My Login Script

[Feerick11]

It has been a while since I have done any coding and I am having a problem with my login script. It has worked in the past though so im unsure what to do. Here goes....

This is where the information gets put in (its already connected to the database)

PHP Code:

<form method=post action=login.php>
<tr><td width="67" with=10>User:</td><td width="145"><input type=text name=user></td>
            <td width="486" align=right with=100%>Current Game Time: <? $date = date("h:i:s A T"); print "$date"?> </td>
          </tr>
<tr><td with=10>Password:</td><td><input type=password name=pass></td>
            <td width="486" align=right with=100%>Game Version 2.5, Current Version
            </td>
          </tr>
<tr><td colspan=2 align=center><input type=submit value=Login></td>
            <td width="486" align=right with=100%> </td>
          </tr>
</form>

And then this is where it gets linked too.

PHP Code:

<?php
if (!$user || !$pass) {
    include("head.php");
    print "Please fill out all fields.";
    include("foot.php");
    exit;
}
include("head.php");
$pass = md5("$pass");
$logres = mysql_num_rows(mysql_query("select * from players where user='$user' and pass='$pass'"));
if ($logres <= 0) {
    print "Login failed. If you have not already, please signup. Otherwise, check your spelling and login again.";
    include("foot.php");
    exit;
} else {
    session_register("user");
    session_register("pass");
    print "&nbsp;<br>Welcome back. Please click <a href=updates.php>here</a> to continue..";
}
include("foot.php"); 
?>

The following errors are shown

Code:

( ! ) Notice: Undefined variable: user in C:\wamp\www\login.php on line 2
Call Stack
#	Time	Memory	Function	Location
1	0.0010	680000	{main}( )	..\login.php:0

( ! ) Deprecated: Function session_is_registered() is deprecated in C:\wamp\www\head.php on line 3
Call Stack
#	Time	Memory	Function	Location
1	0.0010	680000	{main}( )	..\login.php:0
2	0.0017	688400	include( 'C:\wamp\www\head.php' )	..\login.php:3

( ! ) Deprecated: Function session_is_registered() is deprecated in C:\wamp\www\head.php on line 3
Call Stack
#	Time	Memory	Function	Location
1	0.0010	680000	{main}( )	..\login.php:0
2	0.0017	688400	include( 'C:\wamp\www\head.php' )	..\login.php:3

And it also says "Please fill out all the fields". Any help would be greately appreciated!

[Inigoesdr]

Looks like you used to have register_globals on and PHP <5.3. The errors tell you all you need to know. The $user and $pass variables need to be changed to $_POST['user'] and $_POST['pass']. The deprecated error is because session_is_registered has been deprecated and will be removed in upcoming PHP releases. You should be using:

PHP Code:

if(isset($_SESSION['user']))
{
    // whatever
}

// instead of 

if(session_is_registered('user'))
{
    // whatever
} 


[Feerick11]

Yeah if I remember rightly it was php 4. So making this change should fix it?

[Feerick11]

Hmmm well I have fixed the problems and gained another one ha ha.

This is the login script and it seems to be working fine now

PHP Code:

<?php
include("head.php");
if (!$_POST['user'] || !$_POST['pass']) {
    include("head.php");
    print "Please fill out all fields.";
    include("foot.php");
    exit;
} else 

$user = $_POST['user'];
$pass = $_POST['pass'];
$logres = mysql_num_rows(mysql_query("select * from members where user='$user' and pass='$pass'"));
if ($logres <= 0) {
    print "Login failed. If you have not already, please signup. Otherwise, check your spelling and login again.";
    include("foot.php");
    exit;
} else {
 session_start();
$stat = mysql_fetch_array(mysql_query("select * from members where user='$user' and pass='$pass'"));
    print "&nbsp;<br>Welcome back $stat[user] . Please click <a href=updates.php>here</a> to continue..";
}
include("foot.php"); 
?>

As you can see its linking to updates which is here

PHP Code:

<?php
include"config.php";
session_start();
$stat = mysql_fetch_array(mysql_query("select * from members where user='$user' and pass='$pass'"));
print"Welcome $stat[user]";

?>

But its then saying that user is an undefined variable which means im guessing the session isnt registering properly. Any ideas where I have gone wrong. I am aware it will be a simple fix but I am incredibly out of practice and I just cant get my head round it. Thank you once again

[c1lonewolf]

if this is the exact code, you're missing an opening bracket after the first else.

[Feerick11]

Ah yes well spotted. This does not make a difference though, the error lies with carrying on the session

[Feerick11]

I am still stuck with this if anyone is able to help

[Inigoesdr]

Quote:

Originally Posted by Feerick11

I am still stuck with this if anyone is able to help

Did you replace it like I stated earlier? Post the session code that is giving you the error.

[tangoforce]

Quote:

Originally Posted by Feerick11

Hmmm well I have fixed the problems and gained another one ha ha.

More than one actually..

Quote:

Originally Posted by Feerick11

PHP Code:

<?php
include("head.php"); //Html output started
if (!$_POST['user'] || !$_POST['pass']) {
    include("head.php"); //Duplicate of above

//Skip a few lines

 session_start();

session_start() causes php and the webserver to send a cookie. Cookies are sent in the headers before the html so they can only be sent ONCE. You cannot send a cookie after html output has been sent. Therefore you can not use session_start() down here after you've already used head.php and output your html header. Put session_start() at the top of your script instead.

Quote:

Originally Posted by Feerick11

PHP Code:

<?php
include"config.php"; //Make sure there is no html or whitespace here
session_start(); //Probably best at the top
$stat = mysql_fetch_array(mysql_query("select * from members where user='$user' and pass='$pass'"));
print"Welcome $stat[user]";

?>

Again as before, where is $user defined? - It isn't. Neither is $pass. This is because you don't have register globals turned on (PHP4 feature which was a very bad idea).

To counteract this:

PHP Code:

<?php
session_start();
include"config.php";

$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);

$stat = mysql_fetch_array(mysql_query("select * from members where user='$user' and pass='$pass'"));
print"Welcome $stat[user]";
?>

[Feerick11]

Thank you I will try this when I get back. I didnt think starting the session at the top of the login page because at that point you are not actually logged in but I think I understand now.

[Feerick11]

I dont understand why im having such a problem with this. Its still saying the variables on the updates file arent being recognised. So the session isnt being started on the login file. I dont understand why im having such a problem with this. Here are what the files are now




This is login.php

PHP Code:

<?php
include("head.php");
if (!$_POST['user'] || !$_POST['pass']) {
    print "Please fill out all fields.";
    include("foot.php");
    exit;
} else {

$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']); 
$logres = mysql_num_rows(mysql_query("select * from members where user='$user' and pass='$pass'"));
if ($logres <= 0) {
    print "Login failed. If you have not already, please signup. Otherwise, check your spelling and login again.";
    include("foot.php");
    exit;
} else {
 session_start();
$stat = mysql_fetch_array(mysql_query("select * from members where user='$user' and pass='$pass'"));
    print "&nbsp;<br>Welcome back $stat[user] . Please click <a href=updates.php>here</a> to continue..";
}}
include("foot.php"); 
?>

And this is updates.php

PHP Code:

<?php
session_start();
include"config.php";
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']); 
$stat = mysql_fetch_array(mysql_query("select * from members where user='$user' and pass='$pass'"));
print"Welcome $stat[user]";

?>

The error im getting on updates.php is


( ! ) Notice: Undefined index: user in C:\wamp\www\updates.php on line 4
Call Stack
# Time Memory Function Location
1 0.0009 674216 {main}( ) ..\updates.php:0

( ! ) Notice: Undefined index: pass in C:\wamp\www\updates.php on line 5
Call Stack
# Time Memory Function Location
1 0.0009 674216 {main}( ) ..\updates.php:0



How do I make the session register properly on login.php and continue over to updates.

[tangoforce]

I've already told you how to deal with sessions using session_start().

You either go back and read my advice again or you give up. Where did I tell you to put session_start() ? - The top of your scripts. Why didn't you do it in login.php? - Why have you left it down in an else clause after starting your html output with your header? - Did you think that I was just speaking unimportant gibberish or something?

As for the undefined index messages, these two lines I gave you earlier:
$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']);

Change $_POST['user'] and $_POST['pass'] so that they match the names of the login fields in your html. That means if you have:
<input type="text" name"username"> you change $_POST['user'] to $_POST['username'] and the same for the password field.

[Feerick11]

Apologies I did make these changes in login.php I just copied the old version of the text to here. And my html is matching up with user and pass etc...

That is why I dont understand the issues I am having. Just so I am not mistaken, sessions will work on a offline server wont they?

If the html didnt match up the $stat variable wouldnt be working on login.php but it is. It just isnt carrying over to updates.php

I am not using session_register() anywhere is this the reason?

[tangoforce]

Quote:

Originally Posted by Feerick11

That is why I dont understand the issues I am having. Just so I am not mistaken, sessions will work on a offline server wont they?

That depends on what you mean exactly.

By 'offline server' do you mean you have put your browser in offline mode OR do you mean you have a locally installed WAMP system?

If you have a WAMP (Windows Apache, MySQL & PHP) system then yes sessions will work on your machine regardless of whether you are connected to the internet or not. If you have your browser in offline mode then no.

As you're unwilling to show the actual correct version of login.php there is little else we can do to assist you. You've shown an unmodified version since my last attempt to help you and then said that you have another version and posted the old version. If you have the newer version why are you not showing it? Also in your login.php there appears to be no mysql login details (unless its in head.php but then what are you doing in updates.php?)

As for the sessions, you appear to be thinking that you are trying to take the $user and $pass variables from the session. I've told you earlier that this previously worked because of register globals being turned on in PHP4 which is completely different to the use of sessions. register globals was turned off by default in php 5 so your variables will no longer work like that - thats why you must take them from the $_POST array and sanitize them using mysql_real_escape_string() at a minimum (or use any other protection you like).

As for sessions, I've not see you use the $_SESSION array anywhere in your code so I am at a loss to explain why you claim sessions are not working

[Feerick11]

Yeah sorry I am using wampserver.

Here is my login.php

PHP Code:

<?php
 session_start();
include("head.php");
if (!$_POST['user'] || !$_POST['pass']) {
    print "Please fill out all fields.";
    include("foot.php");
    exit;
} else {

$user = mysql_real_escape_string($_POST['user']);
$pass = mysql_real_escape_string($_POST['pass']); 
$logres = mysql_num_rows(mysql_query("select * from members where user='$user' and 

pass='$pass'"));
if ($logres <= 0) {
    print "Login failed. If you have not already, please signup. Otherwise, check your 

spelling and login again.";
    include("foot.php");
    exit;
} else {
$stat = mysql_fetch_array(mysql_query("select * from members where user='$user' and 

pass='$pass'"));
    print "&nbsp;<br>Welcome back $stat[user] . Please click <a 

href=updates.php>here</a> to continue..";
}}
include("foot.php"); 
?>

Th mysql connecion is within head.php and updates.php will basically be my first page within the website (once logged in). Once again, apologies for all the trouble. I just cant get my head around what im doing wrong here.