...

View Full Version : Login is not working...



Remotive
02-17-2012, 04:42 PM
Hi there people, if you wouldn't mind, I need some help on this login form, it does not log me in at all :/
Everything regarding connecting to the database is fine of course, and the config file shows no problem...
Here's login.php...



<?php
include "config.php";
echo "<center>";
if($logged['id']) {
echo "Welcome $logged[username]<br><br>
- <a href='editprofile.php'>Edit Profile</a><br>
- <a href='changepassword.php'>Change Password</a><br>
- <a href='members.php'>Members</a><br>
- <a href='logout.php?logout'>Logout</a>";
}elseif(isset($_GET['login'])) {
$username = htmlspecialchars(addslashes($_POST['username']));
$password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST['password']))))))));
$uinfo = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
$checkuser = mysql_num_rows($uinfo);
if($checkuser == '0') {
echo "Username not found";
}else{
$udata = mysql_fetch_array($uinfo);
if($udata['password'] == $password) {
$query = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
$user = mysql_fetch_array($query);
$_SESSION['id'] = "$user[id]";
$_SESSION['password'] = "$user[password]";
echo "<meta http-equiv='Refresh' content='2; URL=login.php'/>You are now logged in, Please wait. . .";
}else{
echo "Incorrect username or password!";
}
}
}else{
echo "
<form action='login.php?login' method='post'>
<table width='312'>
<tr>
<td width='120'>Username:</td>
<td width='180'><input type='text' name='username' size='30' maxlength='25'></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' size='30' maxlength='25'></td>
</tr>
<tr>
<td colspan='2'><center><input type='submit' value='Login'></center></td>
</tr>
</table>
</form>
</center>";
}
?>


Now here's config.php...


<?php
session_start(); //allows session


$conn = mysql_connect("localhost","root","");
mysql_select_db('keepanopenmind') or die(mysql_error());


$configid = '$_SESSION[id]';
$configpass = '$_SESSION[password]';
$logged = mysql_query("SELECT * FROM `members` WHERE `id` = '$configid' AND `password` = '$configpass'");
$logged = mysql_fetch_array($logged);


//some server details, don't edit!
$host = $_SERVER['HTTP_HOST'];
$self = $_SERVER['PHP_SELF'];


//change this to your site name
$sitename = "KeepAnOpenMobile";


if ($logged['background'] == "")
{
echo"
<link href=\"../../inc/css/mobile.css\" rel=\"stylesheet\" type=\"text/css\" />
<body background='../../images/mobile/background.png'>";
}else{
echo"
<link href=\"../../inc/css/mobile.css\" rel=\"stylesheet\" type=\"text/css\" />
<body background='$logged[background]'>";
}
?>

so, can anyone help? I'm really confused..
I've used it before plenty of times, but I DID take out a check for user verification that I just did not, so I don't know if that would be corresponding to it.

Any help given is HUGELY appreciated!

Fou-Lu
02-17-2012, 05:38 PM
$configid = '$_SESSION[id]';
$configpass = '$_SESSION[password]';

These are strings, not variables. Those should be:


$configid = $_SESSION['id'];
$configpass = $_SESSION['password'];

Without it you always require a get and post for your login.

Why is login.php querying the same data twice? Just use your existing $udata variable.

Remotive
02-17-2012, 06:46 PM
$configid = '$_SESSION[id]';
$configpass = '$_SESSION[password]';

These are strings, not variables. Those should be:


$configid = $_SESSION['id'];
$configpass = $_SESSION['password'];

Without it you always require a get and post for your login.

Why is login.php querying the same data twice? Just use your existing $udata variable.
Ah, thank you that did the trick!
..and you're right, it is, thanks for pointing it out! I just thought it would of had to again because it's a new outcome, but clearly not :)

BUT, after changing them to what you suggested I get these errors from my config...

Notice: Undefined index: id in config.php on line 7

..and ofc I get the same for both sessions, I've had this error with a few of my scripts and I have not yet got rid of them, what exactly can I do to get around it?

Fou-Lu
02-17-2012, 07:19 PM
The notice is a lack of a value. You can get around it by assigning null when not present:


$configid = isset($_SESSION['id']) ? $_SESSION['id'] : null;
$configpass = isset($_SESSION['password']) ? $_SESSION['password'] : null;


I would then check if they are not null prior to querying. You shouldn't have any valid results if these are null, so querying would just be a waste. $logged would be provided with a default value of array(), so that it doesn't match other criteria. You would then modify access to this array instead of using items such as $logged['in'] you would use isset($logged['in']).



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum