Jump to content



Photo

Login Script Error


  • Please log in to reply
7 replies to this topic

#1 dnabbrocks

dnabbrocks

    Newbie

  • Members
  • Pip
  • 10 posts

Posted 25 January 2012 - 1:11 PM

Hello. I've been over this a million times but can't figure out what the problem is. I've been trying to get this to work but every time I try to login it tells me the username and password don't match those on file. However, I know that they are in because I've created a register script that works and they are in my database. Any help would be GREATLY appreciated. Thanks in advance.
Login:
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Need two helper files:
require ('includes/login_functions.php');
require ('../mysql_connect.php');
//Select Database:
mysql_select_db(UDB_NAME, $dbc) OR die("Could not select the database: " . UDB_NAME . " " . mysql_error() );
// Check the login:
list ($check, $data) = check_login($dbc, $_POST['email_address'], $_POST['user_password']);
if ($check) { // OK!
// Set the session data:
session_start();
$_SESSION['user_id'] = $data['user_id'];
$_SESSION['first_name'] = $data['first_name'];
// Store the HTTP_USER_AGENT:
$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
// Redirect:
$url = absolute_url ('loggedin.php');
header("Location: $url");
} else { // Unsuccessful!
// Assign $data to $errors for login_page.inc.php:
$errors = $data;

}
mysql_close($dbc); // Close the database connection.
} // End of the main submit conditional.
// Create the page:
include ('includes/login_page.php');
?>

Loggedin
<?php # Script 12.13 - loggedin.php #3
// The user is redirected here from login.php.
session_start(); // Start the session.
// If no session value is present, redirect the user:
// Also validate the HTTP_USER_AGENT!
if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT']) )) {
// Need the functions:
require ('includes/login_functions.php');
redirect_user();
}
// Set the page title and include the HTML header:
$page_title = 'Logged In!';
include ('includes/header.php');
// Print a customized message:
echo "<h1>Logged In!</h1>
<p>You are now logged in, {$_SESSION['first_name']}!</p>
<p><a href=\"logout.php\">Logout</a></p>";
include ('includes/footer.php');
?>

Login_functions
<?php
function redirect_user ($page = 'index.php') {
$url = 'http://' . $_SERVER['HTTP_localhost'] . dirname($_SERVER['PHP_SELF']);
// Remove any trailing slashes:
$url = rtrim($url, '/\\');
// Add the page:
$url .= '/' . $page;
// Redirect the user:
header("Location: $url");
exit(); // Quit the script.
} // End of redirect_user() function.
function check_login($dbc, $email_address = ' ', $user_password = ' ') {
$errors = array(); // Initialize error array.
// Validate the email address:
if (empty($email_address)) {
$errors[] = 'You forgot to enter your username.';
} else {
$em = mysql_real_escape_string($dbc, trim($email_address));
}
// Validate the password:
if (empty($user_password)) {
$errors[] = 'You forgot to enter your password.';
} else {
$p = mysql_real_escape_string($dbc, trim($user_password));
}
if (empty($errors)) { // If everything's OK.
// Retrieve the user_id and first_name for that email/password combination:
$q = "SELECT user_id, first_name FROM users WHERE email_address='$em' AND user_password=SHA1('$p')";
$r = @mysql_query ($dbc, $q); // Run the query.
// Check the result:
if (mysql_num_rows($r) == 1) {
// Fetch the record:
$row = mysql_fetch_array ($r, MYSQL_ASSOC);
// Return true and the record:
return array(true, $row);
} else { // Not a match!
$errors[] = 'The username and password entered do not match those on file.';
}
} // End of empty($errors) IF.
// Return false and the errors:
return array(false, $errors);
} // End of check_login() function.

Login_page
<?php # Script 12.1 - login_page.inc.php
// This page prints any errors associated with logging in
// and it creates the entire login page, including the form.
// Include the header:
$page_title = 'Login';
// Print any error messages, if they exist:
if (isset($errors) && !empty($errors)) {
echo '<h1>Error!</h1>
<p class="error">The following error(s) occurred:<br />';
foreach ($errors as $msg) {
echo " - $msg<br />\n";
}
echo '</p><p>Please try again.</p>';
}
// Display the form:
?>
<h1>Login</h1>
<form action="login.php" method="post">
<p>Email Address: <input type="text" name="email_address" size="20" maxlength="60" /> </p>
<p>Password: <input type="password" name="user_password" size="20" maxlength="20" /></p>
<p><input type="submit" name="submit" value="Login" /></p>
<input type="hidden" name="submitted" value="TRUE">
</form>
<?php include ('includes/footer.php'); ?>

  • 0

#2 Larry

Larry

    Administrator/Writer

  • Administrators
  • 3,791 posts
  • LocationState College, PA (USA)

Posted 25 January 2012 - 2:11 PM

Have you applied the standard PHP-MySQL debugging technique (printing out the login query and running it using another interface)?
  • 0

#3 dnabbrocks

dnabbrocks

    Newbie

  • Members
  • Pip
  • 10 posts

Posted 25 January 2012 - 7:38 PM

I've tried this in mysql client and I get an empty result:
SELECT user_id, first_name FROM users WHERE email_address='$em' AND user_password=SHA1('$p')
  • 0

#4 Larry

Larry

    Administrator/Writer

  • Administrators
  • 3,791 posts
  • LocationState College, PA (USA)

Posted 25 January 2012 - 10:04 PM

Yeah, that wouldn't work at all. What you need to do, as I just suggested and as the book clearly explains, is print the actual, complete query being executed in PHP. This would be the query with the values of the variables inserted. Then take that query and run it using another interface.
  • 1

#5 dnabbrocks

dnabbrocks

    Newbie

  • Members
  • Pip
  • 10 posts

Posted 25 January 2012 - 10:23 PM

After typing this, i realize nothing will be returned, because no info was in submitted. Which query would I run in mysql if nothing is submitted?
  • 0

#6 dnabbrocks

dnabbrocks

    Newbie

  • Members
  • Pip
  • 10 posts

Posted 25 January 2012 - 10:45 PM

Okay. Will do. Thanks
  • 0

#7 dnabbrocks

dnabbrocks

    Newbie

  • Members
  • Pip
  • 10 posts

Posted 26 January 2012 - 3:10 PM

Okay. I've done what the appendix says, but there is no php.ini file in my server's directory. If I download and insert it, where should it go?
Thanks for the help.
  • 0

#8 Larry

Larry

    Administrator/Writer

  • Administrators
  • 3,791 posts
  • LocationState College, PA (USA)

Posted 27 January 2012 - 9:22 AM

I have no idea what you're talking about or what this has to do with debugging this login query.
  • 0