Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hello. I've been over this a million times but can't figure out what the problem is. I've been trying to get this to work but every time I try to login it tells me the username and password don't match those on file. However, I know that they are in because I've created a register script that works and they are in my database. Any help would be GREATLY appreciated. Thanks in advance.

Login:

<?php

if ($_SERVER['REQUEST_METHOD'] == 'POST') {

// Need two helper files:

require ('includes/login_functions.php');

require ('../mysql_connect.php');

//Select Database:

mysql_select_db(UDB_NAME, $dbc) OR die("Could not select the database: " . UDB_NAME . " " . mysql_error() );

// Check the login:

list ($check, $data) = check_login($dbc, $_POST['email_address'], $_POST['user_password']);

if ($check) { // OK!

// Set the session data:

session_start();

$_SESSION['user_id'] = $data['user_id'];

$_SESSION['first_name'] = $data['first_name'];

// Store the HTTP_USER_AGENT:

$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);

// Redirect:

$url = absolute_url ('loggedin.php');

header("Location: $url");

} else { // Unsuccessful!

// Assign $data to $errors for login_page.inc.php:

$errors = $data;

}

mysql_close($dbc); // Close the database connection.

} // End of the main submit conditional.

// Create the page:

include ('includes/login_page.php');

?>

Loggedin

<?php # Script 12.13 - loggedin.php #3

// The user is redirected here from login.php.

session_start(); // Start the session.

// If no session value is present, redirect the user:

// Also validate the HTTP_USER_AGENT!

if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT']) )) {

// Need the functions:

require ('includes/login_functions.php');

redirect_user();

}

// Set the page title and include the HTML header:

$page_title = 'Logged In!';

include ('includes/header.php');

// Print a customized message:

echo "<h1>Logged In!</h1>

<p>You are now logged in, {$_SESSION['first_name']}!</p>

<p><a href=\"logout.php\">Logout</a></p>";

include ('includes/footer.php');

?>

Login_functions

<?php

function redirect_user ($page = 'index.php') {

$url = 'http://' . $_SERVER['HTTP_localhost'] . dirname($_SERVER['PHP_SELF']);

// Remove any trailing slashes:

$url = rtrim($url, '/\\');

// Add the page:

$url .= '/' . $page;

// Redirect the user:

header("Location: $url");

exit(); // Quit the script.

} // End of redirect_user() function.

function check_login($dbc, $email_address = ' ', $user_password = ' ') {

$errors = array(); // Initialize error array.

// Validate the email address:

if (empty($email_address)) {

$errors[] = 'You forgot to enter your username.';

} else {

$em = mysql_real_escape_string($dbc, trim($email_address));

}

// Validate the password:

if (empty($user_password)) {

$errors[] = 'You forgot to enter your password.';

} else {

$p = mysql_real_escape_string($dbc, trim($user_password));

}

if (empty($errors)) { // If everything's OK.

// Retrieve the user_id and first_name for that email/password combination:

$q = "SELECT user_id, first_name FROM users WHERE email_address='$em' AND user_password=SHA1('$p')";

$r = @mysql_query ($dbc, $q); // Run the query.

// Check the result:

if (mysql_num_rows($r) == 1) {

// Fetch the record:

$row = mysql_fetch_array ($r, MYSQL_ASSOC);

// Return true and the record:

return array(true, $row);

} else { // Not a match!

$errors[] = 'The username and password entered do not match those on file.';

}

} // End of empty($errors) IF.

// Return false and the errors:

return array(false, $errors);

} // End of check_login() function.

Login_page

<?php # Script 12.1 - login_page.inc.php

// This page prints any errors associated with logging in

// and it creates the entire login page, including the form.

// Include the header:

$page_title = 'Login';

// Print any error messages, if they exist:

if (isset($errors) && !empty($errors)) {

echo '<h1>Error!</h1>

<p class="error">The following error(s) occurred:<br />';

foreach ($errors as $msg) {

echo " - $msg<br />\n";

}

echo '</p><p>Please try again.</p>';

}

// Display the form:

?>

<h1>Login</h1>

<form action="login.php" method="post">

<p>Email Address: <input type="text" name="email_address" size="20" maxlength="60" /> </p>

<p>Password: <input type="password" name="user_password" size="20" maxlength="20" /></p>

<p><input type="submit" name="submit" value="Login" /></p>

<input type="hidden" name="submitted" value="TRUE">

</form>

<?php include ('includes/footer.php'); ?>

Link to comment
Share on other sites

Yeah, that wouldn't work at all. What you need to do, as I just suggested and as the book clearly explains, is print the actual, complete query being executed in PHP. This would be the query with the values of the variables inserted. Then take that query and run it using another interface.

  • Upvote 1
Link to comment
Share on other sites

 Share

×
×
  • Create New...