0

Hi, i am trying to create my login script for my website, however when i enter my details it does not do anything, it just goes to the same screen. I have used the same script roughly as i used for another website of mine, but i cannot figure this one out. Any advice i would greatly appreciate it.

<?php

// Start Session to enable creating the session variables below when they log in
session_start();
// Force script errors and warnings to show on page in case php.ini file is set to not display them
error_reporting(E_ALL);
ini_set('display_errors', '1');
//-----------------------------------------------------------------------------------------------------------------------------------
// Initialize some vars
$errorMsg = '';
$username = '';
$password = '';
$remember = '';
if (isset($_POST['username'])) {
	
	$username = $_POST['username'];
	$password = $_POST['password'];
	if (isset($_POST['remember'])) {
		$remember = $_POST['remember'];
	}
	$username = stripslashes($username);
	$password = stripslashes($password);
	$username = strip_tags($username);
	$password = strip_tags($password);
	
	// error handling conditional checks go here
	if ((!$username) || (!$password)) { 

		$errorMsg = 'Please fill in both fields';

	} else { // Error handling is complete so process the info if no errors
		include 'connect_to_mysql.php'; // Connect to the database
		$username = mysql_real_escape_string($username); // After we connect, we secure the string before adding to query
	    $password = mysql_real_escape_string($password); // After we connect, we secure the string before adding to query
		$password = md5($pass); // Add MD5 Hash to the password variable they supplied after filtering it
		// Make the SQL query
        $sql = mysql_query("SELECT * FROM user_info WHERE username='$username' AND password='$password' AND verified_email='1'"); 
		$login_check = mysql_num_rows($sql);
        // If login check number is greater than 0 (meaning they do exist and are activated)
		if($login_check > 0){ 
    			while($row = mysql_fetch_array($sql)){
					
					// Pleae note: Adam removed all of the session_register() functions cuz they were deprecated and
					// he made the scripts to where they operate universally the same on all modern PHP versions(PHP 4.0  thru 5.3+)
					// Create session var for their raw id
					$id = $row["id"];   
					$_SESSION['id'] = $id;
					// Create the idx session var
					$_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id");
                    // Create session var for their username
					$username = $row["username"];
					$_SESSION['username'] = $username;
					// Create session var for their password
					$userpass = $row["password"];
					$_SESSION['userpass'] = $userpass;

					mysql_query("UPDATE user_info SET last_login=now() WHERE id='$id' LIMIT 1");
        
    			} // close while
	
    			// Remember Me Section
    			if($remember == "yes"){
                    $encryptedID = base64_encode("g4enm2c0c4y3dn3727553$id");
    			    setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
			        setcookie("passCookie", $pass, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
    			} 
    			// All good they are logged in, send them to homepage then exit script
    			include_once 'profile.php?test=$id'; 
    			exit();
	
		} else { // Run this code if login_check is equal to 0 meaning they do not exist
		    $errorMsg = "Incorrect login data, please try again";
		}


    } // Close else after error checks

} //Close if (isset ($_POST['uname'])){

?>

Thanks

3
Contributors
21
Replies
22
Views
5 Years
Discussion Span
Last Post by Treasurepet
0
// All good they are logged in, send them to homepage then exit script
    			include_once 'profile.php?test=$id';

does this send them to the homepage?

0

Hi, Yes their profile page is the index page for them once they have logged in

0

Hi, i tried what you said and at least now i am getting some viewable errors, here they are

Error: The user you are trying to access does not exist in our system. Press back.

I am not sure why it is saying this, would you like the code for the profile.php?

Edited by kaosjon: n/a

0

profile.php

<?php
session_start();

$id = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$country = "";
$balance = "";
include 'connect_to_mysql.php';
if (isset($_GET['id'])) {
	 $id = preg_replace('#[^0-9]#i', '', $_GET['id']); // filter everything but numbers
} else if (isset($_SESSION['idx'])) {
	 $id = $logOptions_id;
} else {
   header("location: index.php");
   exit();
}

// ------- FILTER THE ID AND QUERY THE DATABASE --------
$id = preg_replace('#[^0-9]#i', '', $id); // filter everything but numbers on the ID just in case
$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");
$existCount = mysql_num_rows($sql);
 if ($existCount == 0) {
	 echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
     exit();
}
while($row = mysql_fetch_array($sql)){ 

	$username = $row["username"];
	$balance = $row["balance"];

}
?>
0

perhaps your id options are a bit extreme. You only needd to check if it's an integer. SO you could use

if(is_int($_GET['id']))

and the rest is a bit verbose:

$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");
$existCount = mysql_num_rows($sql);
 if ($existCount == 0) {
	 echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
     exit();
}
while($row = mysql_fetch_array($sql)){ 
 
	$username = $row["username"];
	$balance = $row["balance"];
 
}

how about:

$sql = mysql_query("SELECT * FROM user_info WHERE id=$id LIMIT 1");
if(mysql_num_rows($sql) > 0){
  $row = mysql_fetch_array($sql)){ 
  $username = $row["username"];
  $balance = $row["balance"];
}else{
  echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
}
0

Hi, okay i added what you said and it seems we have made progress with this problem, now the profile page is displayed, however i get two errors at the top still

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\RewardRealmsTest\profile.php on line 25
Error: The user you are trying to access does not exist in our system. Press back.

Also the places where the variables $username and $balance should display, do not display at all.

Here is my new profile.php code

<?php
session_start();

$id = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$country = "";
$balance = "";
include 'connect_to_mysql.php';
if (isset($_GET['id'])) {
	 $id = preg_replace('#[^0-9]#i', '', $_GET['id']); // filter everything but numbers
} else if (isset($_SESSION['idx'])) {
	 $id = $logOptions_id;
} else {
   header("location: index.php");
   exit();
}
// ------- END ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS ---------

// ------- FILTER THE ID AND QUERY THE DATABASE --------
$id = preg_replace('#[^0-9]#i', '', $id); // filter everything but numbers on the ID just in case
$sql = mysql_query("SELECT * FROM user_info WHERE id=$id LIMIT 1");
if(mysql_num_rows($sql) > 0){
  $row = mysql_fetch_array($sql);
  $username = $row["username"];
  $balance = $row["balance"];
}else{
  echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
}
?>

Thanks for you help by the way, i really appreciate it.

Edited by kaosjon: n/a

0
SELECT * FROM user_info WHERE id=$id LIMIT 1

run that in phpmyadmin and substitute $id for a real integer.

Also you can echo the query:

echo "SELECT * FROM user_info WHERE id=$id LIMIT 1";

to see if anything looks weird.

Is the table actually called user_info. Is the field actually id. In your connection details, are you sure you've connected to the right DB.

0

Hi, bad news i am afraid i tried the query in mysql and it produced the right result, i have checked, checked and double checked everything in the php and it all looks to be correct.


I'm really confused as to what else to do.


EDIT

just tried to echo the query again like you said and i got these errors

SELECT * FROM user_info WHERE id='' LIMIT 1
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp\htdocs\RewardRealmsTest\profile.php on line 26
Error: The user you are trying to access does not exist in our system. Press back.

Edited by kaosjon: n/a

0

OK, that means the $id isn't getting passed. It's getting lost somewhere along the line.

You've got this variations on this operation twice:

$id = preg_replace('#[^0-9]#i', '', $id);

just do this once:

$id = intval($_GET['id']);

to force $id to an integer OR
test for an integer with:

if(is_int($_GET['id'])){
...
}
0

Hi, that makes sense, i tried what you suggested but still got the error.

heres the code for profile.php

<?php
session_start();

$id = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$country = "";
$balance = "";
include 'connect_to_mysql.php';
if (isset($_GET['id'])) {
	 $id = intval($_GET['id']); // filter everything but numbers
} else if (isset($_SESSION['idx'])) {
	 $id = $logOptions_id;
} else {
   header("location: index.php");
   exit();
}
// ------- END ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS ---------

// ------- FILTER THE ID AND QUERY THE DATABASE --------
//$id = preg_replace('#[^0-9]#i', '', $id); // filter everything but numbers on the ID just in case
$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");

if(mysql_num_rows($sql) > 0){
  $row = mysql_fetch_array($sql);
  $username = $row["username"];
  $balance = $row["balance"];
}else{
  echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
}
?>

i am not sure where yo put the last option in the code -

if(is_int($_GET['id'])){
}
0

Use either the intval or the is_int. The first forces any old input to an integer, while the second checks to see if the value is an integer, that way you can decide whether you want to proceed or not. Your choice - but I usually use is_int.

I'd still echo the query just to ensure that you're getting the $id in there.

0

Hi, okay i used the is_int and still got the error, "no user exists in the system". I then echoed the query and got this error

Resource id #4
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp\htdocs\RewardRealmsTest\profile.php on line 26
Error: The user you are trying to access does not exist in our system. Press back.

The "Resource id #4" is new, i am not sure what this means, the id it should be using is 36

Any ideas?

Thanks for your help

Edited by kaosjon: n/a

0
$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");
if(mysql_num_rows($sql) > 0){

It suggests that the SQL is all wrong. For now hard-code a value into the SQL for $id:

$sql = mysql_query("SELECT * FROM user_info WHERE id=1 LIMIT 1");
if(mysql_num_rows($sql) > 0){

That will give you details for user #1. See if it works. If it doesn't and user #1 exists, your user_info table or id field is misspelt. OR you've connected to the wrong DB.

0

Hi, i have tried what you said and it works, which is good, but it means i am guessing that it is not getting the id, could the problem be in the login page, where it is not correctly sending the id to the profile page.

Thanks

0

BRILLIANT NEWS, i managed to fix it, i remembered that i had an old script for a membership website that i built before and i took the part of the code that gets the id and replaced it in the profile page, now it works.

Heres the finished code for profile.php, just in case someone has the same problem again

<?php
session_start();

$id = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$country = "";
$balance = "";
include 'connect_to_mysql.php';
if ($_GET['id']) {
	
     $id = $_GET['id'];

} else if (isset($_SESSION['id'])) {
	
	 $id = $_SESSION['id'];

} else {
	
   include_once "index.php";
   exit();
}
// ------- END ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS ---------

// ------- FILTER THE ID AND QUERY THE DATABASE --------
//$id = preg_replace('#[^0-9]#i', '', $id); // filter everything but numbers on the ID just in case
$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");

if(mysql_num_rows($sql) > 0){
  $row = mysql_fetch_array($sql);
  $username = $row["username"];
  $balance = $row["balance"];
}else{
  echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
}
?>

Thanks very much for your help ardav, really appreciate it.

Edited by kaosjon: n/a

0

Hello,

I have similar problem, my login is working perfectly on my local server but when uploaded to remote sever, it returns me to index.html instead of member page.


Can somebody help me on what to do to make it work at it is working on local server.


thanks

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.