...

View Full Version : Login Script Goof Up



stevenmw
05-23-2011, 04:05 AM
I'm trying very hard to build a login script from scratch. No matter if the username and password are correct I'm geting my wrong username or password message. Can anyone see any where I've mixed up the successes or if anything is wrong at all?

I'm not getting any parse errors, and it's connecting to the db just fine.

Any ideas?



<?
if (isset($_SESSION['username']) && isset($_SESSION['userlevel'])) {
header('location: main.html');
}
else {
class User {
var $username;
function __construct($user)
{
$this->username = NULL;
if(preg_match("/^[a-zA-Z0-9 _-]+$/",$user))
{
$this->username = $user;
}
}
function is_valid()
{
if($this->username != NULL)
{
return true;
}
return false;
}
}
class Pass {
var $password;
function __construct($pass)
{
$this->password = NULL;
if(preg_match("/^[a-zA-Z0-9 _-]+$/",$pass))
{
$this->password = $pass;
}
}
function is_valid()
{
if($this->password != NULL)
{
return true;
}
return false;
}
}
$user = new User($_POST['user']);
$pass = new Pass($_POST['pass']);
$row = mysql_fetch_array($result);
if($user->is_valid() && $pass->is_valid()){
$q = "SELECT * userid FROM users WHERE username = '$user'";
$result = mysql_query($q, $this->connection);
}
if(!result || (mysql_numrows($result) < 1)) {
echo "wrong username or password";
}
elseif ($row['password'] == $pass) {
session_start();
session_regenerate_id();
$_SESSION['username'] = $user;
$_SESSION['userlevel'] = $row['user_level'];
}
else {
echo "wrong username or password";
}}
?>

angst
05-23-2011, 04:54 AM
$user has no value.

as seen here;


$user = new User($_POST['user']);
..............
$q = "SELECT * userid FROM users WHERE username = '$user'";


try this;



$q = "SELECT * userid FROM users WHERE username = '$user->username'";

stevenmw
05-23-2011, 06:05 AM
Where doesn't it have a value?

angst
05-23-2011, 06:12 AM
in your query:

$user

is a class object, not a string value as you set it here;

$user = new User($_POST['user']);

so to call it back you need to use;

$user->username;

stevenmw
05-24-2011, 04:41 AM
<?
if (isset($_SESSION['username']) && isset($_SESSION['userlevel'])) {
header('location: main.html');
}
else {
class User {
var $username;
function __construct($user)
{
$this->username = NULL;
if(preg_match("/^[a-zA-Z0-9 _-]+$/",$user))
{
$this->username = $user;
}
}
function user_valid()
{
if($this->username != NULL)
{
return true;
}
return false;
}
}
class Pass {
var $password;
function __construct($pass)
{
$this->password = NULL;
if(preg_match("/^[a-zA-Z0-9 _-]+$/",$pass))
{
$this->password = $pass;
}
}
function pass_valid()
{
if($this->password != NULL)
{
return true;
}
return false;
}
}
$user = new User($_POST['user']);
$pass = new Pass($_POST['pass']);
$row = mysql_fetch_array($result);
if($user->user_valid() && $pass->pass_valid()){
$q = "SELECT * userid FROM users WHERE username = '$user->username'";
$result = mysql_query($q, $this->connection);
}
if(!result || (mysql_numrows($result) < 1)) {
echo "wrong username or password";
}
elseif ($row['password'] == $pass) {
session_start();
session_regenerate_id();
$_SESSION['username'] = $user;
$_SESSION['userlevel'] = $row['user_level'];
header('location: main.html');
}
else {
echo "wrong username or password";
}}
?>


Here is my code.

When I submit the login form the session.php doesn't actually run until I refresh the page. It's as if the input fields aren't posting. Then when I refresh the page the session.php runs, but runs all over again. Which echos wrong username or password.

Any ideas?

angst
05-24-2011, 01:53 PM
session_start();


should be at the very top of your script.

stevenmw
05-29-2011, 10:20 PM
session_start();


should be at the very top of your script.


Tried it, still not working?



<?
session_start();
if (isset($_SESSION['username']) && isset($_SESSION['userlevel'])) {
header('location: main.html');
}
else {
class User {
var $username;
function __construct($user)
{
$this->username = NULL;
if(preg_match("/^[a-zA-Z0-9 _-]+$/",$user))
{
$this->username = $user;
}
}
function user_valid()
{
if($this->username != NULL)
{
return true;
}
return false;
}
}
class Pass {
var $password;
function __construct($pass)
{
$this->password = NULL;
if(preg_match("/^[a-zA-Z0-9 _-]+$/",$pass))
{
$this->password = $pass;
}
}
function pass_valid()
{
if($this->password != NULL)
{
return true;
}
return false;
}
}
$user = new User($_POST['user']);
$pass = new Pass($_POST['pass']);
$row = mysql_fetch_array($result);
if($user->user_valid() && $pass->pass_valid()){
$q = "SELECT * userid FROM users WHERE username = '$user->username'";
$result = mysql_query($q, $this->connection);
}
if(!result || (mysql_numrows($result) < 1)) {
echo "wrong username or password";
}
elseif ($row['password'] == $pass) {
session_regenerate_id();
$_SESSION['username'] = $user;
$_SESSION['userlevel'] = $row['user_level'];
header('location: main.html');
}
else {
echo "wrong username or password";
}}
?>



When I try to submit a username and password that complies with the user function that checks if appropriate characters were entered the session fiel doesnt do anything. But if I enter a username or password that doesnt comply with the user functions (if an innappropriate character is entered) the script works right away and outputs 'wrong username or password'

stevenmw
05-30-2011, 06:55 PM
I've narrowed it down. It has to be in the $_POST portion of the code. If the pass_valid and user_valid work when they return false then somethings wrong with the code when these objects return true.

But I'm having trouble figuring out where.

shadowmaniac
05-30-2011, 07:45 PM
Pls use proper indentation.



if(!result || (mysql_numrows($result) < 1)) {
echo "wrong username or password";
}

!$result



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum