954,568 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
8 Months Ago
0

Login script not working

Hi, i am trying to create my login script for my website, however when i enter my details it does not do anything, it just goes to the same screen. I have used the same script roughly as i used for another website of mine, but i cannot figure this one out. Any advice i would greatly appreciate it.

<?php

// Start Session to enable creating the session variables below when they log in
session_start();
// Force script errors and warnings to show on page in case php.ini file is set to not display them
error_reporting(E_ALL);
ini_set('display_errors', '1');
//-----------------------------------------------------------------------------------------------------------------------------------
// Initialize some vars
$errorMsg = '';
$username = '';
$password = '';
$remember = '';
if (isset($_POST['username'])) {
	
	$username = $_POST['username'];
	$password = $_POST['password'];
	if (isset($_POST['remember'])) {
		$remember = $_POST['remember'];
	}
	$username = stripslashes($username);
	$password = stripslashes($password);
	$username = strip_tags($username);
	$password = strip_tags($password);
	
	// error handling conditional checks go here
	if ((!$username) || (!$password)) { 

		$errorMsg = 'Please fill in both fields';

	} else { // Error handling is complete so process the info if no errors
		include 'connect_to_mysql.php'; // Connect to the database
		$username = mysql_real_escape_string($username); // After we connect, we secure the string before adding to query
	    $password = mysql_real_escape_string($password); // After we connect, we secure the string before adding to query
		$password = md5($pass); // Add MD5 Hash to the password variable they supplied after filtering it
		// Make the SQL query
        $sql = mysql_query("SELECT * FROM user_info WHERE username='$username' AND password='$password' AND verified_email='1'"); 
		$login_check = mysql_num_rows($sql);
        // If login check number is greater than 0 (meaning they do exist and are activated)
		if($login_check > 0){ 
    			while($row = mysql_fetch_array($sql)){
					
					// Pleae note: Adam removed all of the session_register() functions cuz they were deprecated and
					// he made the scripts to where they operate universally the same on all modern PHP versions(PHP 4.0  thru 5.3+)
					// Create session var for their raw id
					$id = $row["id"];   
					$_SESSION['id'] = $id;
					// Create the idx session var
					$_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id");
                    // Create session var for their username
					$username = $row["username"];
					$_SESSION['username'] = $username;
					// Create session var for their password
					$userpass = $row["password"];
					$_SESSION['userpass'] = $userpass;

					mysql_query("UPDATE user_info SET last_login=now() WHERE id='$id' LIMIT 1");
        
    			} // close while
	
    			// Remember Me Section
    			if($remember == "yes"){
                    $encryptedID = base64_encode("g4enm2c0c4y3dn3727553$id");
    			    setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
			        setcookie("passCookie", $pass, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
    			} 
    			// All good they are logged in, send them to homepage then exit script
    			include_once 'profile.php?test=$id'; 
    			exit();
	
		} else { // Run this code if login_check is equal to 0 meaning they do not exist
		    $errorMsg = "Incorrect login data, please try again";
		}


    } // Close else after error checks

} //Close if (isset ($_POST['uname'])){

?>


Thanks

kaosjon
Light Poster
37 posts since Sep 2011
Reputation Points: 10
Solved Threads: 0
 
8 Months Ago
0
// All good they are logged in, send them to homepage then exit script
    			include_once 'profile.php?test=$id';


does this send them to the homepage?

diafol
Rhod Gilbert Fan (ardav)
Moderator
7,792 posts since Oct 2006
Reputation Points: 1,170
Solved Threads: 1,080
 
8 Months Ago
0

Hi, Yes their profile page is the index page for them once they have logged in

kaosjon
Light Poster
37 posts since Sep 2011
Reputation Points: 10
Solved Threads: 0
 
8 Months Ago
0

don't you need to do this:

header("Location: profile.php?test=$id");


instead?

diafol
Rhod Gilbert Fan (ardav)
Moderator
7,792 posts since Oct 2006
Reputation Points: 1,170
Solved Threads: 1,080
 
8 Months Ago
0

Hi, i tried what you said and at least now i am getting some viewable errors, here they are

Error: The user you are trying to access does not exist in our system. Press back.


I am not sure why it is saying this, would you like the code for the profile.php?

kaosjon
Light Poster
37 posts since Sep 2011
Reputation Points: 10
Solved Threads: 0
 
8 Months Ago
0

Well, I suppose if the error code comes from it, it would be a good idea, yes.

diafol
Rhod Gilbert Fan (ardav)
Moderator
7,792 posts since Oct 2006
Reputation Points: 1,170
Solved Threads: 1,080
 
8 Months Ago
0

profile.php

<?php
session_start();

$id = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$country = "";
$balance = "";
include 'connect_to_mysql.php';
if (isset($_GET['id'])) {
	 $id = preg_replace('#[^0-9]#i', '', $_GET['id']); // filter everything but numbers
} else if (isset($_SESSION['idx'])) {
	 $id = $logOptions_id;
} else {
   header("location: index.php");
   exit();
}

// ------- FILTER THE ID AND QUERY THE DATABASE --------
$id = preg_replace('#[^0-9]#i', '', $id); // filter everything but numbers on the ID just in case
$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");
$existCount = mysql_num_rows($sql);
 if ($existCount == 0) {
	 echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
     exit();
}
while($row = mysql_fetch_array($sql)){ 

	$username = $row["username"];
	$balance = $row["balance"];

}
?>
kaosjon
Light Poster
37 posts since Sep 2011
Reputation Points: 10
Solved Threads: 0
 
8 Months Ago
0

perhaps your id options are a bit extreme. You only needd to check if it's an integer. SO you could use 

if(is_int($_GET['id']))


and the rest is a bit verbose:

$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");
$existCount = mysql_num_rows($sql);
 if ($existCount == 0) {
	 echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
     exit();
}
while($row = mysql_fetch_array($sql)){ 
 
	$username = $row["username"];
	$balance = $row["balance"];
 
}


how about:

$sql = mysql_query("SELECT * FROM user_info WHERE id=$id LIMIT 1");
if(mysql_num_rows($sql) > 0){
  $row = mysql_fetch_array($sql)){ 
  $username = $row["username"];
  $balance = $row["balance"];
}else{
  echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
}
diafol
Rhod Gilbert Fan (ardav)
Moderator
7,792 posts since Oct 2006
Reputation Points: 1,170
Solved Threads: 1,080
 
8 Months Ago
0

Hi, okay i added what you said and it seems we have made progress with this problem, now the profile page is displayed, however i get two errors at the top still

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\RewardRealmsTest\profile.php on line 25
Error: The user you are trying to access does not exist in our system. Press back.


Also the places where the variables $username and $balance should display, do not display at all.

Here is my new profile.php code

<?php
session_start();

$id = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$country = "";
$balance = "";
include 'connect_to_mysql.php';
if (isset($_GET['id'])) {
	 $id = preg_replace('#[^0-9]#i', '', $_GET['id']); // filter everything but numbers
} else if (isset($_SESSION['idx'])) {
	 $id = $logOptions_id;
} else {
   header("location: index.php");
   exit();
}
// ------- END ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS ---------

// ------- FILTER THE ID AND QUERY THE DATABASE --------
$id = preg_replace('#[^0-9]#i', '', $id); // filter everything but numbers on the ID just in case
$sql = mysql_query("SELECT * FROM user_info WHERE id=$id LIMIT 1");
if(mysql_num_rows($sql) > 0){
  $row = mysql_fetch_array($sql);
  $username = $row["username"];
  $balance = $row["balance"];
}else{
  echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
}
?>


Thanks for you help by the way, i really appreciate it.

kaosjon
Light Poster
37 posts since Sep 2011
Reputation Points: 10
Solved Threads: 0
 
8 Months Ago
0
SELECT * FROM user_info WHERE id=$id LIMIT 1


run that in phpmyadmin and substitute $id for a real integer.

Also you can echo the query:

echo "SELECT * FROM user_info WHERE id=$id LIMIT 1";


to see if anything looks weird.

Is the table actually called user_info. Is the field actually id. In your connection details, are you sure you've connected to the right DB.

diafol
Rhod Gilbert Fan (ardav)
Moderator
7,792 posts since Oct 2006
Reputation Points: 1,170
Solved Threads: 1,080
 
8 Months Ago
0

Hi, bad news i am afraid i tried the query in mysql and it produced the right result, i have checked, checked and double checked everything in the php and it all looks to be correct.


I'm really confused as to what else to do.


EDIT

just tried to echo the query again like you said and i got these errors

SELECT * FROM user_info WHERE id='' LIMIT 1
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp\htdocs\RewardRealmsTest\profile.php on line 26
Error: The user you are trying to access does not exist in our system. Press back.
kaosjon
Light Poster
37 posts since Sep 2011
Reputation Points: 10
Solved Threads: 0
 
8 Months Ago
0

OK, that means the $id isn't getting passed. It's getting lost somewhere along the line.

You've got this variations on this operation twice:

$id = preg_replace('#[^0-9]#i', '', $id);


just do this once:

$id = intval($_GET['id']);


to force $id to an integer OR
test for an integer with:

if(is_int($_GET['id'])){
...
}
diafol
Rhod Gilbert Fan (ardav)
Moderator
7,792 posts since Oct 2006
Reputation Points: 1,170
Solved Threads: 1,080
 
8 Months Ago
0

Hi, that makes sense, i tried what you suggested but still got the error.

heres the code for profile.php

<?php
session_start();

$id = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$country = "";
$balance = "";
include 'connect_to_mysql.php';
if (isset($_GET['id'])) {
	 $id = intval($_GET['id']); // filter everything but numbers
} else if (isset($_SESSION['idx'])) {
	 $id = $logOptions_id;
} else {
   header("location: index.php");
   exit();
}
// ------- END ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS ---------

// ------- FILTER THE ID AND QUERY THE DATABASE --------
//$id = preg_replace('#[^0-9]#i', '', $id); // filter everything but numbers on the ID just in case
$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");

if(mysql_num_rows($sql) > 0){
  $row = mysql_fetch_array($sql);
  $username = $row["username"];
  $balance = $row["balance"];
}else{
  echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
}
?>


i am not sure where yo put the last option in the code -

if(is_int($_GET['id'])){
}
kaosjon
Light Poster
37 posts since Sep 2011
Reputation Points: 10
Solved Threads: 0
 
8 Months Ago
0

Use either the intval or the is_int. The first forces any old input to an integer, while the second checks to see if the value is an integer, that way you can decide whether you want to proceed or not. Your choice - but I usually use is_int.

I'd still echo the query just to ensure that you're getting the $id in there.

diafol
Rhod Gilbert Fan (ardav)
Moderator
7,792 posts since Oct 2006
Reputation Points: 1,170
Solved Threads: 1,080
 
8 Months Ago
0

Hi, okay i used the is_int and still got the error, "no user exists in the system". I then echoed the query and got this error

Resource id #4
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp\htdocs\RewardRealmsTest\profile.php on line 26
Error: The user you are trying to access does not exist in our system. Press back.


The "Resource id #4" is new, i am not sure what this means, the id it should be using is 36

Any ideas?

Thanks for your help

kaosjon
Light Poster
37 posts since Sep 2011
Reputation Points: 10
Solved Threads: 0
 
8 Months Ago
0
$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");
if(mysql_num_rows($sql) > 0){


It suggests that the SQL is all wrong. For now hard-code a value into the SQL for $id:

$sql = mysql_query("SELECT * FROM user_info WHERE id=1 LIMIT 1");
if(mysql_num_rows($sql) > 0){


That will give you details for user #1. See if it works. If it doesn't and user #1 exists, your user_info table or id field is misspelt. OR you've connected to the wrong DB.

diafol
Rhod Gilbert Fan (ardav)
Moderator
7,792 posts since Oct 2006
Reputation Points: 1,170
Solved Threads: 1,080
 
8 Months Ago
0

Hi, i have tried what you said and it works, which is good, but it means i am guessing that it is not getting the id, could the problem be in the login page, where it is not correctly sending the id to the profile page.

Thanks

kaosjon
Light Poster
37 posts since Sep 2011
Reputation Points: 10
Solved Threads: 0
 
8 Months Ago
0

Yep, you should see the id=.. in the address bar if your are redirecting.

diafol
Rhod Gilbert Fan (ardav)
Moderator
7,792 posts since Oct 2006
Reputation Points: 1,170
Solved Threads: 1,080
 
8 Months Ago
0

Hi, right tried again and looked at the address bar and it does submit the right id

http://localhost/RewardRealmsTest/profile.php?test=36


So it is definately the code in the profile page.

kaosjon
Light Poster
37 posts since Sep 2011
Reputation Points: 10
Solved Threads: 0
 
8 Months Ago
0

BRILLIANT NEWS, i managed to fix it, i remembered that i had an old script for a membership website that i built before and i took the part of the code that gets the id and replaced it in the profile page, now it works.

Heres the finished code for profile.php, just in case someone has the same problem again 

<?php
session_start();

$id = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$country = "";
$balance = "";
include 'connect_to_mysql.php';
if ($_GET['id']) {
	
     $id = $_GET['id'];

} else if (isset($_SESSION['id'])) {
	
	 $id = $_SESSION['id'];

} else {
	
   include_once "index.php";
   exit();
}
// ------- END ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS ---------

// ------- FILTER THE ID AND QUERY THE DATABASE --------
//$id = preg_replace('#[^0-9]#i', '', $id); // filter everything but numbers on the ID just in case
$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");

if(mysql_num_rows($sql) > 0){
  $row = mysql_fetch_array($sql);
  $username = $row["username"];
  $balance = $row["balance"];
}else{
  echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
}
?>


Thanks very much for your help ardav, really appreciate it.

kaosjon
Light Poster
37 posts since Sep 2011
Reputation Points: 10
Solved Threads: 0
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed