...

View Full Version : Resolved Login system problem.



Dom Mv
11-19-2011, 09:51 PM
I have created a registration system (works perfectly) and I am now having trouble with the login system. The login system is echoing back a response, but failing to redirect or hold the session. Can anyone point out where I'm going wrong please?


This is my include file:


<?php

session_start();

function protect($string){
$string = mysql_real_escape_string($string);
$string = strip_tags($string);
$string = addslashes($string);

return $string;
}

function connect(){
$con = mysql_connect("localhost", "removed", "removed") or die(mysql_error());
$db = mysql_select_db("removed", $con);
}

?>


This is my login page (just the PHP parts):


<?php
include ('./functions.php');
?>

<?php

//form code normally goes here.

echo $form;

connect();

if($_POST['submit']){
$username = protect($_POST['username']);
$password = protect($_POST['password']);

$result = mysql_query("SELECT * FROM Users WHERE username='".$username."' AND password='".md5($password)."'");

$validate = mysql_num_rows($result);

if($validate==1){
$_SESSION['username'] = ($username);
$_SESSION['password'] = md5($password);
echo "You have successfully logged in.";
header('location:./members.php');
}
else{
echo "Invalid username or password.";
}
}

?>


This is my members page (just the PHP parts):


<?php
include ('./functions.php');

if(!isset($username)){
header("location:./login.php");
}

?>


I would greatly appreciate any help that you can give me.

tangoforce
11-19-2011, 10:23 PM
Your login page is attempting to assign values to $_SESSION variables but you've not called session_start() at the top of the script.

Put in session_start().

session_start() doesn't just start a session, it also resumes an existing session. By start/resume I mean the function will open a session file that contains the serialised session data on the disk. Not calling the function means that php won't read or write to that file.

Adee
11-19-2011, 10:24 PM
you can't echo something and then have the page redirect.. it's either one or the other

Dom Mv
11-19-2011, 10:29 PM
Your login page is attempting to assign values to $_SESSION variables but you've not called session_start() at the top of the script.

Put in session_start().

session_start() doesn't just start a session, it also resumes an existing session. By start/resume I mean the function will open a session file that contains the serialised session data on the disk. Not calling the function means that php won't read or write to that file.

Thanks for the response, unfortunately I still have a problem.
I had included session_start(); in my include file, but as you advised, also tried it at the top of the script. I currently get this response when I log in:

"You have successfully logged in." But nothing else happens, and I can't access the members.php page. :/


you can't echo something and then have the page redirect.. it's either one or the other
I originally had redirect only, the echo is there for test purposes at the moment. I just removed it and tested it again, still no joy.

Adee
11-19-2011, 11:02 PM
You need to change if (!isset($username)) to if (!isset($_SESSION['username'])) ..

Dom Mv
11-19-2011, 11:19 PM
You need to change if (!isset($username)) to if (!isset($_SESSION['username'])) ..

That's done the trick, thanks!

Only one small problem left - it's not redirecting on login, but it is granting access to the member only pages. Reckon it's a problem with the form?



$form = "
<form action='./login.php' method='post'>
<table>
<tr>
<td>Username:</td>
<td><input type='text' name='username' value='' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' value='' /></td>
</tr>
<tr>
<td></td>
<td colspan='2' rowspan='2'><input type='submit' name='submit' value='Log in'</td>
</tr>
</table>
</form>
";

echo $form;

Adee
11-19-2011, 11:32 PM
at the top is the 'login page' the same as login.php? if so.. try changing the form ACTION to just '' (two single quotes) so <form action = '' .. >


also, what does it do once you've logged in? do you still have the 'echo' part or just the header('location.. part?

Dom Mv
11-19-2011, 11:47 PM
at the top is the 'login page' the same as login.php? if so.. try changing the form ACTION to just '' (two single quotes) so <form action = '' .. >


also, what does it do once you've logged in? do you still have the 'echo' part or just the header('location.. part?

Yes, 'login page' is the same as 'login.php'. I have removed the action as you said, but the problem still occurs.

I have removed the echo, here is the entire code:

File includes:


<?php
include ('./functions.php');
?>


Login page:


<?php

session_start();

$form = "
<form action='' method='post'>
<table>
<tr>
<td>Username:</td>
<td><input type='text' name='username' value='' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' value='' /></td>
</tr>
<tr>
<td></td>
<td colspan='2' rowspan='2'><input type='submit' name='submit' value='Log in'</td>
</tr>
</table>
</form>
";

if(!isset($_SESSION['logged_in'])){
echo "<span>Not already a member? <a href='./register.php'>Click here</a> to register.</span>";
echo $form;

connect();

if($_POST['submit']){
$username = protect($_POST['username']);
$password = protect($_POST['password']);

$result = mysql_query("SELECT * FROM Users WHERE username='".$username."' AND password='".md5($password)."'");

$validate = mysql_num_rows($result);

if($validate==1){
session_start();
$_SESSION['logged_in'] = "user_logged_in";
header('location:./members.php');
}
else{
echo "Invalid username or password.";
}
}
}
else{
echo "You are already logged in. <a href='./logout.php'>Click here</a> to log out.";
}

?>


When I login, it clears the form but starts the session. I can then navigate to the members only areas, it's just failing to redirect on login. I could fix it by echoing "You have logged in, click here to continue", but I would really love for it to auto-redirect.

Thanks for your patience and help so far.

Adee
11-19-2011, 11:57 PM
try redirecting to google.com also, you have two session_start() and i think you only need one. remove the one in the if validate conditional..

Dom Mv
11-20-2011, 12:01 AM
try redirecting to google.com also, you have two session_start() and i think you only need one. remove the one in the if validate conditional..

Done, but it's still not working. :confused:

Such a small thing, yet impossible to solve!



if($validate==1){
$_SESSION['logged_in'] = "user_logged_in";
header('location: www.google.com');
}


Might have to leave it and just echo a redirect link.

Adee
11-20-2011, 12:05 AM
U must have error turned off. Cause when you're echoing out the form, header() function isn't going to work since you're outputting stuff to the page. It would be easier to have the form be on one page, and then have the processing stuff on a second page. The user won't see the second page, but they will be redirected to the members area if their login credentials are valid.

Dom Mv
11-20-2011, 12:46 AM
Thanks for your help, I've decided to fix it with Javascript (should've probably done that in the first place).



if($validate==1){
$_SESSION['logged_in'] = "user_logged_in";
echo "<script>window.location.href='" . './members.php' . "'</script>";
}
else{
echo "Invalid username or password.";
}


Does the job, unless they have Javascript disabled.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum