Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 5 123 ... LastLast
Results 1 to 15 of 71
  1. #1
    Regular Coder
    Join Date
    Aug 2008
    Posts
    127
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Help PHP login form

    Hi everyone I hope you can help I have a problem,

    The problem is when I submit the form it always goes to the wrong username/password page even though I have entered a valid one.

    I am looking for the username and password in a table called onlineoffers There is also other information contained within it. The table has about 10 fields and username and password is two of them. I have done a similar form that works fine (but that table only contains username and password)

    Can anyone see why my script may not be picking up the username and password from the DB and moving me on to the next page (corparea.php)
    Getting annoyed, not getting any errors just not getting to my corparea.php page.

    My orginal form is index.php where the username and password is entered. This then links to the code below checkcorplogin.php, which should go to the corparea.php (logged in)

    Code:
    <?php
    $host="LOCALHOST"; // Host name 
    $username="USERNAME"; // Mysql username 
    $password="PASSWORD"; // Mysql password 
    $db_name="DBNAME"; // Database name 
    $tbl_name="onlineoffers"; // Table name
    
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");
    
    
    $myusername=$_POST['myusername']; 
    $mypassword=$_POST['mypassword']; 
    
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    $mypassword = sha1($mypassword);
    
    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
    $result=mysql_query($sql);
    
    $count=mysql_num_rows($result);
    
    if($count==1){
    $_SESSION['myusername'] = $myusername; 
    $_SESSION['mypassword'] = $mypassword; 
    header("location:corparea.php");
    }
    else {
    echo "Wrong Username or Password";
    
    }
    ?>
    For info this is the code I have on the corparea.php page

    Code:
    <?php if(empty($_SESSION['myusername'])){
    header("location:index.php");
    exit();
    } 
    ?>
    but with this code out it still doesn't let me log in.

    Steve
    Last edited by SteveDD; 08-11-2008 at 06:44 PM. Reason: error

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,500
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    This (see red line) should be the first thing on every page that uses your SESSION

    <?php
    session_start();
    if(empty($_SESSION['myusername'])){
    header("location:index.php");
    exit();
    }
    ?>

  • #3
    Regular Coder
    Join Date
    Aug 2008
    Posts
    127
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by mlseim View Post
    This (see red line) should be the first thing on every page that uses your SESSION

    <?php
    session_start();
    if(empty($_SESSION['myusername'])){
    header("location:index.php");
    exit();
    }
    ?>
    I have added this code to the corparea.php page but sadly I still get the wrong username/password entered bit. Doesn't seem like i'm getting that far. I think it is struggling to find the username and password in the table onlineoffers. Could this be the case & can you see anything that may be stopping this.

  • #4
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,500
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    And this ...

    <?php
    session_start();

    is also at the top of "checkcorplogin.php"?


    EDIT:
    Is sha1() deprecated?
    Maybe now it's sha256() ?
    Possibly the password stored in the database is not encrypted (or encrypted differently)?



    .
    Last edited by mlseim; 08-11-2008 at 08:25 PM.

  • #5
    teh Moderatorinator
    Join Date
    Sep 2004
    Location
    USA
    Posts
    2,472
    Thanks
    4
    Thanked 40 Times in 40 Posts
    Do some debugging and echo out $sql and $count and see what the output is.

  • #6
    Regular Coder
    Join Date
    Aug 2008
    Posts
    127
    Thanks
    2
    Thanked 0 Times in 0 Posts
    I have looked at this and I am using Sha1 wrong, I orginally just used
    Code:
    $mypassword= mysql_real_escape_string($mypassword);
    and changed it to the sha1 code. I realise my password field in my DB is not saved in any special way just a standard VARCHAR with no special features. How do I implement the sha1 on this field?

  • #7
    Regular Coder
    Join Date
    Aug 2008
    Posts
    127
    Thanks
    2
    Thanked 0 Times in 0 Posts
    I think it is easier if I just change it away from sha1 and just to a simpler form that checks the username and password and then logs the user in.

    Can anyone amend the code above to reflect that?

    Steve

  • #8
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,500
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    This is now getting out of my "knowledge area".
    Here are some possible script examples:
    http://www.google.com/search?hl=en&q...=Google+Search

  • #9
    Regular Coder hinch's Avatar
    Join Date
    Sep 2005
    Location
    UK
    Posts
    923
    Thanks
    25
    Thanked 80 Times in 80 Posts
    storing an sha'd password as a varchar is just fine only make sure your field is long enough to allow the string to fit without being truncated.

    personally i use md5() instead below is something approximately correct

    PHP Code:
    //Login Query
    if (($_POST['user'] == "") || ($_POST['pass'] == "")) {
        
    $err="Complete both boxes to continue";
    } else {
        
    $sql "SELECT * FROM `tblusers` where User ='".mysql_real_escape_string($_POST['user'])."'";
        
    $result mysql_query($sql);
        
    // Login check and error reporting
            
    if ($result==FALSE) {
                
    $err="Username invalid please check you typed it in correctly and try again";
            } else {
            
    $userdetails mysql_fetch_row($result);
                if(
    md5($_POST['pass'])==$userdetails[2])
                {
                    
    session_cache_expire(40);
                    
    session_start();
                    
    $_SESSION['userid'] = 
                    
    header'Location: dashboard.php' ) ;
                } else {
                    
    $err="Password invalid please check you put it in correctly and try again";
                }
            }
        } 
    A programmer is just a tool which converts caffeine into code

    My work: http://www.fcsoftware.co.uk && http://www.firstcontactcrm.com
    My hobby: http://www.angel-computers.co.uk
    My life: http://www.furious-angels.com

  • #10
    Regular Coder
    Join Date
    Aug 2008
    Posts
    127
    Thanks
    2
    Thanked 0 Times in 0 Posts
    So if my table is "onlineoffers" in the DB and my username and password fields are the same as they sound, within the same table. I link my code login code to this code? (amended for my site) and the page i want to go to is corparea.php
    In my orginal form index.php the username field is named "myusername" and the password field is "mypassword"> I am not sure I have completed the code correctly?


    Code:
    <?php
    //Login Query
    if (($_POST['username'] == "myusername") || ($_POST['mypassword'] == "password")) {
        $err="Complete both boxes to continue";
    } else {
        $sql = "SELECT * FROM `onlineoffers` where User ='".mysql_real_escape_string($_POST['user'])."'";
        $result = mysql_query($sql);
        // Login check and error reporting
            if ($result==FALSE) {
                $err="Username invalid please check you typed it in correctly and try again";
            } else {
            $userdetails = mysql_fetch_row($result);
                if(md5($_POST['password'])==$userdetails[2])
                {
                    session_cache_expire(40);
                    session_start();
                    $_SESSION['userid'] = 
                    header( 'Location: corparea.php' ) ;
                } else {
                    $err="Password invalid please check you put it in correctly and try again";
                }
            }
        }  
    ?>

  • #11
    Regular Coder hinch's Avatar
    Join Date
    Sep 2005
    Location
    UK
    Posts
    923
    Thanks
    25
    Thanked 80 Times in 80 Posts
    the below would work but assumes your table is in the format

    ID, username, password
    0 , 1 , 2
    (to allow the $userdetails[2] statement to work)

    It also assumes your passwords are stored in your password field in MD5 has so when you inserted your passwords you md5'd the incoming password

    It also sets nothing into the actual session called userid so you would have to add something in there, I usually add the ID field from the database so I can look up the logged in user often so you'd set for example $_SESSION['userid']=$userdetails[0];
    stick all that code at the top of the page (very first thing) then in your login form stick an <?php echo $err;?> somewhere that way if it errors out it'll display the reason it errored out to the user and redisplay the form.

    PHP Code:
    <?php
    //Login Query
    if (($_POST['myusername'] == "") || ($_POST['mypassword'] == "")) {
        
    $err="Complete both boxes to continue";
    } else {
        
    $sql "SELECT * FROM `onlineoffers` where username='".mysql_real_escape_string($_POST['myusername'])."'";
        
    $result mysql_query($sql);
        
    // Login check and error reporting
            
    if ($result==FALSE) {
                
    $err="Username invalid please check you typed it in correctly and try again";
            } else {
            
    $userdetails mysql_fetch_row($result);
                if(
    md5($_POST['mypassword'])==$userdetails[2])
                {
                    
    session_cache_expire(40);
                    
    session_start();
                    
    $_SESSION['userid'] = "SET WHAT EVER YOU WANT IN SESSION HERE"
                    
    header'Location: corparea.php' ) ;
                } else {
                    
    $err="Password invalid please check you put it in correctly and try again";
                }
            }
        }  
    ?>
    A programmer is just a tool which converts caffeine into code

    My work: http://www.fcsoftware.co.uk && http://www.firstcontactcrm.com
    My hobby: http://www.angel-computers.co.uk
    My life: http://www.furious-angels.com

  • #12
    Regular Coder
    Join Date
    Aug 2008
    Posts
    127
    Thanks
    2
    Thanked 0 Times in 0 Posts
    right making a bit more sence At the minute I have about 12 fields in the database and the username and password are 4 & 5. I can move them to the start if thats eaier so they are 2/3, would this work?

    Also I am getting this MD5 thing wrapped around my head. Currently my subscription form adds the password to the database just in text form. Does this also need to be ammended? & do I need to do anything special to the field in the DB other than making it more than 40 characters?

  • #13
    Regular Coder hinch's Avatar
    Join Date
    Sep 2005
    Location
    UK
    Posts
    923
    Thanks
    25
    Thanked 80 Times in 80 Posts
    if your password field is field 5 just change $userdetails[2] to $userdetails[5]

    when you insert the password into the data base do something like this

    insert into onlineoffers (username,password) values ('".mysql_real_escape_string($_POST['myusername'])."', '".md5($_POST['mypassword'])."'";

    that will insert an md5'd password into your database (which will appear in the db as just a random string of characters so your db field only needs to be a varchar with a decent length though) then you compare the stored md5 password against the submitted password then md5'd on your login.
    Thats what this bit does
    if(md5($_POST['mypassword'])==$userdetails[2])
    {
    }
    A programmer is just a tool which converts caffeine into code

    My work: http://www.fcsoftware.co.uk && http://www.firstcontactcrm.com
    My hobby: http://www.angel-computers.co.uk
    My life: http://www.furious-angels.com

  • #14
    Regular Coder hinch's Avatar
    Join Date
    Sep 2005
    Location
    UK
    Posts
    923
    Thanks
    25
    Thanked 80 Times in 80 Posts
    if your struggling post the .sql structure to your db and i'll knock you together a simple example insert and login page to work from
    A programmer is just a tool which converts caffeine into code

    My work: http://www.fcsoftware.co.uk && http://www.firstcontactcrm.com
    My hobby: http://www.angel-computers.co.uk
    My life: http://www.furious-angels.com

  • #15
    Regular Coder
    Join Date
    Aug 2008
    Posts
    127
    Thanks
    2
    Thanked 0 Times in 0 Posts
    thanks I will have a look at this tomorrow and get back to you then. Thanks for your help.

    One quick question how do I insert the other fields around it

    id (auto)
    catagory
    compname
    username
    PASSWORD
    image
    help
    notes
    path
    visable
    time
    date
    Last edited by SteveDD; 08-12-2008 at 10:57 PM.


  •  
    Page 1 of 5 123 ... LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •