PHP RSS PHP RSS

Login problem, need fresh set of eyes.

Thread Solved
Reply

Join Date: Oct 2007
Posts: 30
Reputation: mortalex is an unknown quantity at this point 
Solved Threads: 0
mortalex mortalex is offline Offline
Light Poster

Login problem, need fresh set of eyes.

 
0
  #1
May 5th, 2008
Hey guys, i've got a right headache from this piece of code at the moment, it's a simle login script and it just sin't working, the MySQL query looks correct to me and all the other stuff looks ok, but then again i'm no PHP expert.

Could someone look at it for me please?
PHP Syntax (Toggle Plain Text) 
  1. <?
  2. include ('./includes/header.php');
  3. // Check if the form has been submitted.
  4. if (isset($_POST['submitted'])) {
  5. require_once('../sqlconnect/connect.php');
  6.  
  7. $errors = array(); // Initialize error array.
  8. // Check for an email address.
  9. if (empty($_POST['email'])) {
  10. $errors[] = 'You forgot to enter your email address.';
  11. } else {
  12. $em = trim($_POST['email']);
  13. }
  14. // Check for a password.
  15. if (empty($_POST['pass'])) {
  16. $errors[] = 'You forgot to enter your password.';
  17. } else {
  18. $pw = trim($_POST['pass']);
  19. }
  20. if (empty($errors)) { // If everything's OK.
  21.  
  22. $query = "SELECT * FROM members WHERE email = '$em' AND password = SHA('$pw')";
  23.  
  24. $result = @mysql_query($query);
  25. // Run the query.
  26. $row = mysql_fetch_array ($result, MYSQL_NUM);
  27.  
  28. // Return a record, if applicable.
  29. if ($row){ // A record was pulled from the database.
  30.  
  31. //set session
  32. session_name('visit');
  33. session_start();
  34. $_SESSION ['id'] = $row[0];
  35. $_SESSION ['name'] = $row[1];
  36. $_SESSION ['email'] = $row[3];
  37. $_SESSION ['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
  38.  
  39. // Redirect the user to the loggedin.php page.
  40. // Start defining the URL.
  41. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
  42. // Check for a trailing slash.
  43. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
  44. $url = substr ($url, 0, -1); // Chop off the slash.
  45. }
  46. // Add the page.
  47. $url .= '/loggedin.php?' . $_SESSION['agent'];
  48.  
  49. header("Location: $url");
  50. exit();
  51. // Quit the script.
  52. } else { // No record matched the query.
  53. $errors[] = 'The email address and password entered do not match those on file.'; // Public message.
  54. $errors[] = mysql_error() . '<br />Query: ' . $query; // Debugging message.
  55. }
  56.  
  57. } // End of if (empty($errors)) IF.
  58.  
  59. mysql_close(); // Close the database connection.
  60.  
  61. } else { // Form has not been submitted.
  62.  
  63. $errors = NULL;
  64.  
  65. } // End of the main Submit conditional.
  66.  
  67. //print errors
  68. if (!empty($errors)){
  69.  
  70. echo '<h1 id = mainhead>Error!</h1>
  71. <p class = error >Following occured:<br/>';
  72.  
  73. foreach ($errors as $msg){
  74. echo " - $msg<br/>\n";
  75. }
  76. echo '<p>Please try again <a href = login.php>Reset</a>';
  77. }
  78. ?>

Cheers
Reply With Quote Quick reply to this message  
Join Date: Nov 2006
Posts: 187
Reputation: phper is an unknown quantity at this point 
Solved Threads: 15
phper's Avatar
phper phper is offline Offline
Junior Poster

Re: Login problem, need fresh set of eyes.

 
0
  #2
May 5th, 2008
Can you let us know what the problem it is your having??
If my post is useful please add to my reputation.
Thanks.

Ajtrichards Web Solutions | http://www.ajtrichards.co.uk
Retenovate | http://www.retenovate.com
Reply With Quote Quick reply to this message  
Join Date: Oct 2007
Posts: 30
Reputation: mortalex is an unknown quantity at this point 
Solved Threads: 0
mortalex mortalex is offline Offline
Light Poster

Re: Login problem, need fresh set of eyes.

 
0
  #3
May 5th, 2008
Oh yea oops, man i feel stupid....

Well, it just doesn't log in, it just comes up with the error "The email address and password entered do not match those on file.". I'm not sure what the real error is though, how do i find out?
This:
PHP Syntax (Toggle Plain Text) 
  1. $errors[] = mysql_error() . '<br />Query: ' . $query; // Debugging
Is just coming up with what my query was, which seems to me to be correct. How do you find out the exact error?

Cheers
Reply With Quote Quick reply to this message  
Join Date: Jan 2008
Posts: 136
Reputation: robothy is an unknown quantity at this point 
Solved Threads: 19
robothy robothy is offline Offline
Junior Poster

Re: Login problem, need fresh set of eyes.

 
0
  #4
May 5th, 2008
Hi,

Whilst developing a new script, I always find it helpful to have PHP error messages turned on. The setting for this can be found in the php.ini file on your server/computer.

Also, it might be worth printing to the screen your SQL query before you execute it and then to die the script.
echo $query;
die;

This will allow you to check the query is correct. And also, you can run it on the MySQL command line or in phpMyAdmin, etc to see if it does actually find a result.

Another obvious one to check, but I made this error before and it took me a while to figure it. Make sure you're hashing the password stored in the database. Once I had a plain text password stored and I was hashing the password for use in the SQL query and I was wondering why it wasn't working - duh!

Best,
R.
Reply With Quote Quick reply to this message  
Join Date: Jan 2008
Posts: 136
Reputation: robothy is an unknown quantity at this point 
Solved Threads: 19
robothy robothy is offline Offline
Junior Poster

Re: Login problem, need fresh set of eyes.

 
0
  #5
May 5th, 2008
Another quick thing... for debugging purposes, try removing the @ in front of the mysql_query function, as this surpresses error messages.

R.
Reply With Quote Quick reply to this message  
Join Date: Oct 2007
Posts: 30
Reputation: mortalex is an unknown quantity at this point 
Solved Threads: 0
mortalex mortalex is offline Offline
Light Poster

Re: Login problem, need fresh set of eyes.

 
0
  #6
May 6th, 2008
Originally Posted by robothy View Post
Whilst developing a new script, I always find it helpful to have PHP error messages turned on. The setting for this can be found in the php.ini file on your server/computer.
I'm doing this for a school project at the moment, so its on their server, not my computer and of course, it being a school and all; their a bit anal about accessing configuration files, so i can't access the php.ini file.

I tried doing the or mysql_die() thing, but of course it says that there is no die function available.

Any other ideas?
Reply With Quote Quick reply to this message  
Join Date: Jan 2008
Posts: 136
Reputation: robothy is an unknown quantity at this point 
Solved Threads: 19
robothy robothy is offline Offline
Junior Poster

Re: Login problem, need fresh set of eyes.

 
0
  #7
May 6th, 2008
Hi,

To use PHP errors, you can also call this function: 
ini_set("display_errors", 1);
ini_set('error_reporting',E_ALL);

And the 'die' command is literally just die; . Don't add the mysql_die beforehand.

So, if you add this to the top of your php file:
ini_set("display_errors", 1);
ini_set('error_reporting',E_ALL);

and after you've constructed your mysql query and before you execute it, call:
echo $query;
die;

Then if you can post the output and try running the query in phpMyAdmin or on the MySQL command line.

R
Reply With Quote Quick reply to this message  
Join Date: Oct 2007
Posts: 30
Reputation: mortalex is an unknown quantity at this point 
Solved Threads: 0
mortalex mortalex is offline Offline
Light Poster

Re: Login problem, need fresh set of eyes.

 
0
  #8
May 6th, 2008
The MySQL query is not working, it seems like it would work though;

SQL Syntax (Toggle Plain Text) 
  1. SELECT * FROM members WHERE email = 'test@test.com' AND password = SHA('test')

But it is not getting anything, it it because i've encrypted it into the SHA thing, and it can't search for that, its just that loads of people in my computing class at school, have got it working, with this same code.

It looks like it's running the query, because the

PHP Syntax (Toggle Plain Text) 
  1. echo $query;
  2. or die;

Is just displaying the actual query
Reply With Quote Quick reply to this message  
Join Date: Oct 2007
Posts: 30
Reputation: mortalex is an unknown quantity at this point 
Solved Threads: 0
mortalex mortalex is offline Offline
Light Poster

Re: Login problem, need fresh set of eyes.

 
0
  #9
May 6th, 2008
Ah i figured it out!

Pretty simple when i look at it, there was nothing wrng with my code, the size of the password field in the database was too small.

Obviously the SHA() function creates the encryption up to more than 20 characters long, and i had set my MySQL database to save only 20 of those characters... haha oops.

So when you came back to SELECT * FROM members WHERE password = SHA('test'), that was trying to find a password field with over 20 characters long, and none existed.

Anyway, there was nothing wrong with my code, just the actual database.

Cheers for all your help people.
Reply With Quote Quick reply to this message  
Join Date: Jan 2008
Posts: 136
Reputation: robothy is an unknown quantity at this point 
Solved Threads: 19
robothy robothy is offline Offline
Junior Poster

Re: Login problem, need fresh set of eyes.

 
0
  #10
May 6th, 2008
SHA encryption requires a varchar(40) field in your database, if you hadn't found that out already.

Well done.
R
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread has been marked solved.
Perhaps start a new thread instead?
Message:



Other Threads in the PHP Forum
Thread Tools Search this Thread



apache api array basic beginner broken cache cakephp class cms code computing confirm countingeverycharactersfromastring cron curl customizableitems database date delete dynamic echo email error fcc file filter folder form forms forum freelancing function functions gc_maxlifetime google header headmethod howtowriteathesis href htaccess html iframe image include incode ip javascript joomla limit link login malfunction match memmory memory menu method mod_rewrite multiple mysql navigation neutrality oop pagerank parsing paypal pdf php phpmysql query question random recursiveloop root script search select server sessions sms snippet soap source space sql support! system table template thesishelp trouble tutorial upload url variable video web window.onbeforeunload=closeme; youtube
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC