our variable change

session_start();
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;

die( "Successfully logged in to account!" ); //<-- Die stops the script entirely

}else{ // <-- In the else statement it means we found no valid accounts

die( "Invalid account information" ); // <-- Print a statement saying their info is invalid

}

?>
Hope this helps!

Change while($result = mysql_query($query)){
if(mysql_num_rows($result)>0) {

session_start();
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;
print('SUccesfully logged in to account!');


}
} to
$result = mysql_query($query) or die(mysql_error());

if(mysql_num_rows($result)>0) {
$row=mysql_fetch_array($result);
session_start();
$_SESSION['account'] = $row['Account'];
//$_SESSION['password'] = $password; why using this line?
$_SESSION['key'] = $row['key']; // not sure about the purpose.
print('Succesfully logged in to account!');


}

http://www.codingforums.com/showpost.php?p=617060&postcount=13 may help you to debug.

thanks, this gives me an query syntax error and:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource on line 23

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource on line 32
Invalid account information


<?php
include('/mnt/web1/10/10/52175010/htdocs/XProject/funcs.php');
$funcs = new funcs();

if(isset($_POST['submit']))
{
$account = $funcs->protect($_POST['account']);
$password = $funcs->protect($_POST['password']);
$key = $funcs->protect($_POST['key']);

$connection = mysql_connect(funcs::mysql_host, funcs::mysql_user, funcs::mysql_password);

if (!$connection) {
print('Could not connect: ' . mysql_error());
print('<br/>');
print('<br/>');
$funcs->MYSQLerror_msg("There seems to be an error in MYSQL.");
}

mysql_select_db(funcs::mysql_database);
$query = sprintf("SELECT * FROM ACCOUNTS WHERE Account='$account',Password='$password',Key='$key'");
$result = mysql_query($query) or die(mysql_error());
while( $row = mysql_fetch_array( $query ) ){

$account = $row['Account'];
$password = $row['Password'];
$key = $row['Key'];

}


if( mysql_num_rows( $query ) > 0 ){

session_start();
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;

die( "Successfully logged in to account!" );

}else{

die( "Invalid account information" );

}



}

else{

exit('Please submit the form first!');


}
?>

implies an invalid query

what is sprintf() for on the query?


sprintf

sprintf — Return a formatted string

seems redundant?



mysql_select_db(funcs::mysql_database);
/* */
$query = "SELECT * FROM ACCOUNTS WHERE Account='$account',Password='$password',Key='$key'";

$result = mysql_query($query) or die(mysql_error());

/* and watch the variables ag ain. $result contains the recordset, not query. */

while( $row = mysql_fetch_array( $result) ){

Thanks my bad, &

u have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Password='',Key=''' at line 1

after removing the sprintf, sorry but i dont know whats wrong.

$query = "SELECT * FROM ACCOUNTS WHERE Account='$account',Password='$password',Key='$key'";


didn't really read the query earlier, wrong sql syntax:


$query = "SELECT * FROM ACCOUNTS WHERE Account='$account' AND Password='$password' AND Key='$key'";

Damn im so stupid ofcourse its *AND* thank you!

edit: same error

do this


$query = "SELECT * FROM ACCOUNTS WHERE Account='$account' AND Password='$password' AND Key='$key'";
echo '<p>The query being run is: ' . $query . '</p>';


post results

The query being run is: SELECT * FROM ACCOUNTS WHERE Account='' AND Password='' AND Key=''

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Key=''' at line 1


Wtf it doesnt get the post variables,my login form:

login_form.php

<form action="../XProject/pages/login_process.php" method="post">
Account: <input type="text" name="account" /><br />
Password: <input type="text" name="password" /><br />
Security Key: <input type="text" name="key" /><br />
<input type="submit" name="submit" value="Login" />
</form>


edit:

$funcs->protect


was messing it up lol

The query being run is: SELECT * FROM ACCOUNTS WHERE Account='ada' AND Password='ad' AND Key='ww'

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Key='ww'' at line 1


same thing, protect is removed now though:S

try


$query = "SELECT * FROM ACCOUNTS WHERE `Account` ='$account' AND `Password` ='$password' AND `Key`='$key'";


and i'd also hazard a guess that Password or Key are reserved sql words. which is causing your problem

edit:

confirmed, Key is a reserved word. Try renaming it

double edit: wrapping `key` in ` fixes it

thanks it works, now when the login is succesfull i get:


Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /mnt/web1/10/10/52175010/htdocs/XProject/pages/login_process.php:33) in /mnt/web1/10/10/52175010/htdocs/XProject/pages/login_process.php on line 34

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /mnt/web1/10/10/52175010/htdocs/XProject/pages/login_process.php:33) in /mnt/web1/10/10/52175010/htdocs/XProject/pages/login_process.php on line 34


i always get this error in any php script i ever coded.
unset_session doesnt work.


<?php
include('/mnt/web1/10/10/52175010/htdocs/XProject/funcs.php');
$funcs = new funcs();

if(isset($_POST['submit']))
{
$account = htmlentities($_POST['account'],ENT_QUOTES);
$password = htmlentities($_POST['password'],ENT_QUOTES);
$key = htmlentities($_POST['key'],ENT_QUOTES);

$connection = mysql_connect(funcs::mysql_host, funcs::mysql_user, funcs::mysql_password);

if (!$connection) {
print('Could not connect: ' . mysql_error());
print('<br/>');
print('<br/>');
$funcs->MYSQLerror_msg("There seems to be an error in MYSQL.");
}

mysql_select_db(funcs::mysql_database);
$query = "SELECT * FROM ACCOUNTS WHERE `Account` ='$account' AND `Password` ='$password' AND `Key`='$key'";
$result = mysql_query($query) or die(mysql_error());
while( $row = mysql_fetch_array( $result ) ){

$account = $row['Account'];
$password = $row['Password'];
$key = $row['Key'];

}


if( mysql_num_rows( $result ) > 0 ){
session_save_path("../XProject/temp/");
session_start();
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;

print( "<center>Successfully logged in to account!<br>" );
die('Continue to <a href="../XProject/index.php?x=main"><strong>XProject</strong></a></center>');

}else{

die( "Invalid account information" );

}



}

else{

exit('Please submit the form first!');


}
?>



also the die('Continue to <a href="../XProject/index.php?x=main"><strong>XProject</strong></a></center>');

leads to: ?x=main&PHPSESSID=vcrk7qu5dinnncjk77cgf2gv16 whats with the PHPSESSID i didnt put that in the a href.

session_start needs to go at the *very* top of the page

<?php
session_start();
// everything else

with that done i still get an session error.

have you taken session_start() out from



if( mysql_num_rows( $result ) > 0 ){
session_save_path("../XProject/temp/");
// session_start(); // <-- here
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;

yes i did

<?php
session_save_path("./temp");
session_start();
include('/mnt/web1/10/10/52175010/htdocs/XProject/funcs.php');
$funcs = new funcs();

if(isset($_POST['submit']))
{
$account = htmlentities($_POST['account'],ENT_QUOTES);
$password = htmlentities($_POST['password'],ENT_QUOTES);
$key = htmlentities($_POST['key'],ENT_QUOTES);

$connection = mysql_connect(funcs::mysql_host, funcs::mysql_user, funcs::mysql_password);

if (!$connection) {
print('Could not connect: ' . mysql_error());
print('<br/>');
print('<br/>');
$funcs->MYSQLerror_msg("There seems to be an error in MYSQL.");
}

mysql_select_db(funcs::mysql_database);
$query = "SELECT * FROM ACCOUNTS WHERE `Account` ='$account' AND `Password` ='$password' AND `Key`='$key'";
$result = mysql_query($query) or die(mysql_error());
while( $row = mysql_fetch_array( $result ) ){

$account = $row['Account'];
$password = $row['Password'];
$key = $row['Key'];

}


if( mysql_num_rows( $result ) > 0 ){
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;

print( "<center>Successfully logged in to account!<br>" );
die('Continue to <a href="../index.php?x=main"><strong>XProject</strong></a></center>');

}else{

die( "Invalid account information" );

}



}

else{

exit('Please submit the form first!');


}
?>

<?php
session_start(); // at - the - top
session_save_path("./temp"); // check this path is right ../temp?




and check that "include('/mnt/web1/10/10/52175010/htdocs/XProject/funcs.php')"

doesn't already have session_start in it.

All fixed, by chmodding the dir and setting the right location

<?php

chmod("/mnt/web1/10/10/52175010/htdocs/XProject/temp", 0755);
session_save_path("/mnt/web1/10/10/52175010/htdocs/XProject/temp");
session_start();
include('/mnt/web1/10/10/52175010/htdocs/XProject/funcs.php');
$funcs = new funcs();

if(isset($_POST['submit']))
{
$account = htmlentities($_POST['account'],ENT_QUOTES);
$password = htmlentities($_POST['password'],ENT_QUOTES);
$key = htmlentities($_POST['key'],ENT_QUOTES);

$connection = mysql_connect(funcs::mysql_host, funcs::mysql_user, funcs::mysql_password);

if (!$connection) {
print('Could not connect: ' . mysql_error());
print('<br/>');
print('<br/>');
$funcs->MYSQLerror_msg("There seems to be an error in MYSQL.");
}

mysql_select_db(funcs::mysql_database);
$query = "SELECT * FROM ACCOUNTS WHERE `Account` ='$account' AND `Password` ='$password' AND `Key`='$key'";
$result = mysql_query($query) or die(mysql_error());
while( $row = mysql_fetch_array( $result ) ){

$account = $row['Account'];
$password = $row['Password'];
$key = $row['Key'];

}


if( mysql_num_rows( $result ) > 0 ){
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;

print( "<center>Successfully logged in to account!<br>" );
die('Continue to <a href="../index.php?x=main"><strong>XProject</strong></a></center>');

}else{

die( "Invalid account information" );

}



}

else{

exit('Please submit the form first!');


}
?>


next, main.php always says that i have to login but iam.


<?php

if(!defined('BINARY'))
{

exit('UNAUTHORIZED ACCESS');

}
if(isset($_SESSION['account']))
{


print('<center>Welcome '.$_SESSION["account"].'</center>');


}
else{

die('You are not logged in!');


}

?>

you need to have session_start()at the top of EVERY page you want to access session variables on.

ok thank u. ill try this when i get home in 5 hours.

Thank you everything has been fixed.

That's because you're switching up your variables a bit: