Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    New Coder
    Join Date
    Sep 2011
    Location
    England
    Posts
    39
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Question Login system problem.

    I have created a registration system (works perfectly) and I am now having trouble with the login system. The login system is echoing back a response, but failing to redirect or hold the session. Can anyone point out where I'm going wrong please?


    This is my include file:
    PHP Code:
    <?php

    session_start
    ();

    function 
    protect($string){
        
    $string mysql_real_escape_string($string);
        
    $string strip_tags($string);
        
    $string addslashes($string);
        
        return 
    $string;
    }

    function 
    connect(){
        
    $con mysql_connect("localhost""removed""removed") or die(mysql_error());
        
    $db mysql_select_db("removed"$con);
    }

    ?>
    This is my login page (just the PHP parts):
    PHP Code:
    <?php
    include ('./functions.php');
    ?>

    <?php

    //form code normally goes here.

    echo $form;

    connect();

    if(
    $_POST['submit']){
    $username protect($_POST['username']);
    $password protect($_POST['password']);

    $result mysql_query("SELECT * FROM Users WHERE username='".$username."' AND password='".md5($password)."'");

    $validate mysql_num_rows($result);

    if(
    $validate==1){
    $_SESSION['username'] = ($username);
    $_SESSION['password'] = md5($password);
    echo 
    "You have successfully logged in.";
    header('location:./members.php');
    }
    else{
        echo 
    "Invalid username or password.";
    }
    }

    ?>
    This is my members page (just the PHP parts):
    PHP Code:
    <?php
    include ('./functions.php');

    if(!isset(
    $username)){
    header("location:./login.php");
    }

    ?>
    I would greatly appreciate any help that you can give me.
    Last edited by Dom Mv; 11-19-2011 at 11:47 PM.

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Your login page is attempting to assign values to $_SESSION variables but you've not called session_start() at the top of the script.

    Put in session_start().

    session_start() doesn't just start a session, it also resumes an existing session. By start/resume I mean the function will open a session file that contains the serialised session data on the disk. Not calling the function means that php won't read or write to that file.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #3
    Regular Coder
    Join Date
    Jul 2010
    Location
    Oregon City
    Posts
    280
    Thanks
    5
    Thanked 50 Times in 49 Posts
    you can't echo something and then have the page redirect.. it's either one or the other

  • #4
    New Coder
    Join Date
    Sep 2011
    Location
    England
    Posts
    39
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by tangoforce View Post
    Your login page is attempting to assign values to $_SESSION variables but you've not called session_start() at the top of the script.

    Put in session_start().

    session_start() doesn't just start a session, it also resumes an existing session. By start/resume I mean the function will open a session file that contains the serialised session data on the disk. Not calling the function means that php won't read or write to that file.
    Thanks for the response, unfortunately I still have a problem.
    I had included session_start(); in my include file, but as you advised, also tried it at the top of the script. I currently get this response when I log in:

    "You have successfully logged in." But nothing else happens, and I can't access the members.php page. :/

    Quote Originally Posted by Adee View Post
    you can't echo something and then have the page redirect.. it's either one or the other
    I originally had redirect only, the echo is there for test purposes at the moment. I just removed it and tested it again, still no joy.
    Last edited by Dom Mv; 11-19-2011 at 09:34 PM.

  • #5
    Regular Coder
    Join Date
    Jul 2010
    Location
    Oregon City
    Posts
    280
    Thanks
    5
    Thanked 50 Times in 49 Posts
    You need to change if (!isset($username)) to if (!isset($_SESSION['username'])) ..

  • Users who have thanked Adee for this post:

    Dom Mv (11-19-2011)

  • #6
    New Coder
    Join Date
    Sep 2011
    Location
    England
    Posts
    39
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Adee View Post
    You need to change if (!isset($username)) to if (!isset($_SESSION['username'])) ..
    That's done the trick, thanks!

    Only one small problem left - it's not redirecting on login, but it is granting access to the member only pages. Reckon it's a problem with the form?

    PHP Code:
    $form "
    <form action='./login.php' method='post'>
    <table>    
    <tr>
    <td>Username:</td>
    <td><input type='text' name='username' value='' /></td>
    </tr>
    <tr>
    <td>Password:</td>
    <td><input type='password' name='password' value='' /></td>
    </tr>
    <tr>
    <td></td>
    <td colspan='2' rowspan='2'><input type='submit' name='submit' value='Log in'</td>
    </tr>
    </table>
    </form>
        "
    ;

    echo 
    $form

  • #7
    Regular Coder
    Join Date
    Jul 2010
    Location
    Oregon City
    Posts
    280
    Thanks
    5
    Thanked 50 Times in 49 Posts
    at the top is the 'login page' the same as login.php? if so.. try changing the form ACTION to just '' (two single quotes) so <form action = '' .. >


    also, what does it do once you've logged in? do you still have the 'echo' part or just the header('location.. part?

  • #8
    New Coder
    Join Date
    Sep 2011
    Location
    England
    Posts
    39
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Adee View Post
    at the top is the 'login page' the same as login.php? if so.. try changing the form ACTION to just '' (two single quotes) so <form action = '' .. >


    also, what does it do once you've logged in? do you still have the 'echo' part or just the header('location.. part?
    Yes, 'login page' is the same as 'login.php'. I have removed the action as you said, but the problem still occurs.

    I have removed the echo, here is the entire code:

    File includes:
    PHP Code:
    <?php
    include ('./functions.php');
    ?>
    Login page:
    PHP Code:
    <?php

    session_start
    ();

    $form "
    <form action='' method='post'>
    <table>    
    <tr>
    <td>Username:</td>
    <td><input type='text' name='username' value='' /></td>
    </tr>
    <tr>
    <td>Password:</td>
    <td><input type='password' name='password' value='' /></td>
    </tr>
    <tr>
    <td></td>
    <td colspan='2' rowspan='2'><input type='submit' name='submit' value='Log in'</td>
    </tr>
    </table>
    </form>
        "
    ;

    if(!isset(
    $_SESSION['logged_in'])){
    echo 
    "<span>Not already a member? <a href='./register.php'>Click here</a> to register.</span>";
    echo 
    $form;

    connect();

    if(
    $_POST['submit']){
    $username protect($_POST['username']);
    $password protect($_POST['password']);

    $result mysql_query("SELECT * FROM Users WHERE username='".$username."' AND password='".md5($password)."'");

    $validate mysql_num_rows($result);

    if(
    $validate==1){
    session_start();
    $_SESSION['logged_in'] = "user_logged_in";
    header('location:./members.php');
    }
    else{
        echo 
    "Invalid username or password.";
    }
    }
    }
    else{
    echo 
    "You are already logged in. <a href='./logout.php'>Click here</a> to log out.";
    }

    ?>
    When I login, it clears the form but starts the session. I can then navigate to the members only areas, it's just failing to redirect on login. I could fix it by echoing "You have logged in, click here to continue", but I would really love for it to auto-redirect.

    Thanks for your patience and help so far.

  • #9
    Regular Coder
    Join Date
    Jul 2010
    Location
    Oregon City
    Posts
    280
    Thanks
    5
    Thanked 50 Times in 49 Posts
    try redirecting to google.com also, you have two session_start() and i think you only need one. remove the one in the if validate conditional..

  • #10
    New Coder
    Join Date
    Sep 2011
    Location
    England
    Posts
    39
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Adee View Post
    try redirecting to google.com also, you have two session_start() and i think you only need one. remove the one in the if validate conditional..
    Done, but it's still not working.

    Such a small thing, yet impossible to solve!

    PHP Code:
    if($validate==1){
    $_SESSION['logged_in'] = "user_logged_in";
    header('location: www.google.com');

    Might have to leave it and just echo a redirect link.

  • #11
    Regular Coder
    Join Date
    Jul 2010
    Location
    Oregon City
    Posts
    280
    Thanks
    5
    Thanked 50 Times in 49 Posts
    U must have error turned off. Cause when you're echoing out the form, header() function isn't going to work since you're outputting stuff to the page. It would be easier to have the form be on one page, and then have the processing stuff on a second page. The user won't see the second page, but they will be redirected to the members area if their login credentials are valid.

  • #12
    New Coder
    Join Date
    Sep 2011
    Location
    England
    Posts
    39
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Thanks for your help, I've decided to fix it with Javascript (should've probably done that in the first place).

    PHP Code:
    if($validate==1){
    $_SESSION['logged_in'] = "user_logged_in";
    echo 
    "<script>window.location.href='" './members.php' "'</script>";
    }
    else{
        echo 
    "Invalid username or password.";

    Does the job, unless they have Javascript disabled.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •