www.webdeveloper.com
Results 1 to 4 of 4

Thread: [RESOLVED] Login using sessions doesn't work

Hybrid View

  1. #1
    Join Date
    Jun 2009
    Posts
    2

    resolved [RESOLVED] Login using sessions doesn't work

    I am trying to create a login-system using sessions to remind if you are logged in or not. I can't find any type errors in the code, like a forgotten bracket or something, and I also don't get any error messages in my browser.

    The only thing is that I don't see any input fields, although they have to be there. It just doesn't work and I don't know why.

    Excuse me if I may be using bad English, but I am dutch.

    I really hope anyone can help me out. Thanks!

    I used the following code (Comments are in dutch, because I am dutch and I write comments mainly for myself. If you want me to translate it, please tell me in a reply). Note that this is just a part of the code, so don't tell me i forgot the php-tags!

    PHP Code:
    // Sessievariabelen over het inloggen:
    $logged_in = $_SESSION['logged_in'];
    $account_type = $_SESSION['account_type'];

    // Deze functie is voor het inloggen:
    function login() {
        // POST-variabelen vereenvoudigen:
        $username = $_POST['gebruikersnaam'];
        $password = $_POST['wachtwoord'];
        $verzenden = $_POST['verzenden'];
        // Als de verzendknop is ingedukt:
        if(isset($verzenden) and $verzenden != "verzenden") {
            // Als de gebruikersnaam en het wachtwoord zijn ingevuld:
            if(isset($username) and isset($password) and $username != '' and $password != '') {
                // SQL-query opstellen voor het opvragen van gebruikersinformatie:
                $query_login  = "SELECT * ";
                $query_login .= "FROM `users` ";
                $query_login .= "WHERE username = `" . $username . "`;";
                // Verbinding maken met de MYSQL-server en de juiste database selecteren:
                $verbinding = mysql_connect(MYSQL_SERVER, MYSQL_USERNAME, MYSQL_PASSWORD) or die("Er ging iets mis bij de databaseverbinding. Neem contact op met de webmaster. Fout: " . mysql_error());
                mysql_select_db(MYSQL_DATABASE) or die("Er ging iets mis bij de databaseverbinding. Neem contact op met de webmaster. Fout: " . mysql_error());
                // Resultaat opvragen en de cache legen:
                $resultaat = mysql_query($query_login) or die("Er ging iets mis bij de databaseverbinding. Neem contact op met de webmaster. Fout: " . mysql_error());
                mysql_free_result($resultaat) or die("Er ging iets mis bij de databaseverbinding. Neem contact op met de webmaster. Fout: " . mysql_error());
                // Databaseverbinding sluiten:
                mysql_close($verbinding) or die("Er ging iets mis bij de databaseverbinding. Neem contact op met de webmaster. Fout: " . mysql_error());
                // Als het ingevulde wachtwoord gelijk is aan het wachtwoord uit de database:
                if($resultaat['password'] == $password) {
                    // Sessievariabelen bijwerken:
                    $logged_in = true;
                    $account_type = $resultaat['account_type']; 
                }
                // Als het ingevulde wachtwoord niet overeenkomt met het wachtwoord uit de database:
                else {
                    // Sessievariabelen bijwerken:
                    $logged_in = false;
                    $account_type = "";
                    // Fout opstellen:
                    $error = "Het opgegeven wachtwoord is onjuist.";
                }
            }
            // Als er geen gebruikersnaam of wachtwoord is ingevuld:
            else {
                // Sessievariabelen bijwerken:
                $logged_in = false;
                $account_type = "";
                // Fout opstellen:
                $error = "En of meer van de velden zijn niet ingevuld.";
            }
        }
        // Als er nog niet op de verzendknop is gedrukt:
        else {
            ?>
                <form action="<?php echo $_SERVER['php_self']; ?>" method="post">
                    <table>
                        <tr>
                            <td><span>Gebruikersnaam: </span></td>
                            <td><span>Wachtwoord: </span></td>
                            <td><input type="submit" name="verzenden" value="Verzenden" /></td>
                        </tr>
                        <tr>
                            <td><input type="text" name="gebruikersnaam" /></td>
                            <td><input type="text" name="wachtwoord" /></td>
                        </tr>
                    </table>
                </form>
            <?php
        
    }
        
    // Sessievariabelen instellen:
        
    $_SESSION['logged_in'] = $logged_in;
        
    $_SESSION['account_type'] = $account_type;
    }
    // Einde van de login-functie.

    // Login-functie uitvoeren:
    if($_SESSION['logged_in'] != true) {
        if(
    $action == "login") {
            
    login();
        }
    }

  2. #2
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    Have you called session_start anywhere?

    Also, where are you setting $action?

  3. #3
    Join Date
    Jun 2009
    Posts
    2
    Quote Originally Posted by bokeh View Post
    Have you called session_start anywhere?

    Also, where are you setting $action?
    Quote Originally Posted by SyCo View Post
    $action never equals 'login' so login() isn't called. $action is missing from your script except in that if() statement.

    You're renaming variables for no reason.

    serves no purpose but it means you're more likely to make errors, increasing the possibility of vulnerabilities as in this script. Your query is open to SQL injection.
    I will try to find something about SQL-injection so I can fix this.

    I am renaming the variables not just for no reason, but if I have a lot of code (I am going to expand this script later, with a register-function etc) it works better to simplify those variables, so you have to type less. It really makes a difference in long scripts!

    I stupidly never thought of calling the GET-variable this way:

    PHP Code:
     if($_GET['action'] == "login"
    but I did it this way all the time:

    PHP Code:
     if($action == "login"
    I simply thought that the variable in the url would be equal to the variable $action in the script. I know, it is a stupid mistake, but I am just a beginner. Thanks very much for your help!

    P.S. It now works properly!

  4. #4
    Join Date
    Apr 2007
    Posts
    1,664
    PHP Code:
    if($action == "login") {
            
    login();
        } 
    $action never equals 'login' so login() isn't called. $action is missing from your script except in that if() statement.

    You're renaming variables for no reason.
    PHP Code:
    $var=$_POST['var']; 
    serves no purpose but it means you're more likely to make errors, increasing the possibility of vulnerabilities as in this script. Your query is open to SQL injection.
    Last edited by SyCo; 06-19-2009 at 06:36 PM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles