0

Hi I'm trying to develop a site that users can log into.
It's all standard enough the details are being kept on a mysql database. I can add the details to the db but my code for logging in isn't working.

here is my login script

function user_login($username, $password)
{
     // Try and get the salt from the database using the username
     $query = "SELECT salt FROM users WHERE username='$username'";
     $result = mysql_query($query);

     if (mysql_num_rows($result) > 0)
     {
          // Get the user
          $user = mysql_fetch_array($result);

          // Using the salt, encrypt the given password to see if it
          // matches the one in the database
          //$encrypted_pass = md5(md5($password).$user['salt']);
          
          //test only
			$encrypted_pass = md5($password);
          // Try and get the user using the username & encrypted pass
          $query = "SELECT u_id, activated FROM users WHERE username='$username' and password='$encrypted_pass'";
          $result = mysql_query($query);

          if (mysql_num_rows($result) > 0)
          {
               $user = mysql_fetch_array($result);

               // Now encrypt the data to be stored in the session
               $encrypted_id = md5($user['u_id']);
               $encrypted_name = md5($user['username']);
					$encrypted_type = md5($user['u_type']);
              
               // Store the data in the session
               $_SESSION['u_id'] = $user['u_id'];
               $_SESSION['username'] = $username;
               $_SESSION['u_type'] = $user['u_type'];
               $_SESSION['activated'] = $user['activated'];
               $_SESSION['encrypted_id'] = $encrypted_id;
               $_SESSION['encrypted_name'] = $encrypted_name;
               $_SESSION['encrypted_type'] = $user['u_type'];

               // Return ok code
               return true;
          }
          else
          {
               return false;
          }
     }
     else
     {
          return false;
     }
}

and here is where it is called

<?PHP
        // starts session, logs in to db, loads login funct
	include '../../db/init.php';

	$_SESSION['username']=$_POST["user"];
  	$_SESSION['password']=$_POST["pass"];

	if(user_login($_SESSION['username'],$_SESSION['password']))
	{
		$p = $_SESSION['u_type'];
		
		switch ($_SESSION['u_type'])
		{
			case 0:
  				//include '../staff/staff.php';
  				echo 'Session u_type' . $_SESSION['u_type'];
		echo ' p ' . $p;
  				break;
			case 1:
  				include '../trade/trade.php';
  				echo $_SESSION['u_type'];
		echo $p;
  				break;
  			case 2:
  				include '../customer/customer.php';
  				break;
		} 
	}
	else
	{
		//header('Location: www.thebikevault.com');
		echo "User type not found";
		echo "U_id: ".$_SESSION['u_id'];
		echo "Username: ".$_SESSION['username'];
      echo "Type: ".$_SESSION['u_type'];
	}
?>

It always goes to case 0, from printing out $_SESSION, I know the value is always blank ie it is not being set properly. This makes me think me user_login script isn't working, but I can't see what's I could do with a fresh set of eyes if anyone can help me?

Thanks
Jeff

3
Contributors
4
Replies
6
Views
7 Years
Discussion Span
Last Post by hielo
0

what is init.php? How and where are you connecting to the db server?

in init.php, I connect to the database, and load the functions i need. My db connection works because I use it else where to query the db

0

I would be curious to see other values returned from the database, that is in the user_login function, before loading up the $_SESSION, do a dump of $user:

print("<pre>");
var_dump($user);
print("</pre>");

and then maybe something similar in the case 0: block of the second snippet for the $_SESSION variable.

print("<pre>");
var_dump($_SESSION);
print("</pre>");

(For brevity, you could omit the md5 codes and other fields which are not mentioned in your post, if you decide to post it here).

Edited by Simon Tite: typos

0

But it is not clear where you are actually calling session_start().

Also, it is NOT clear if you have a variable holding a reference to the db connection. If you do, you need to pass that variable to your user_login() function. Post your code if you still can't resolve it.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.