...

View Full Version : Login



BinaryX
10-11-2009, 04:26 PM
Hey there,

i spend half the day with writing a login script and i still dont got it the way i want it. The problem here is that i get a blank page whenever i login with a valid account or invalid account information.



<?php
include('/mnt/web1/10/10/52175010/htdocs/XProject/funcs.php');
$funcs = new funcs();

if(isset($_POST['submit']))
{
$account = $funcs->protect($_POST['account']);
$password = $funcs->protect($_POST['password']);
$key = $funcs->protect($_POST['key']);

$connection = mysql_connect(funcs::mysql_host, funcs::mysql_user, funcs::mysql_password);

if (!$connection) {
print('Could not connect: ' . mysql_error());
print('<br/>');
print('<br/>');
$funcs->MYSQLerror_msg("There seems to be an error in MYSQL.");
}

mysql_select_db(funcs::mysql_database);
$query = sprintf("SELECT * FROM ACCOUNTS WHERE Account=".$account.",Password=".$password.",Key=".$key."");


while($result = mysql_query($query)){
if(mysql_num_rows($result)>0) {

session_start();
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;
print('SUccesfully logged in to account!');


}


}



}

else{

exit('Please submit the form first!');


}
?>







Basicaly what i want to do is check for the rowcount, if it is greater than 1 in table ACCOUNTS proceed and assign the variables to $_SESSION.

ShaneC
10-11-2009, 04:42 PM
That's because you're switching up your variables a bit:



<?php

while($result = mysql_query($query)){
if(mysql_num_rows($query)>0) { // <--- Use $query, not $result

session_start();
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;
print('SUccesfully logged in to account!');


}


}

?>
Having said that this method will still not show anything if you've entered wrong account information. In addition the loop will continue to run after the account is found which is inefficient. I propose you go this route:



<?php

while( $row = mysql_fetch_array( $query ) ){ // <-- You need to use mysql_fetch_array to assign your variables. Yours wouldn't work

$account = $row['Account'];
$password = $row['Password'];
$key = $row['Key'];

}

// <-- We don't need the loop anymore
if( mysql_num_rows( $query ) > 0 ){ // <-- Make our variable change

session_start();
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;

die( "Successfully logged in to account!" ); //<-- Die stops the script entirely

}else{ // <-- In the else statement it means we found no valid accounts

die( "Invalid account information" ); // <-- Print a statement saying their info is invalid

}

?>
Hope this helps!

abduraooft
10-11-2009, 04:45 PM
Change
while($result = mysql_query($query)){
if(mysql_num_rows($result)>0) {

session_start();
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;
print('SUccesfully logged in to account!');


}
} to

$result = mysql_query($query) or die(mysql_error());

if(mysql_num_rows($result)>0) {
$row=mysql_fetch_array($result);
session_start();
$_SESSION['account'] = $row['Account'];
//$_SESSION['password'] = $password; why using this line?
$_SESSION['key'] = $row['key']; // not sure about the purpose.
print('Succesfully logged in to account!');


}

http://www.codingforums.com/showpost.php?p=617060&postcount=13 may help you to debug.

BinaryX
10-11-2009, 05:51 PM
thanks, this gives me an query syntax error and:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource on line 23

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource on line 32
Invalid account information



<?php
include('/mnt/web1/10/10/52175010/htdocs/XProject/funcs.php');
$funcs = new funcs();

if(isset($_POST['submit']))
{
$account = $funcs->protect($_POST['account']);
$password = $funcs->protect($_POST['password']);
$key = $funcs->protect($_POST['key']);

$connection = mysql_connect(funcs::mysql_host, funcs::mysql_user, funcs::mysql_password);

if (!$connection) {
print('Could not connect: ' . mysql_error());
print('<br/>');
print('<br/>');
$funcs->MYSQLerror_msg("There seems to be an error in MYSQL.");
}

mysql_select_db(funcs::mysql_database);
$query = sprintf("SELECT * FROM ACCOUNTS WHERE Account='$account',Password='$password',Key='$key'");
$result = mysql_query($query) or die(mysql_error());
while( $row = mysql_fetch_array( $query ) ){

$account = $row['Account'];
$password = $row['Password'];
$key = $row['Key'];

}


if( mysql_num_rows( $query ) > 0 ){

session_start();
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;

die( "Successfully logged in to account!" );

}else{

die( "Invalid account information" );

}



}

else{

exit('Please submit the form first!');


}
?>

met
10-11-2009, 06:00 PM
implies an invalid query

what is sprintf() for on the query?


sprintf

sprintf — Return a formatted string

seems redundant?




mysql_select_db(funcs::mysql_database);
/* */
$query = "SELECT * FROM ACCOUNTS WHERE Account='$account',Password='$password',Key='$key'";

$result = mysql_query($query) or die(mysql_error());

/* and watch the variables ag ain. $result contains the recordset, not query. */

while( $row = mysql_fetch_array( $result) ){

BinaryX
10-11-2009, 06:29 PM
Thanks my bad, &


u have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Password='',Key=''' at line 1

after removing the sprintf, sorry but i dont know whats wrong.

met
10-11-2009, 06:35 PM
$query = "SELECT * FROM ACCOUNTS WHERE Account='$account',Password='$password',Key='$key'";


didn't really read the query earlier, wrong sql syntax:



$query = "SELECT * FROM ACCOUNTS WHERE Account='$account' AND Password='$password' AND Key='$key'";

BinaryX
10-11-2009, 06:38 PM
Damn im so stupid ofcourse its *AND* thank you!

edit: same error

met
10-11-2009, 06:40 PM
do this



$query = "SELECT * FROM ACCOUNTS WHERE Account='$account' AND Password='$password' AND Key='$key'";
echo '<p>The query being run is: ' . $query . '</p>';


post results

BinaryX
10-11-2009, 06:52 PM
The query being run is: SELECT * FROM ACCOUNTS WHERE Account='' AND Password='' AND Key=''

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Key=''' at line 1


Wtf it doesnt get the post variables,my login form:

login_form.php


<form action="../XProject/pages/login_process.php" method="post">
Account: <input type="text" name="account" /><br />
Password: <input type="text" name="password" /><br />
Security Key: <input type="text" name="key" /><br />
<input type="submit" name="submit" value="Login" />
</form>


edit:


$funcs->protect


was messing it up lol

BinaryX
10-11-2009, 07:00 PM
The query being run is: SELECT * FROM ACCOUNTS WHERE Account='ada' AND Password='ad' AND Key='ww'

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Key='ww'' at line 1


same thing, protect is removed now though:S

met
10-11-2009, 07:03 PM
try



$query = "SELECT * FROM ACCOUNTS WHERE `Account` ='$account' AND `Password` ='$password' AND `Key`='$key'";


and i'd also hazard a guess that Password or Key are reserved sql words. which is causing your problem

edit:

confirmed, Key is a reserved word. Try renaming it

double edit: wrapping `key` in ` fixes it

BinaryX
10-11-2009, 07:50 PM
thanks it works, now when the login is succesfull i get:



Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /mnt/web1/10/10/52175010/htdocs/XProject/pages/login_process.php:33) in /mnt/web1/10/10/52175010/htdocs/XProject/pages/login_process.php on line 34

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /mnt/web1/10/10/52175010/htdocs/XProject/pages/login_process.php:33) in /mnt/web1/10/10/52175010/htdocs/XProject/pages/login_process.php on line 34


i always get this error in any php script i ever coded.
unset_session doesnt work.



<?php
include('/mnt/web1/10/10/52175010/htdocs/XProject/funcs.php');
$funcs = new funcs();

if(isset($_POST['submit']))
{
$account = htmlentities($_POST['account'],ENT_QUOTES);
$password = htmlentities($_POST['password'],ENT_QUOTES);
$key = htmlentities($_POST['key'],ENT_QUOTES);

$connection = mysql_connect(funcs::mysql_host, funcs::mysql_user, funcs::mysql_password);

if (!$connection) {
print('Could not connect: ' . mysql_error());
print('<br/>');
print('<br/>');
$funcs->MYSQLerror_msg("There seems to be an error in MYSQL.");
}

mysql_select_db(funcs::mysql_database);
$query = "SELECT * FROM ACCOUNTS WHERE `Account` ='$account' AND `Password` ='$password' AND `Key`='$key'";
$result = mysql_query($query) or die(mysql_error());
while( $row = mysql_fetch_array( $result ) ){

$account = $row['Account'];
$password = $row['Password'];
$key = $row['Key'];

}


if( mysql_num_rows( $result ) > 0 ){
session_save_path("../XProject/temp/");
session_start();
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;

print( "<center>Successfully logged in to account!<br>" );
die('Continue to <a href="../XProject/index.php?x=main"><strong>XProject</strong></a></center>');

}else{

die( "Invalid account information" );

}



}

else{

exit('Please submit the form first!');


}
?>



also the
die('Continue to <a href="../XProject/index.php?x=main"><strong>XProject</strong></a></center>');

leads to:
?x=main&PHPSESSID=vcrk7qu5dinnncjk77cgf2gv16 whats with the PHPSESSID i didnt put that in the a href.

met
10-11-2009, 07:54 PM
session_start needs to go at the *very* top of the page


<?php
session_start();
// everything else

BinaryX
10-11-2009, 08:06 PM
with that done i still get an session error.

met
10-11-2009, 08:20 PM
have you taken session_start() out from




if( mysql_num_rows( $result ) > 0 ){
session_save_path("../XProject/temp/");
// session_start(); // <-- here
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;

BinaryX
10-11-2009, 09:30 PM
yes i did


<?php
session_save_path("./temp");
session_start();
include('/mnt/web1/10/10/52175010/htdocs/XProject/funcs.php');
$funcs = new funcs();

if(isset($_POST['submit']))
{
$account = htmlentities($_POST['account'],ENT_QUOTES);
$password = htmlentities($_POST['password'],ENT_QUOTES);
$key = htmlentities($_POST['key'],ENT_QUOTES);

$connection = mysql_connect(funcs::mysql_host, funcs::mysql_user, funcs::mysql_password);

if (!$connection) {
print('Could not connect: ' . mysql_error());
print('<br/>');
print('<br/>');
$funcs->MYSQLerror_msg("There seems to be an error in MYSQL.");
}

mysql_select_db(funcs::mysql_database);
$query = "SELECT * FROM ACCOUNTS WHERE `Account` ='$account' AND `Password` ='$password' AND `Key`='$key'";
$result = mysql_query($query) or die(mysql_error());
while( $row = mysql_fetch_array( $result ) ){

$account = $row['Account'];
$password = $row['Password'];
$key = $row['Key'];

}


if( mysql_num_rows( $result ) > 0 ){
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;

print( "<center>Successfully logged in to account!<br>" );
die('Continue to <a href="../index.php?x=main"><strong>XProject</strong></a></center>');

}else{

die( "Invalid account information" );

}



}

else{

exit('Please submit the form first!');


}
?>

met
10-11-2009, 09:41 PM
<?php
session_start(); // at - the - top
session_save_path("./temp"); // check this path is right ../temp?




and check that "include('/mnt/web1/10/10/52175010/htdocs/XProject/funcs.php')"

doesn't already have session_start in it.

BinaryX
10-11-2009, 09:45 PM
All fixed, by chmodding the dir and setting the right location


<?php

chmod("/mnt/web1/10/10/52175010/htdocs/XProject/temp", 0755);
session_save_path("/mnt/web1/10/10/52175010/htdocs/XProject/temp");
session_start();
include('/mnt/web1/10/10/52175010/htdocs/XProject/funcs.php');
$funcs = new funcs();

if(isset($_POST['submit']))
{
$account = htmlentities($_POST['account'],ENT_QUOTES);
$password = htmlentities($_POST['password'],ENT_QUOTES);
$key = htmlentities($_POST['key'],ENT_QUOTES);

$connection = mysql_connect(funcs::mysql_host, funcs::mysql_user, funcs::mysql_password);

if (!$connection) {
print('Could not connect: ' . mysql_error());
print('<br/>');
print('<br/>');
$funcs->MYSQLerror_msg("There seems to be an error in MYSQL.");
}

mysql_select_db(funcs::mysql_database);
$query = "SELECT * FROM ACCOUNTS WHERE `Account` ='$account' AND `Password` ='$password' AND `Key`='$key'";
$result = mysql_query($query) or die(mysql_error());
while( $row = mysql_fetch_array( $result ) ){

$account = $row['Account'];
$password = $row['Password'];
$key = $row['Key'];

}


if( mysql_num_rows( $result ) > 0 ){
$_SESSION['account'] = $account;
$_SESSION['password'] = $password;
$_SESSION['key'] = $key;

print( "<center>Successfully logged in to account!<br>" );
die('Continue to <a href="../index.php?x=main"><strong>XProject</strong></a></center>');

}else{

die( "Invalid account information" );

}



}

else{

exit('Please submit the form first!');


}
?>


next, main.php always says that i have to login but iam.



<?php

if(!defined('BINARY'))
{

exit('UNAUTHORIZED ACCESS');

}
if(isset($_SESSION['account']))
{


print('<center>Welcome '.$_SESSION["account"].'</center>');


}
else{

die('You are not logged in!');


}

?>

met
10-11-2009, 09:52 PM
you need to have session_start()at the top of EVERY page you want to access session variables on.

BinaryX
10-12-2009, 06:45 AM
ok thank u. ill try this when i get home in 5 hours.

BinaryX
10-12-2009, 04:52 PM
Thank you everything has been fixed.

pankajnagarkoti
10-12-2009, 06:18 PM
That's because you're switching up your variables a bit:



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum