...

View Full Version : Authenticate



dniwebdesign
01-08-2004, 12:03 AM
I wrote this code to verify a user and send them to the correct member page. However it doesn't seem to work. What is wrong?


<?
/* Check User Script */
session_start(); // Start Session
$_SESSION['access'] = "dead";
header("Cache-control: private");

include 'clientarea/config.php';
// Conver to simple variables
$username = $_POST['account'];
$password = $_POST['password'];

if((!$username) || (!$password)){
echo "Please enter ALL of the information! <br />";
include 'login_form.php';
exit();
}

// Convert password to md5 hash
// $password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM dnidesign_clients WHERE username='$username' AND password='$password'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
while($row = mysql_fetch_array($sql)){
foreach( $row AS $key => $val ){
$$key = stripslashes( $val );
}
// Register some session variables!
session_register('firstname');
$_SESSION['firstname'] = $first_name;
session_register('lastname');
$_SESSION['lastname'] = $last_name;
session_register('email');
$_SESSION['email'] = $email_address;

header("Location: login_success.php");
}
} else {
echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
Please try again!<br /> $username $password";
include 'login_form.php';
}
?>


The main login form is on a different page and the info should be sent to this page to verify it. Any help would be great.

Nightfire
01-08-2004, 12:09 AM
What isn't working? The query? The session? the login check?

Btw, session_register() doesn't exist anymore

You also haven't connected to the database in the code you've shown

dniwebdesign
01-08-2004, 01:17 AM
Yes I have connected (inlcude config....). This includes the method for connecting... The login check doesn't want to work, it keeps showing the "Cannot Login" message. I have included the config files as I have it at the moment.


<?php
////////////////////////////////////////////
// Client Area
// Author: DNI Web Design
// http://www.dniwebdesign.ca.tt
// dniwebdesign@sasktel.net
//
// CONFIG SCRIPT
// 2003 DNI Web Design
////////////////////////////////////////////
// Begin Editable Parameters
////////////////////////////////////////////
// MySQL connection variables
////////////////////////////////////////////
// Server name that MySQL is on
$dbhost = 'localhost';
// Login user
$dbusername = '*****';
// Login password
$dbpasswd = '******';
// Name of the MySQL database
$database_name = '*****';
// DO NOT EDIT BELOW THIS LINE
//-------------------------------------------------------------------------
//MYSQL CONNECTION
$connection = mysql_pconnect("$dbhost","$dbusername","$dbpasswd")
or die ("Couldn't connect to server.");

$db = mysql_select_db("$database_name", $connection)
or die("Couldn't select database.");
?>


If there is something wrong with this let me know. I belive if you want to see what it is doing check out my website.

Spookster
01-08-2004, 01:39 AM
Are the passwords in the database encrypted?

dniwebdesign
01-08-2004, 04:33 AM
not at the moment...

Celtboy
01-08-2004, 05:23 AM
after
$login_check = mysql_num_rows($sql);

try adding:

print "The Value of \$login_check = $login_check \n<br/>";

see what it returns.

dniwebdesign
01-08-2004, 02:10 PM
The Value of $login_check =
You could not be logged in! Either the username and password do not match or you have not validated your membership!
Please try again!

Doesn't show a thing...

Celtboy
01-08-2004, 05:31 PM
try replacing the similar line with this:



$sql = mysql_query("SELECT * FROM dnidesign_clients WHERE username='$username' AND password='$password'",$connection);


and in your config file,

try changing mysql_pconnect with mysql_connect

also, you can remove the double quotations (") around the values...ie this would be ok:



$connection = mysql_connect($dbhost,$dbusername,$dbpasswd)
or die ("Couldn't connect to server.");

Spookster
01-08-2004, 07:10 PM
Didn't catch that when I glanced through the first time

$connection = mysql_pconnect("$dbhost","$dbusername","$dbpasswd")

If you are doing that PHP is going to treat those as strings not variables. As Celtboy mentioned remove the quotes from around those.

Also you really don't need to use pconnect unless you absolutely need a persistent connection. If you do use a persistent connection you need to make sure you don't continue to make new connections and exceed the max number of connections allowed by the mysql configuration or any limits your host has imposed.

dniwebdesign
01-08-2004, 07:41 PM
It still doesn't want to seem to work...

Celtboy
01-08-2004, 08:02 PM
stick a
print "Testing...<br>\n"; into your config file. (just making sure it's even including it correctly (the path to the config file may be wrong))

dniwebdesign
01-08-2004, 09:01 PM
It prints the testing message...

Spookster
01-08-2004, 09:17 PM
Post the code for you form

Nightfire
01-08-2004, 09:22 PM
As $login_check isn't returning anything, something has got to be wrong with the query or something along those lines.

As an experiment, try the following:



$sql_str = "SELECT * FROM dnidesign_clients WHERE username='$username' AND password='$password'";

$sql = mysql_query("$sql_str",$connection);

echo $sql_str;


Might also be helpful to show your database setup, maybe something in there is wrong. Can't think of anything else

<edit>An extra ' appeared from somewhere :o</edit>

dniwebdesign
01-08-2004, 09:35 PM
$sql_str = "SELECT * FROM dnidesign_clients WHERE username='$username' AND password='$password'";

$sql = mysql_query("$sql_str",$connection);

echo $sql_str;

That will just print the string $sql_str....

-------------------
Login Form


<form name="form1" method="post" action="checkuser.php">
<table width="100%" height="79" border="0" cellpadding="0" cellspacing="0">
<tr>
<td height="16" valign="top" bgcolor="#CCCCCC"><font size="3" face="Arial, Helvetica, sans-serif"><strong><em>Client
Area</em></strong></font></td>
</tr>
<tr>
<td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><font size="2" face="Arial, Helvetica, sans-serif">Account:</font></td>
<td> <input type="text" style="border-style:solid; border-bottom:1px solid #333366; border-right:1px solid #333366; border-top:1px solid #333366; border-left:1px solid #333366; top-margin=0px; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px; color:#666666;" size="10" name="account">
</td>
</tr>
<tr>
<td><font size="2" face="Arial, Helvetica, sans-serif">Password</font></td>
<td> <input type="password" name="password" style="border-style:solid; border-bottom:1px solid #333366; border-right:1px solid #333366; border-top:1px solid #333366; border-left:1px solid #333366; top-margin=0px; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px; color:#666666;" size="10">
</td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input type="submit" name="Submit" style="border-style:solid; border-bottom:1px solid #333366; border-right:1px solid #333366; border-top:1px solid #333366; border-left:1px solid #333366; top-margin=0px; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px; color:#000000; background: transparent;" value="Enter">
</div></td>
</tr>
</table></td>
</tr>
</table>
</form>



-------------------

Spookster
01-08-2004, 09:49 PM
Originally posted by dniwebdesign

That will just print the string $sql_str....



It will print $sql_str but with the actual values of the variables in place of the variables. That will show if the values are being passed correctly.

dniwebdesign
01-08-2004, 10:39 PM
Well, I already tested this but did again. Yes the variables are shown as they are entered on the form.

Celtboy
01-08-2004, 11:28 PM
Go through and verify each of the following:

-the database is on your own server ("localhost")
-the database with data in it is called <whatever you put in the config>
- the table with the data is called "dnidesign_clients"
- the fields are correctly named in the database.

dniwebdesign
01-08-2004, 11:37 PM
Go through and verify each of the following:

-the database is on your own server ("localhost") True
-the database with data in it is called <whatever you put in the config> True (only have one database)
- the table with the data is called "dnidesign_clients" True
- the fields are correctly named in the database. True

mordred
01-09-2004, 12:14 AM
Three more items from the "check the obvious" department:

1.) Add mysql_error() after you send the query! This is the most reliable way of getting MySQL to tell you if it chokes on the query or not.



$sql = mysql_query("$sql_str",$connection) or print mysql_error();


2.) Use the query as it was printed out and send it from within phpMyAdmin and check that the result is the same as expected (i.e. more than 0 rows returned).

3.) Add error_reporting(E_ALL) at the top of your script; maybe somewhere deep inside a simple type is screwing up everything.

raf
01-09-2004, 12:20 AM
change


$sql = mysql_query("SELECT * FROM dnidesign_clients WHERE username='$username' AND password='$password'");
$login_check = mysql_num_rows($sql);

into


$sql = ("SELECT Count(*) as numrec FROM dnidesign_clients WHERE username='" . $username . "' AND password='" . $password . "'");
echo $sql; // for debugging
$result = mysql_query($sql,$connection) or die ('Queryproblem: ' . mysql_error());
if ($result){
$row=mysql_fetch_assoc($result);
echo ('<br />Number of retrieved records= ' . $row['numrec']);
}


If the number is 0, then there probably isn't a record in that table with that asername and pwd. Else run the query that was printed in phpMyAdmin and see if there were indeed records

<edit> posts crossed. I basically wrote the code for mordreds 1 and 2</edit>

dniwebdesign
01-09-2004, 12:27 AM
IT IS ALIVE...

That print mysql_error(); sure worked. I have to look closer at my code... I guess I didn't have a column name right... all that messing... sorry guys for wasting your time but I'll use the mysql_error() a few times.

What was that other error thing you had there:

3.) Add error_reporting(E_ALL) at the top of your script; maybe somewhere deep inside a simple type is screwing up everything.

That might come in handy when I try making other scripts. I'm new to PHP so this is a first for me. Thanks all for the help. I'll be back if I need anymore with anything else.

Celtboy
01-09-2004, 05:52 AM
debugging is one of the most difficult and annoying things to deal with. As you've noticed however, we're all more than happy to help! ;)

The fact that you weren't getting ANYTHING made us all inclined to think either the query wasn't correct, or something was amiss with the connection. As it turns out, it was the query.....column names incorrect, eh?

:cool:

As long as it's working now! Glad to know we could all, in some way however minute, help.:thumbsup:

as an aside, I think everyone here did a pretty good job of running the gambit of "Things to try" when debugging code....

dniwebdesign
01-09-2004, 05:56 AM
Well, the most similar thing to this is when I combined a members area, a link exchange, and a mailing list into one script. Still working on an integrated forums though. I did this for the Canadian Internet Identification Committee (http://www.theciic.ca.tt). Pretty cool site and idea. Anyway. Thanks again for the help.

raf
01-09-2004, 09:24 AM
Originally posted by Celtboy
debugging is one of the most difficult and annoying things to deal with.
I beg to differ! I would do it for a living if i could!.

If you write good code, then debugging usually isn't much of a problem. Whenever i run a select, i have


$result = mysql_query($sql,$connection) or die ('Queryproblem: ' . mysql_error());
if (mysql_num_rows($result)>= 1){
my code
} else {
echo 'No records.';
}

so i would see at first run that the there is no such column inside that table.

when you learn a new language, the shown erromessage usually don't tell you much, but after a few days, you almost instantly know what to look for with each error you get.

Celtboy
01-09-2004, 04:06 PM
Then raf, you go right ahead. As far as I'm concerned, when you work hard to write some code, and it doesn't work the way it's supposed to, that is annoying.

You ever programmed in Java? talk about retarded error messages! 200 Lines of code....and it won't compile because of some mystic error on line 127, only to learn you didn't capitalize "String" on line 13. Or how about the missing semicolon?

Enjoying debugging is almost like S&M to me....weird ;)

hehe.

Spookster
01-09-2004, 08:25 PM
Originally posted by Celtboy
Then raf, you go right ahead. As far as I'm concerned, when you work hard to write some code, and it doesn't work the way it's supposed to, that is annoying.

You ever programmed in Java? talk about retarded error messages! 200 Lines of code....and it won't compile because of some mystic error on line 127, only to learn you didn't capitalize "String" on line 13. Or how about the missing semicolon?

Enjoying debugging is almost like S&M to me....weird ;)

hehe.

Try some other older languages like Lisp, Prolog, Fortan or Cobol. Debugging in those makes debugging in Java fun.

raf
01-09-2004, 09:41 PM
Originally posted by Celtboy
Then raf, you go right ahead. ...
Enjoying debugging is almost like S&M to me....weird ;)
hehe.

I was kinda kidding, but i think that the debugging is almost the most relaxing part of coding (right after 'dreaming up the application at the very early stages')
For me it's kikking back and enjoy the errormessages, alt-tab, jump to line, insert ) or ; set typo straight, F5 and watch the line value go up a few hundred lines.

I've all had the most perplexing little errors (like wrong placed formtags, having name"variable" as formattribute, $i instead of $1 which i (due to some mental defect or serious intoxication) frequently seam to have, having if ($var=5){ etc ) so i kinda know what to look for and how to track it down.

I find the most boring and annoying phase what comes after that : testing the features under all possible conditions and from all possible start-situations ...

Celtboy
01-09-2004, 09:44 PM
I'm with ya on that....Especially trying to code to handle bad user input...that's annoying. TRY { } CATCH{}, how I miss thee...

wow. fortran & Cobol. haven't coded in them in a LONG time.....heh, LISP & Prolog. There's 2 languages I saw...but never decided to touch. Kinda like REXX. heh. The glory days.

dniwebdesign
01-09-2004, 10:23 PM
Originally posted by Celtboy

You ever programmed in Java? talk about retarded error messages! 200 Lines of code....and it won't compile because of some mystic error on line 127, only to learn you didn't capitalize "String" on line 13. Or how about the missing semicolon?

Enjoying debugging is almost like S&M to me....weird ;)

hehe.

I porgram in Java... That's what I'm learning at Univeristy at the moment and those error messages are really annoying, as with any errors.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum