www.webdeveloper.com
Page 1 of 3 123 LastLast
Results 1 to 15 of 32

Thread: Login page question

  1. #1
    Join Date
    Aug 2006
    Location
    New York/North Carolina
    Posts
    238

    Login page question

    Hi everyone, well, I am working on the login section of my site and it doesn't seem to want to do anything. I have it checking the entered info against a database, but it doesn't matter if I enter valid data or just junk, the page doesn't do anything, it just reloads when I try to submit the form. Here is the php code:

    PHP Code:
            <?php
        
                $username 
    $_POST['username'];
                
    $password $_POST['password'];
                
    $hashpw hash("sha512",$password);
            
                  if (isset(
    $_POST['submit']) && $_POST['submit'] == "Login") {
                    if (
    $username != " " && $hashpw != " ") {
                        
    $query "SELECT user_name FROM login_info WHERE user_name = '$username';";
                        
    $query2 "SELECT password FROM login_info WHERE password = '$hashpw';";
                        
    $result mysql_query($query) or die(mysql_error());
                        
    $result2 mysql_query($query2) or die(mysql_error());
                        
                        if (
    mysql_num_rows($result) != && mysql_num_rows($result2) != 0) {
                            
    header('Location: http://www.fakedomain.com/upload.php');
                        }
                        else {
                            print 
    "<p><span style='color:#CC0000'>The Username and Password you entered does not exist.</span><br/>";
                            print 
    "You can contact us at <a href='mailto:someone@fake.com'>Customer Service</a> if you need help with your account.";
                        }
                    }
                }
              
    ?>

  2. #2
    Join Date
    Oct 2005
    Posts
    102
    I do see one issue with your script your going to have.

    As of now, say jim password is wiki and Jack password is pedia.

    If someone would use the username jim, but use jacks password, it would log him in.

  3. #3
    Join Date
    Aug 2006
    Location
    New York/North Carolina
    Posts
    238
    That was going to be my next question.

  4. #4
    Join Date
    Aug 2006
    Location
    New York/North Carolina
    Posts
    238
    Anyone feel like offering some input on this? Like, what could be causing my page to just reload rather than redirect to the appropriate page or display the error message?

  5. #5
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    Instead of:
    PHP Code:
    $query "SELECT user_name FROM login_info WHERE user_name = '$username';";
    $query2 "SELECT password FROM login_info WHERE password = '$hashpw';";
    $result mysql_query($query) or die(mysql_error());
    $result2 mysql_query($query2) or die(mysql_error());
                        
    if (
    mysql_num_rows($result) != && mysql_num_rows($result2) != 0) { 
    combine the SQL statement and use:
    PHP Code:
    $query "SELECT user_name FROM login_info WHERE user_name = '$username' AND password = '$hashpw' LIMIT 1;";
    $result mysql_query($query) or die(mysql_error());
                        
    if (
    mysql_num_rows($result) != 0) { 
    That should take care of the untimely redirect as well.

  6. #6
    Join Date
    Aug 2006
    Location
    New York/North Carolina
    Posts
    238
    I was just reading through the MySQL manual and was about to go give that a try to prevent just any combination from letting anyone in. What about the page just reloading though, will that fix that also?

  7. #7
    Join Date
    Aug 2006
    Location
    New York/North Carolina
    Posts
    238
    Ok, well I am still just getting the page to reload, when I click the login button for my form it just seems to reload the page. The data is being submitted but it is not sending the header request it seems like. Does the header have to be before the <html> tags to work?

  8. #8
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    Can you post the login page?

  9. #9
    Join Date
    Aug 2006
    Location
    New York/North Carolina
    Posts
    238
    This is the form that is on the login page, with the php above it. That is how it is on my page.

    This is before the <html>:
    PHP Code:
    <?php
        
    require('mysql_config.php');
        
        
    $connect mysql_connect(SQL_HOST,SQL_USER,SQL_PASS) or die('Could not connect to the Database.' .mysql_error());    
                
        
    mysql_select_db(SQL_DB,$connect);
    ?>

    Down in the <body>:
    PHP Code:
            <?php
        
                $username 
    $_POST['username'];
                
    $password $_POST['password'];
                
    $hashpw hash("sha512",$password);
            
                  if (isset(
    $_POST['submit']) && $_POST['submit'] == "Login") {
                    if (
    $username != " " && $hashpw != " ") {
                        
    $query "SELECT user_name FROM login_info WHERE user_name = '$username' AND password = '$hashpw' LIMIT 1;"
                        
    $result mysql_query($query) or die(mysql_error());
                        
                        if (
    mysql_num_rows($result) != 0) {
                            
    header('Location: http://www.fake.com/upload.php');
                        }
                        else {
                            print 
    "<p><span style='color:#CC0000'>The Username and Password you entered does not exist.</span><br/>";
                            print 
    "You can contact us at <a href='mailto:someone@domain.com'>Customer Service</a> if you need help with your account.";
                        }
                    }
                }        
              
    ?>
            <form enctype="text/plain" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" class="login">
              <fieldset>
                <legend>
                  Login
                </legend>
                <label for="username">
                  Username:<br />
                  <input type="text" name="username" id="username" size="20" maxlength="20" />
                  <br />
                  <br />
                </label>
                <label for="password">
                  Password:<br />
                  <input type="password" name="password" id="password" size="20" maxlength="20" />
                  <br />
                  <br />
                </label>
                <input type="submit" name="login" id="loginbtn" value="Login" />
              </fieldset>
            </form>

  10. #10
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    Try this:
    PHP Code:
    <?php
    $err_msg 
    "";    
    if (isset(
    $_POST['submit']) && $_POST['submit'] == "Login") {
      
    $username $_POST['username'];
      
    $password $_POST['password'];
      
    $hashpw hash("sha512",$password);
      if (
    $username != " " && $hashpw != " ") {
        
    $query "SELECT user_name FROM login_info WHERE user_name = '$username' AND password = '$hashpw' LIMIT 1;";
        
    $result mysql_query($query) or die("SQL Error: $query<br>" mysql_error());
        if (
    mysql_num_rows($result) == 0) {
          
    $err_msg  "<p><span style='color:#CC0000'>The Username and Password you entered does not exist.</span><br/>";
          
    $err_msg .= "You can contact us at <a href='mailto:someone@domain.com'>Customer Service</a> if you need help with your account.<br/>";
        } else { 
          
    header('Location: http://www.fake.com/upload.php');
          exit;
        }
      }
    }        
    ?>
    <form enctype="text/plain" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" class="login">
    <?php
    if ($err_msg <> "") {
      print 
    $err_msg;
    }
    ?> 
    <fieldset>
    <legend>Login</legend>
    <label for="username">Username:<br />
    <input type="text" name="username" id="username" size="20" maxlength="20" /><br /><br />
    </label>
    <label for="password">Password:<br />
    <input type="password" name="password" id="password" size="20" maxlength="20" /><br /><br />
    </label>
    <input type="submit" name="login" id="loginbtn" value="Login" />
    </fieldset>
    </form>

  11. #11
    Join Date
    Aug 2006
    Location
    New York/North Carolina
    Posts
    238
    It still just reloads the page.

  12. #12
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    I didn't catch this earlier:
    PHP Code:
      if ($username != " " && $hashpw != " ") { 
    Change it to:
    PHP Code:
      if ($username <> "" AND $hashpw <> "") { 
    I don't know why the space is in there. Any special reason?

  13. #13
    Join Date
    Aug 2006
    Location
    New York/North Carolina
    Posts
    238
    No, not really, I was just trying to say "if the string is not empty", ergo, it has content, redirect to the address in the header(). I changed to the <> "", but I don't see what that does exactly and I am still just getting the page to reload. Here are the changes I have made to the script so far:

    PHP Code:
            <?php        
                  
    if (isset($_POST['submit']) && $_POST['submit'] == "Login") {
                
                    
    $username trim($_POST['username']);
                    
    $password trim($_POST['password']);
                    
    $hashpw hash("sha512",$password);
                    
                    print 
    "Username: " .$username;
                    print 
    "Password: " .$password;                
                    print 
    "The password we are comparing: " .$hashpw;
                    
                    if (
    $username <> "" && $hashpw <> "") {
                        
    $query "SELECT user_name FROM login_info WHERE user_name = '$username' AND password = '$hashpw' LIMIT 1;"
                        
    $result mysql_query($query) or die(mysql_error());
                        print 
    "This is the result of the query: " .$result;
                        
                        if (
    mysql_num_rows($result) != 0) {
                            
    header('Location: http://www.fake.com/upload.php');
                            exit();
                        }
                        else {
                            print 
    "<p><span style='color:#CC0000'>The Username and Password you entered does not exist.</span><br/>";
                            print 
    "You can contact us at <a href='mailto:someone@fake.com'>Customer Service</a> if you need help with your account.";
                        }
                    }
                }        
              
    ?>
    I put the variables inside the if statement becuase when they were outside it they were being assigned random values before the form was even submitted.
    Though, now nothing is being printed to the screen, so the script isn't even getting into the if statement. I don't see why it wouldn't though.

  14. #14
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    Did you leave out the bottom part in this post or did it go AWOL?

  15. #15
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    Something's not right...

    Can you post the entire login page?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles