0

Could anyone tell me why the following is not working?

<html>
<body>



<? 

$link = mysql_connect('localhost', 'username', 'password'); 
if (!$link) { 
    die('Could not connect: ' . mysql_error()); 
} 
echo 'Connected successfully'; 
mysql_select_db('database'); 


if(isset($_POST['username']) && !empty($_POST['username']) AND isset($_POST['password']) && !empty($_POST['password'])){  
    $username = ($_POST['username']);  
    $password = ($_POST['password']);  
  
    $search = mysql_query("SELECT username, password, active FROM users WHERE username='".$username."' AND password='".$password."'") or die(mysql_error());  
    $match  = mysql_num_rows($search);  
            }  

if($match > 0){  
    echo 'Login Complete! Thanks';  
    // Set cookie / Start Session / Start Download etc...  
}else{  
    echo  'Login Failed! Please make sure that you enter the correct details and that you have activated your account.';  
}  
?>          

        
        <h3>Login Form</h3>  
        <p>Please enter your name and password to login</p>  
  
      
  
        <!-- start sign up form -->  
        <form action="" method="post">  
            <label for="name">Name:</label>  
            <input type="text" name="name" value="" />  
            <label for="password">Password:</label>  
            <input type="password" name="password" value="" />  
  
            <input type="submit" class="submit_button" value="Login" />  
        </form>  

</body>
</html>

The connected successfully message comes up, but so does the Login Failed! one. I am not sure what I am doing wrong. The stuff I am typing in exactly matches the database info. (I have changed username, password etc. for this post).

This isn't the finished script but I am just checking as I go along, still need to add cookies, session etc. but it is not looking good if I can't do this!

The script is not originally mine but I am trying to adapt it

Thanks

4
Contributors
7
Replies
8
Views
5 Years
Discussion Span
Last Post by Stefano Mtangoo
1

<input name="name"... /> should be name="username"... />. You your comment:
// Set cookie / Start Session / Start Download etc... is inaccurate. You need to start the session BEFORE you even begin sending any output. That means that you cannot start the session after you have send <html>...

Try the attached code instead:

<?php
session_start();
$DEBUG=true;
$SELF=basename(__FILE__);
?>
<html>
<body>
<?php

$link = mysql_connect('localhost', 'username', 'password') or die('Could not connect: ' . mysql_error()); 
echo 'Connected successfully'; 
mysql_select_db('database') or die(mysql_error()); 


if(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']))
{  
    $username = mysql_real_escape_string($_POST['username']);  
    $password = mysql_real_escape_string($_POST['password']);  

    $sql="SELECT `active` FROM `users` WHERE `username`='".$username."' AND `password`='".$password."'";
    $search = mysql_query($sql) or die(mysql_error());  
    $match  = mysql_num_rows($search);  

    if($DEBUG)
    {
        echo '<br />Executed: '.htmlspecialchars($sql,ENT_QUOTES);
        echo '<br />Total Matches: '.$match;
    }
}  

if($match==1){  
    echo '<p>Login Complete! Thanks</p>';  
    // Set cookie / Start Session / Start Download etc...  
}
else
{ 
    echo  '<p>Login Failed! Please make sure that you enter the correct details and that you have activated your account.</p>';  
}  
?>          


        <h3>Login Form</h3>  
        <p>Please enter your name and password to login</p>  



        <!-- start sign up form -->  
        <form action="<?php echo $SELF; ?>" method="post">  
            <label for="name">Name:</label>  
            <input type="text" name="username" value="" />  
            <label for="password">Password:</label>  
            <input type="password" name="password" value="" />  

            <input type="submit" class="submit_button" value="Login" />  
        </form>  

</body>
</html>

Edited by mike_2000_17: Fixed formatting

0

first if this line of code fails there is no notice like you did to connect

mysql_select_db('database');

may I know why you are mixing ampersand abd AND
if(isset($_POST['username']) && !empty($_POST['username']) AND isset($_POST['password']) && !empty($_POST['password']))

Also print_r($_POST) to see if the form posts values and indices are correct[CODE=PHP]if(isset($_POST) && !empty($_POST) AND isset($_POST) && !empty($_POST))

Also print_r($_POST) to see if the form posts values and indices are correct

0

Thanks for all your help so far, I have another issue, I hope it isn't too much trouble as I feel bad constantly asking for help!

Here is my script so far, I've added in sessions etc and instead of a success message redirecting to either previous page or index. Is this the correct way to use sessions?

Also I get an error now:

Cannot modify header information - headers already sent by... on line 37

I have looked around and it seems that the problem is to do with already sending info to browser but I am not sure how I have done this!

<?php
session_start(); // starts the session
$_SESSION['url'] = $_SERVER['REQUEST_URI']; ?>

<?php
session_start();
$DEBUG=true;
$SELF=basename(__FILE__);
?>
<html>
<body>
<?php
 
$link = mysql_connect('', '', '') or die('Could not connect: ' . mysql_error()); 
echo 'Connected successfully'; 
mysql_select_db('') or die(mysql_error()); 
 
 
if(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']))
{  
    $username = mysql_real_escape_string($_POST['username']);  
    $password = mysql_real_escape_string($_POST['password']);  
 
	$sql="SELECT `active` FROM `users` WHERE `username`='".$username."' AND `password`='".$password."'";
    $search = mysql_query($sql) or die(mysql_error());  
    $match  = mysql_num_rows($search);  
 
}  
 
if($match==1){  
 session_start();  
if(isset($_SESSION['url'])) 
   $url = $_SESSION['url']; 
else 
   $url = "index.php"; // default page for 

header("Location: http://web.com/$url");  
}
else
{ 
    echo  '<p>Login Failed! Please make sure that you enter the correct details and that you have activated your account.</p>';  
}  
?>          
 
 
        <h3>Login Form</h3>  
        <p>Please enter your name and password to login</p>  
 
 
 
        <!-- start sign up form -->  
        <form action="<?php echo $SELF; ?>" method="post">  
            <label for="name">Name:</label>  
            <input type="text" name="username" value="" />  
            <label for="password">Password:</label>  
            <input type="password" name="password" value="" />  
 
            <input type="submit" class="submit_button" value="Login" />  
        </form>  
 
</body>
</html>

Thanks for your help

Edited by gilgil2: n/a

0

Below is login.php followed by protectedPage.php. Read comments in code

<?php
//login.php
session_start(); // starts the session

//this makes no sense.  
//	$_SESSION['url'] = $_SERVER['REQUEST_URI'];
//If this file is named login.php, it sets $_SESSION['url'] to login.php. So essentially
//as soon as you arrive at this page you are setting 'url' to 'login.php'. You then see the
//login form. Once you submit the login form and provide the correct username and password
//you are then redirecting to whatever is in 'url', which is (once again) 'login.php'
//The net effect will be that you will remain 'stuck' in login.
//What you need to do is to set $_SESSION['url'] on the page that you want to protect, 
//NOT in login.php.  See how I did this in protectedPage.php

$SELF=basename(__FILE__);
$msg='';
 
if(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']))
{  
	$link = mysql_connect('', '', '') or die('Could not connect: ' . mysql_error()); 
	mysql_select_db('') or die(mysql_error()); 

    $username = mysql_real_escape_string($_POST['username']);  
    $password = mysql_real_escape_string($_POST['password']);  
 
	$sql="SELECT `active` FROM `users` WHERE `username`='".$username."' AND `password`='".$password."'";
    $search = mysql_query($sql) or die(mysql_error());  
    $match  = mysql_num_rows($search);  
 
}  
 
if($match==1)
{
	$_SESSION['authenticated']=true;
	$url = 'index.php'; // default page for 
	if(isset($_SESSION['url']))
	{
		$url = strip_tags($_SESSION['url']);
		unset($_SESSION['url']);
	}
	header("Location: http://web.com/$url");
	exit;
}
else
{ 
    $msg='<p>Login Failed! Please make sure that you enter the correct details and that you have activated your account.</p>';  
}  
?>          
<html>
<body>
        <h1>Login Form</h1>
		<?php
		if(!empty($msg))
		{
			echo $msg;
		}
		?>
        <p>Please enter your name and password to login</p>  
        <!-- start sign up form -->  
        <form action="<?php echo $SELF; ?>" method="post">  
            <div>
				<label for="name">Name:</label>  
            	<input type="text" name="username" value="" />
			</div>
            <div>
				<label for="password">Password:</label>
            	<input type="password" name="password" value="" />
			</div>
 
			<div><input type="submit" class="submit_button" value="Login" /></div>
        </form>  
 
</body>
</html>

here's what you need to "protect" a some page

<?php
//protectedPage.php
session_start();

if( !isset($_SESSION['authenticated']) )
{
	$_SESSION['url']=strip_tags($_SERVER['REQUEST_URI']);
	header('Location: http://web.com/login.php');
	exit;
}
//rest of code for the page you are trying to "protect" follows here
//...
?>
0

<?php
session_start(); // starts the session
$_SESSION = $_SERVER; ?>

<?php
session_start();
$DEBUG=true;
$SELF=basename(__FILE__);
?>

You are just doing that....double starting session!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.