Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    Regular Coder stevenmw's Avatar
    Join Date
    Jun 2007
    Location
    OK
    Posts
    497
    Thanks
    27
    Thanked 31 Times in 31 Posts

    Login Script Goof Up

    I'm trying very hard to build a login script from scratch. No matter if the username and password are correct I'm geting my wrong username or password message. Can anyone see any where I've mixed up the successes or if anything is wrong at all?

    I'm not getting any parse errors, and it's connecting to the db just fine.

    Any ideas?

    PHP Code:
    <?
    if (isset($_SESSION['username']) && isset($_SESSION['userlevel'])) {
    header('location: main.html');
    }
    else {
    class 
    User 
    var 
    $username
    function 
    __construct($user)
    {
    $this->username NULL
    if(
    preg_match("/^[a-zA-Z0-9 _-]+$/",$user))

    $this->username $user


    function 
    is_valid()

    if(
    $this->username != NULL)

    return 
    true

    return 
    false

    }
    class 
    Pass 
    var 
    $password
    function 
    __construct($pass)
    {
    $this->password NULL
    if(
    preg_match("/^[a-zA-Z0-9 _-]+$/",$pass))

    $this->password $pass


    function 
    is_valid()

    if(
    $this->password != NULL)

    return 
    true

    return 
    false

    }
    $user = new User($_POST['user']);
    $pass = new Pass($_POST['pass']); 
    $row mysql_fetch_array($result);
    if(
    $user->is_valid() && $pass->is_valid()){ 
    $q "SELECT * userid FROM users WHERE username = '$user'";
    $result mysql_query($q$this->connection);
    }
    if(!
    result || (mysql_numrows($result) < 1)) {
    echo 
    "wrong username or password";
    }
    elseif (
    $row['password'] == $pass) {
    session_start();
    session_regenerate_id();
    $_SESSION['username'] = $user;
    $_SESSION['userlevel'] = $row['user_level'];
    }
    else {
    echo 
    "wrong username or password";
    }}
    ?>

  • #2
    Senior Coder angst's Avatar
    Join Date
    Apr 2004
    Location
    Toronto, Ontario
    Posts
    2,114
    Thanks
    15
    Thanked 122 Times in 122 Posts
    $user has no value.

    as seen here;
    PHP Code:
    $user = new User($_POST['user']);
    ..............
    $q "SELECT * userid FROM users WHERE username = '$user'"
    try this;

    PHP Code:
    $q "SELECT * userid FROM users WHERE username = '$user->username'"
    Last edited by angst; 05-23-2011 at 05:12 AM.

  • #3
    Regular Coder stevenmw's Avatar
    Join Date
    Jun 2007
    Location
    OK
    Posts
    497
    Thanks
    27
    Thanked 31 Times in 31 Posts
    Where doesn't it have a value?

  • #4
    Senior Coder angst's Avatar
    Join Date
    Apr 2004
    Location
    Toronto, Ontario
    Posts
    2,114
    Thanks
    15
    Thanked 122 Times in 122 Posts
    in your query:

    $user

    is a class object, not a string value as you set it here;

    $user = new User($_POST['user']);

    so to call it back you need to use;

    $user->username;

  • #5
    Regular Coder stevenmw's Avatar
    Join Date
    Jun 2007
    Location
    OK
    Posts
    497
    Thanks
    27
    Thanked 31 Times in 31 Posts
    PHP Code:
    <?
    if (isset($_SESSION['username']) && isset($_SESSION['userlevel'])) {
    header('location: main.html');
    }
    else {
    class 
    User 
    var 
    $username
    function 
    __construct($user)
    {
    $this->username NULL
    if(
    preg_match("/^[a-zA-Z0-9 _-]+$/",$user))

    $this->username $user


    function 
    user_valid()

    if(
    $this->username != NULL)

    return 
    true

    return 
    false

    }
    class 
    Pass 
    var 
    $password
    function 
    __construct($pass)
    {
    $this->password NULL
    if(
    preg_match("/^[a-zA-Z0-9 _-]+$/",$pass))

    $this->password $pass


    function 
    pass_valid()

    if(
    $this->password != NULL)

    return 
    true

    return 
    false

    }
    $user = new User($_POST['user']);
    $pass = new Pass($_POST['pass']); 
    $row mysql_fetch_array($result);
    if(
    $user->user_valid() && $pass->pass_valid()){ 
    $q "SELECT * userid FROM users WHERE username = '$user->username'";
    $result mysql_query($q$this->connection);
    }
    if(!
    result || (mysql_numrows($result) < 1)) {
    echo 
    "wrong username or password";
    }
    elseif (
    $row['password'] == $pass) {
    session_start();
    session_regenerate_id();
    $_SESSION['username'] = $user;
    $_SESSION['userlevel'] = $row['user_level'];
    header('location: main.html');
    }
    else {
    echo 
    "wrong username or password";
    }}
    ?>
    Here is my code.

    When I submit the login form the session.php doesn't actually run until I refresh the page. It's as if the input fields aren't posting. Then when I refresh the page the session.php runs, but runs all over again. Which echos wrong username or password.

    Any ideas?

  • #6
    Senior Coder angst's Avatar
    Join Date
    Apr 2004
    Location
    Toronto, Ontario
    Posts
    2,114
    Thanks
    15
    Thanked 122 Times in 122 Posts
    PHP Code:
    session_start(); 
    should be at the very top of your script.

  • #7
    Regular Coder stevenmw's Avatar
    Join Date
    Jun 2007
    Location
    OK
    Posts
    497
    Thanks
    27
    Thanked 31 Times in 31 Posts
    Quote Originally Posted by angst View Post
    PHP Code:
    session_start(); 
    should be at the very top of your script.

    Tried it, still not working?

    PHP Code:
    <?
    session_start
    ();
    if (isset(
    $_SESSION['username']) && isset($_SESSION['userlevel'])) {
    header('location: main.html');
    }
    else {
    class 
    User 
    var 
    $username
    function 
    __construct($user)
    {
    $this->username NULL
    if(
    preg_match("/^[a-zA-Z0-9 _-]+$/",$user))

    $this->username $user


    function 
    user_valid()

    if(
    $this->username != NULL)

    return 
    true

    return 
    false

    }
    class 
    Pass 
    var 
    $password
    function 
    __construct($pass)
    {
    $this->password NULL
    if(
    preg_match("/^[a-zA-Z0-9 _-]+$/",$pass))

    $this->password $pass


    function 
    pass_valid()

    if(
    $this->password != NULL)

    return 
    true

    return 
    false

    }
    $user = new User($_POST['user']);
    $pass = new Pass($_POST['pass']); 
    $row mysql_fetch_array($result);
    if(
    $user->user_valid() && $pass->pass_valid()){ 
    $q "SELECT * userid FROM users WHERE username = '$user->username'";
    $result mysql_query($q$this->connection);
    }
    if(!
    result || (mysql_numrows($result) < 1)) {
    echo 
    "wrong username or password";
    }
    elseif (
    $row['password'] == $pass) {
    session_regenerate_id();
    $_SESSION['username'] = $user;
    $_SESSION['userlevel'] = $row['user_level'];
    header('location: main.html');
    }
    else {
    echo 
    "wrong username or password";
    }}
    ?>

    When I try to submit a username and password that complies with the user function that checks if appropriate characters were entered the session fiel doesnt do anything. But if I enter a username or password that doesnt comply with the user functions (if an innappropriate character is entered) the script works right away and outputs 'wrong username or password'
    Last edited by stevenmw; 05-29-2011 at 10:44 PM.

  • #8
    Regular Coder stevenmw's Avatar
    Join Date
    Jun 2007
    Location
    OK
    Posts
    497
    Thanks
    27
    Thanked 31 Times in 31 Posts
    I've narrowed it down. It has to be in the $_POST portion of the code. If the pass_valid and user_valid work when they return false then somethings wrong with the code when these objects return true.

    But I'm having trouble figuring out where.

  • #9
    Regular Coder
    Join Date
    Apr 2005
    Location
    Ohio
    Posts
    254
    Thanks
    1
    Thanked 63 Times in 63 Posts
    Pls use proper indentation.

    Code:
    if(!result || (mysql_numrows($result) < 1)) {
    echo "wrong username or password";
    }
    !$result


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •