943,879 Members | Top Members by Rank

Web Development > PHP > Login problem, need fresh set of eyes.
Ad:
  • PHP Discussion Thread
  • Marked Solved
  • Views: 945
  • PHP RSS
Permalink
May 5th, 2008
0

Login problem, need fresh set of eyes.

Expand Post »
Hey guys, i've got a right headache from this piece of code at the moment, it's a simle login script and it just sin't working, the MySQL query looks correct to me and all the other stuff looks ok, but then again i'm no PHP expert.

Could someone look at it for me please?
PHP Syntax (Toggle Plain Text)
  1. <?
  2. include ('./includes/header.php');
  3. // Check if the form has been submitted.
  4. if (isset($_POST['submitted'])) {
  5. require_once('../sqlconnect/connect.php');
  6.  
  7. $errors = array(); // Initialize error array.
  8. // Check for an email address.
  9. if (empty($_POST['email'])) {
  10. $errors[] = 'You forgot to enter your email address.';
  11. } else {
  12. $em = trim($_POST['email']);
  13. }
  14. // Check for a password.
  15. if (empty($_POST['pass'])) {
  16. $errors[] = 'You forgot to enter your password.';
  17. } else {
  18. $pw = trim($_POST['pass']);
  19. }
  20. if (empty($errors)) { // If everything's OK.
  21.  
  22. $query = "SELECT * FROM members WHERE email = '$em' AND password = SHA('$pw')";
  23.  
  24. $result = @mysql_query($query);
  25. // Run the query.
  26. $row = mysql_fetch_array ($result, MYSQL_NUM);
  27.  
  28. // Return a record, if applicable.
  29. if ($row){ // A record was pulled from the database.
  30.  
  31. //set session
  32. session_name('visit');
  33. session_start();
  34. $_SESSION ['id'] = $row[0];
  35. $_SESSION ['name'] = $row[1];
  36. $_SESSION ['email'] = $row[3];
  37. $_SESSION ['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
  38.  
  39. // Redirect the user to the loggedin.php page.
  40. // Start defining the URL.
  41. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
  42. // Check for a trailing slash.
  43. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
  44. $url = substr ($url, 0, -1); // Chop off the slash.
  45. }
  46. // Add the page.
  47. $url .= '/loggedin.php?' . $_SESSION['agent'];
  48.  
  49. header("Location: $url");
  50. exit();
  51. // Quit the script.
  52. } else { // No record matched the query.
  53. $errors[] = 'The email address and password entered do not match those on file.'; // Public message.
  54. $errors[] = mysql_error() . '<br />Query: ' . $query; // Debugging message.
  55. }
  56.  
  57. } // End of if (empty($errors)) IF.
  58.  
  59. mysql_close(); // Close the database connection.
  60.  
  61. } else { // Form has not been submitted.
  62.  
  63. $errors = NULL;
  64.  
  65. } // End of the main Submit conditional.
  66.  
  67. //print errors
  68. if (!empty($errors)){
  69.  
  70. echo '<h1 id = mainhead>Error!</h1>
  71. <p class = error >Following occured:<br/>';
  72.  
  73. foreach ($errors as $msg){
  74. echo " - $msg<br/>\n";
  75. }
  76. echo '<p>Please try again <a href = login.php>Reset</a>';
  77. }
  78. ?>

Cheers
Reputation Points: 10
Solved Threads: 0
Light Poster
mortalex is offline Offline
30 posts
since Oct 2007
Permalink
May 5th, 2008
0

Re: Login problem, need fresh set of eyes.

Can you let us know what the problem it is your having??
Reputation Points: 15
Solved Threads: 17
Junior Poster
phper is offline Offline
189 posts
since Nov 2006
Permalink
May 5th, 2008
0

Re: Login problem, need fresh set of eyes.

Oh yea oops, man i feel stupid....

Well, it just doesn't log in, it just comes up with the error "The email address and password entered do not match those on file.". I'm not sure what the real error is though, how do i find out?
This:
PHP Syntax (Toggle Plain Text)
  1. $errors[] = mysql_error() . '<br />Query: ' . $query; // Debugging
Is just coming up with what my query was, which seems to me to be correct. How do you find out the exact error?

Cheers
Reputation Points: 10
Solved Threads: 0
Light Poster
mortalex is offline Offline
30 posts
since Oct 2007
Permalink
May 5th, 2008
0

Re: Login problem, need fresh set of eyes.

Hi,

Whilst developing a new script, I always find it helpful to have PHP error messages turned on. The setting for this can be found in the php.ini file on your server/computer.

Also, it might be worth printing to the screen your SQL query before you execute it and then to die the script.
echo $query;
die;

This will allow you to check the query is correct. And also, you can run it on the MySQL command line or in phpMyAdmin, etc to see if it does actually find a result.

Another obvious one to check, but I made this error before and it took me a while to figure it. Make sure you're hashing the password stored in the database. Once I had a plain text password stored and I was hashing the password for use in the SQL query and I was wondering why it wasn't working - duh!

Best,
R.
Reputation Points: 101
Solved Threads: 74
Posting Pro in Training
blocblue is offline Offline
429 posts
since Jan 2008
Permalink
May 5th, 2008
0

Re: Login problem, need fresh set of eyes.

Another quick thing... for debugging purposes, try removing the @ in front of the mysql_query function, as this surpresses error messages.

R.
Reputation Points: 101
Solved Threads: 74
Posting Pro in Training
blocblue is offline Offline
429 posts
since Jan 2008
Permalink
May 6th, 2008
0

Re: Login problem, need fresh set of eyes.

Click to Expand / Collapse  Quote originally posted by robothy ...
Whilst developing a new script, I always find it helpful to have PHP error messages turned on. The setting for this can be found in the php.ini file on your server/computer.
I'm doing this for a school project at the moment, so its on their server, not my computer and of course, it being a school and all; their a bit anal about accessing configuration files, so i can't access the php.ini file.

I tried doing the or mysql_die() thing, but of course it says that there is no die function available.

Any other ideas?
Reputation Points: 10
Solved Threads: 0
Light Poster
mortalex is offline Offline
30 posts
since Oct 2007
Permalink
May 6th, 2008
0

Re: Login problem, need fresh set of eyes.

Hi,

To use PHP errors, you can also call this function: 
ini_set("display_errors", 1);
ini_set('error_reporting',E_ALL);

And the 'die' command is literally just die; . Don't add the mysql_die beforehand.

So, if you add this to the top of your php file:
ini_set("display_errors", 1);
ini_set('error_reporting',E_ALL);

and after you've constructed your mysql query and before you execute it, call:
echo $query;
die;

Then if you can post the output and try running the query in phpMyAdmin or on the MySQL command line.

R
Reputation Points: 101
Solved Threads: 74
Posting Pro in Training
blocblue is offline Offline
429 posts
since Jan 2008
Permalink
May 6th, 2008
0

Re: Login problem, need fresh set of eyes.

The MySQL query is not working, it seems like it would work though;

SQL Syntax (Toggle Plain Text)
  1. SELECT * FROM members WHERE email = 'test@test.com' AND password = SHA('test')

But it is not getting anything, it it because i've encrypted it into the SHA thing, and it can't search for that, its just that loads of people in my computing class at school, have got it working, with this same code.

It looks like it's running the query, because the

PHP Syntax (Toggle Plain Text)
  1. echo $query;
  2. or die;

Is just displaying the actual query
Reputation Points: 10
Solved Threads: 0
Light Poster
mortalex is offline Offline
30 posts
since Oct 2007
Permalink
May 6th, 2008
0

Re: Login problem, need fresh set of eyes.

Ah i figured it out!

Pretty simple when i look at it, there was nothing wrng with my code, the size of the password field in the database was too small.

Obviously the SHA() function creates the encryption up to more than 20 characters long, and i had set my MySQL database to save only 20 of those characters... haha oops.

So when you came back to SELECT * FROM members WHERE password = SHA('test'), that was trying to find a password field with over 20 characters long, and none existed.

Anyway, there was nothing wrong with my code, just the actual database.

Cheers for all your help people.
Reputation Points: 10
Solved Threads: 0
Light Poster
mortalex is offline Offline
30 posts
since Oct 2007
Permalink
May 6th, 2008
0

Re: Login problem, need fresh set of eyes.

SHA encryption requires a varchar(40) field in your database, if you hadn't found that out already.

Well done.
R
Reputation Points: 101
Solved Threads: 74
Posting Pro in Training
blocblue is offline Offline
429 posts
since Jan 2008

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in PHP Forum Timeline: Writing to a file
Next Thread in PHP Forum Timeline: php query headers





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC