Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    Regular Coder
    Join Date
    Jul 2011
    Posts
    140
    Thanks
    8
    Thanked 0 Times in 0 Posts

    I am uable to see you my code isn't succesfully logging in a user

    PHP Code:
    <?php

    include("config.php");
    session_start();

    if(
    $_SERVER["REQUEST_METHOD"] == "POST")
    {
    // username and password sent from form 

    $myusername=addslashes($_POST['username']); 
    $mypassword=addslashes($_POST['password']); 


    $sql="SELECT id FROM users WHERE username='$myusername' and password='$mypassword'";
    $result=mysql_query($sql);
    $row=mysql_fetch_array($result);
    $active=$row['active'];

    $count=mysql_num_rows($result);


    // If result matched $myusername and $mypassword, table row must be 1 row
    if($count==1)
    {

    $_SESSION['user']=$myusername;

    header("location: welcome.php");
    }
    else 
    {
    $error="Your Login Name or Password is invalid";
    }
    }
    ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Login Page</title>

    <style type="text/css">
    body
    {
    font-family:Arial, Helvetica, sans-serif;
    font-size:14px;

    }
    label
    {
    font-weight:bold;

    width:100px;
    font-size:14px;

    }
    .box
    {
    border:#666666 solid 1px;

    }
    </style>
    </head>
    <body bgcolor="#FFFFFF">



    <div align="center">
    <div style="width:300px; border: solid 1px #333333; " align="left">
    <div style="background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div>


    <div style="margin:30px">

    <form action="" method="post">
    <label>UserName  :</label><input type="text" name="username" class="box"/><br /><br />
    <label>Password  :</label><input type="password" name="password" class="box" /><br/><br />
    <input type="submit" value=" Submit "/><br />

    </form>
    <div style="font-size:11px; color:#cc0000; margin-top:10px"><?php echo $error?></div>
    </div>
    </div>

    </body>
    </html>

  • #2
    Regular Coder
    Join Date
    Jul 2011
    Posts
    140
    Thanks
    8
    Thanked 0 Times in 0 Posts
    I have a serperate file with my db info

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Is the error message displaying or is the welcome redirection happening? Location redirects typically are followed by an exit in order to prevent any further code from executing.

    This is completely backwards and insufficient:
    PHP Code:
    $myusername=addslashes($_POST['username']); 
    $mypassword=addslashes($_POST['password']); 
    You need to detect gpc settings and issue a stripslashes, and then escape with the proper dbms functions (or bind, which you should be doing since the mysql library will be disappearing soon anyway):
    PHP Code:
    if (get_magic_quotes_gpc())
    {
        
    $_POST['username'] = stripslashes($_POST['username']);
        
    $_POST['password'] = stripslashes($_POST['password']);
    }
    $myusername mysql_real_escape_string($_POST['username']);
    $mypassword mysql_real_escape_string($_POST['password']); 
    Another thing to point out is that if the user is not using cookies and the host has configured to allow without cookies and enables transparent sid, than it still won't apply to the location redirection. That has to be added manually.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #4
    Regular Coder
    Join Date
    Jul 2011
    Posts
    140
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    Is the error message displaying or is the welcome redirection happening? Location redirects typically are followed by an exit in order to prevent any further code from executing.

    This is completely backwards and insufficient:
    PHP Code:
    $myusername=addslashes($_POST['username']); 
    $mypassword=addslashes($_POST['password']); 
    You need to detect gpc settings and issue a stripslashes, and then escape with the proper dbms functions (or bind, which you should be doing since the mysql library will be disappearing soon anyway):
    PHP Code:
    if (get_magic_quotes_gpc())
    {
        
    $_POST['username'] = stripslashes($_POST['username']);
        
    $_POST['password'] = stripslashes($_POST['password']);
    }
    $myusername mysql_real_escape_string($_POST['username']);
    $mypassword mysql_real_escape_string($_POST['password']); 
    Another thing to point out is that if the user is not using cookies and the host has configured to allow without cookies and enables transparent sid, than it still won't apply to the location redirection. That has to be added manually.
    I tried that, and it didnt work either, any other suggestions?

  • #5
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    You didn't answer my question. The code I provided is simply to fix the insufficient code you had.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #6
    Regular Coder
    Join Date
    Jul 2011
    Posts
    140
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    Is the error message displaying or is the welcome redirection happening? Location redirects typically are followed by an exit in order to prevent any further code from executing.

    This is completely backwards and insufficient:
    PHP Code:
    $myusername=addslashes($_POST['username']); 
    $mypassword=addslashes($_POST['password']); 
    You need to detect gpc settings and issue a stripslashes, and then escape with the proper dbms functions (or bind, which you should be doing since the mysql library will be disappearing soon anyway):
    PHP Code:
    if (get_magic_quotes_gpc())
    {
        
    $_POST['username'] = stripslashes($_POST['username']);
        
    $_POST['password'] = stripslashes($_POST['password']);
    }
    $myusername mysql_real_escape_string($_POST['username']);
    $mypassword mysql_real_escape_string($_POST['password']); 
    Another thing to point out is that if the user is not using cookies and the host has configured to allow without cookies and enables transparent sid, than it still won't apply to the location redirection. That has to be added manually.
    get_magic_quotes_gpc() is not helping my script work. Please take away the infractions, I promise I wont cross post, I was just trying to see if anyone else knew why my script wasn't working. You've usually helped me on previous issues. i hope you can help me with this one too.

  • #7
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Quote Originally Posted by amcf1992 View Post
    get_magic_quotes_gpc() is not helping my script work. Please take away the infractions, I promise I wont cross post, I was just trying to see if anyone else knew why my script wasn't working. You've usually helped me on previous issues. i hope you can help me with this one too.
    Are you seriously just not reading the posts given to you at all?

    Quote Originally Posted by Fou-Lu View Post
    You didn't answer my question. The code I provided is simply to fix the insufficient code you had.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #8
    Regular Coder
    Join Date
    Jul 2011
    Posts
    140
    Thanks
    8
    Thanked 0 Times in 0 Posts

    Please elaborate

    Another thing to point out is that if the user is not using cookies and the host has configured to allow without cookies and enables transparent sid, than it still won't apply to the location redirection. That has to be added manually.
    How do I go about doing this?

  • #9
    Regular Coder
    Join Date
    Jul 2011
    Posts
    140
    Thanks
    8
    Thanked 0 Times in 0 Posts

    Not helping

    Yes, I know you probably know everything there is to know about PHP, but I'm a beginner and I would appreciate you explaining to me how to fix my script

  • #10
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    PHP Code:
    $sid defined('SID') ? '?'SID '';
    header("location: welcome.php$sid"); 
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #11
    Regular Coder
    Join Date
    Jul 2011
    Posts
    140
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Thanks for that, however when I test it, my form wont go to the processlogin.php

    login.php
    Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Login Page</title>
    
    <style type="text/css">
    body
    {
    font-family:Arial, Helvetica, sans-serif;
    font-size:14px;
    
    }
    label
    {
    font-weight:bold;
    
    width:100px;
    font-size:14px;
    
    }
    .box
    {
    border:#666666 solid 1px;
    
    }
    </style>
    </head>
    <body bgcolor="#FFFFFF">
    
    
    <div align="center">
    <div style="width:300px; border: solid 1px #333333; " align="left">
    <div style="background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div>
    
    
    <div style="margin:30px">
    
    <form action="processlogin.php" method="post">
    <label>UserName  :</label><input type="text" name="username" class="box"/><br /><br />
    <label>Password  :</label><input type="password" name="password" class="box" /><br/><br />
    <input type="submit" value=" Submit " name="submit"/><br />
    
    </form>
    <div style="font-size:11px; color:#cc0000; margin-top:10px"></div>
    </div>
    </div>
    </div>
    </body>
    
    </html>
    processlogin.php (with your suggestions added), let me know what you think I'm not doing correctly.
    PHP Code:
    <?php
    include('config.php'); 
    if (
    get_magic_quotes_gpc())
    {
        
    $_POST['username'] = stripslashes($_POST['username']);
        
    $_POST['password'] = stripslashes($_POST['password']);
    }
    $myusername mysql_real_escape_string($_POST['username']);
    $mypassword mysql_real_escape_string($_POST['password']);    
    $sql="SELECT * FROM users WHERE username='$myusername' and password='$mypassword'"
    $resultmysql_query($sql) or die(mysql_error()); 

      
    // If result matched $myusername and $mypassword, table row must be 1 row 
    if($row mysql_fetch_array($result)) { 
    $userid $_SESSION['id'] = $row['id'];     
    $username $_SESSION['username'] = $row['username'];   
    $sid defined('SID') ? '?'SID '';
    header("location: welcome.php$sid");  

    else{ 
    echo 
    "Wrong username or password."





    ?>
    Last edited by amcf1992; 01-23-2014 at 02:09 PM.

  • #12
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    And hence my original question.
    Where do you get to in this script code in the first place.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #13
    Regular Coder
    Join Date
    Jul 2011
    Posts
    140
    Thanks
    8
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    And hence my original question.
    Where do you get to in this script code in the first place.
    Im trying to make a login form, I don't really undertand what your asking.

  • #14
    Regular Coder
    Join Date
    Jul 2011
    Posts
    140
    Thanks
    8
    Thanked 0 Times in 0 Posts
    You may close this thread, since you don't seem to want to help me.

  • #15
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Well since you won't help me to help you, than I just won't help you.
    If someone else wants to take a stab, than that's they're prerogative.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 


  •  
    Page 1 of 2 12 LastLast

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •