View Full Version : login not working :S

05-09-2008, 03:34 PM
i have been imroving my login system but it does not seem to work... all it does is refresh my page..


<?php <link rel="stylesheet" type="text/css" href="css/login.css">

<table width="150" border="1" cellpadding="3" cellspacing="0" bordercolor="#000000">
<td width="200" bordercolor="99b3b4" bgcolor="99b3b4"><span class="style5">
<td bordercolor="99b3b4" bgcolor="#FFFFFF" ><form action="<?=$_SERVER['PHP_SELF']?>" method="post">

<input type="hidden" name="_submit_check" value="1"/>
<div style="margin-top:12px; margin-bottom:10px">
<span class="style4"><em>Username: </em></span>
<input class="input" type="text" name="username" id="username" size="25" maxlength="30" value="" />
<div style="margin-top:12px; margin-bottom:10px">
<span class="style4"><em>Password:</em></span>
<input class="input" type="password" name="password" id="password" size="25" maxlength="30" />
<center><?php if ( ALLOW_REMEMBER_ME ):?>

<input type="checkbox" name="remember" id="remember" />
<label for="remember">Remember me</label>

<?php endif;?></center>
<table width="150" align="center">
<td width="97" align="center" valign="middle"><div align="center">
<input name="Login" type="image" class="submit-btn" title="submit" value="Login" src="images/btn.gif" alt="submit" align="middle" />
<td width="41" align="center" valign="middle">&nbsp;</td>
<span class="style8"><a href="http://www.runningprofiles.com/register.php" onclick="NewWindow(this.href,'register','240','500','no','center');return false" onfocus="this.blur()" class="style6">
Register</a> / <a href="forgot_password.php" onclick="NewWindow(this.href,'forgot_password','270','250','no','center');return false" onfocus="this.blur()" class="style6">Lost Password </a></span>

</center> <center>
<div style="margin-top:12px; margin-bottom:10px" id="log">
<?php if ( isset( $error ) ) { echo ' <p class="error">' . $error . '</p>' . "\n";}?>
</div> </center>

<!-- here is the function for the popup window dont delete jarratt -->

var win=null;
function NewWindow(mypage,myname,w,h,scroll,pos){
else if((pos!="center" && pos!="random" && pos!="default") || pos==null){LeftPosition=0;TopPosition=20}
settings='width='+w+',height='+h+',top='+TopPosition+',left='+LeftPosition+',scrollbars='+scroll+',l ocation=no,directories=no,status=no,menubar=no,toolbar=no,resizable=no';
function CloseNewWin(){if(win!=null && win.open)win.close()}

then loginfunction.php

if(isset($_GET['login'])) {
//removes sql injections from the data
$username= htmlspecialchars(addslashes($_POST[username]));
//encrypts the password
$password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST[password]))))))));
//gets the username data from the members database
$uinfo = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
//see if the user exists
$checkuser = mysql_num_rows($uinfo);
//if user name not found in database error
if($checkuser == '0')
echo "Username not found";
//fetch the sql
$udata = mysql_fetch_array($uinfo);
//checks see if the account is verified
if($udata[userlevel] == 1) {
echo "This account had not been verified.";
//if it is continue
//if the db password and the logged in password are the same login
if($udata[password] == $password) {
$query = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
//fetchs the sql
$user = mysql_fetch_array($query);
//sets the logged session
$_SESSION['id'] = "$user[id]";
$_SESSION['password'] = "$user[password]";

echo "You are now logged in, Please wait. . .";
//redirects them
echo "<meta http-equiv='Refresh' content='2; URL=/members/index.php'/>";
//wrong password
echo "Incorrect username or password!";
echo "<center>";

i will also add register.php so you can see how the data is beeing put into the table :)


session_start(); //allows session
include "config.php";
echo "<center>";
//checks if there trying to veriy there account
if(isset($_GET['verify'])) {
//gets the code and makes it safe
$code = addslashes($_GET['code']);
//gets the code from the database
$getcode=mysql_query("SELECT * FROM `verification` WHERE `code` = '$code'");
//counts the number of rows
$getcode = mysql_num_rows($getcode);
//if the ammount of rows is 0 the code does not exist
if($getcode == 0) {
echo "Invalid verification code!";
//or if the code does exist we will activiate there account
//get the data from the database
$getcode=mysql_query("SELECT * FROM `verification` WHERE `code` = '$code'");
//fetchs the data from the db
$dat = mysql_fetch_array($getcode);
//sets the users user level to 2 which means they can now use there account
$update = mysql_query("UPDATE `members` SET `userlevel` = '2' WHERE `username` = '".$dat['username']."'") or die(mysql_error());
//deletes the code as there is no use of it now
$delete = mysql_query("DELETE FROM `verification` WHERE code = '$code'");
//says thanks and your account is ready for use
echo "Thank you, Your account has been verified.";
//if we have posted the register for we will register this user
if(isset($_GET['register'])) {
//check to see if any fields were left blank
if((!$_POST[username]) || (!$_POST[password]) || (!$_POST[cpassword]) || (!$_POST[email])) {
echo "A field was left blank please go back and try again.";
//posts all the data from the register form
$username = $_POST[username];
$password = $_POST[password];
$cpassword = $_POST[cpassword];
$email = $_POST[email];
//check see if the 2 passwords are the same
if($password == $cpassword)
//encrypts the password 8 times
$password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($password))))))));
$cname = mysql_query("SELECT `username` FROM `members` WHERE `username` = '$username'");
$cname= mysql_num_rows($cname);
//checks to see if the username or email allready exist
if($cname>=1) {
echo "The username is already in use";
//gets rid of bad stuff from there username and email
$username = addslashes(htmlspecialchars($username));
$email = addslashes(htmlspecialchars($email));

if($semail == "1") { // $email set as 1 means email activation is active
//adds them to the db
$adduser = mysql_query("INSERT INTO `members` (`username`, `password`, `email`) VALUES('$username','$password','$email')");
//posible letters for the verification code
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
//shuffles the letters around to create a 16 long code
$code = substr(str_shuffle($alphanum), 0, 16);
//adds there code along with there user name to the db
$addcode = mysql_query("INSERT INTO `verification` (`username`, `code`) VALUES('$username','$code')");
//don't edit this, this is the link for there activication
$link = "http://$host$self?verify&code=$code";
//sends the email to the person
mail("$email", "Member-Ship Validation", "Thank you for registering on $sitename.
Please copy the below link into you address bar,

$link", "From: Site Verification");
//message sent now lets tell them to check there email
echo "You are now registered,<br><br>Please check your email to activate your account.";
}else{ //no need for email activation
$adduser = mysql_query("INSERT INTO `members` (`username`, `password`, `email`, `userlevel`) VALUES('$username','$password','$email','2')");
echo "You are now registered,<br><br>You can now loggin to your account";
echo "Your password and conformation password do not match!";
//none of the above so lets show the register form
echo "<form action='register.php?register' method='post'>
<table width='350'>
<td width='150'>Username:</td>
<td width='200'><input type='text' name='username' size='30' maxlength='25'></td>
<td><input type='password' name='password' size='30' maxlength='25'></td>
<td>Confirm Password:</td>
<td><input type='password' name='cpassword' size='30' maxlength='25'></td>
<td><input type='text' name='email' size='30' maxlength='55'></td>
<td colspan='2'><center><input type='submit' value='Register'></center></td>
echo "<center>";

05-09-2008, 03:57 PM
Well, just looking at it real quick, I hope that your login.php page has an include or require that adds your loginfunction.php.

Once you have that added, you'll need to change:

if(isset($_GET['login'])) {

if(isset($_POST['_submit_check'])) {
There are two things I changed and we'll start with the most important.

$_GET was changed to $_POST as your login form is using method="post" (login forms definitely should not use method="get", so you had that right)
login was changed to _submit_check because if someone hits Enter rather than clicking the submit button, nothing happens since the submit button called Login was never used. Using a hidden input with a value is the best way to check whether your form has been submitted. The funny thing is that you have this input in your form, but you just weren't using it.


05-09-2008, 04:10 PM
wahooo ty that works a treat :)

and ty very much for the very easy to follow explanation!

05-09-2008, 06:09 PM
Wow.. This is a pretty nice login script. Would you be willing to share the rest of it for other to try and use elsewhere? I really like that you created something that will email the user a verification code, etc.

05-09-2008, 06:39 PM
haha i will do...just let me work out sum "kinks" in the system lol like error messages and stuff