www.webdeveloper.com
Results 1 to 3 of 3

Thread: can't get my login page to function

  1. #1
    Join Date
    Jul 2009
    Posts
    77

    can't get my login page to function

    For some reason I can't get my login page to work. I have another form on another page that posts (username and password) to this one that I know is posting to this page properly. Strangely, no matter what username and password I use to log in, it logs in just fine... even with incorrect data..

    Code:
    <?php
    	session_start();  
    	if($_POST[logout])
    	{
    		session_destroy(); 
    		exit();
    	}
    	
    	$dbc = mysqli_connect(content here is correct, but removed for security) or die('Error connecting to MYSQL Server, please contact administrator');
    	$username = $_POST['username'];
    	$password = $_POST['password'];
    	$query = "SELECT * FROM admin WHERE username = '$username' AND password = SHA1('$password')";
    	$result = mysqli_query($dbc, $query);
    	$row = mysqli_fetch_array($result);
    	if($result) //if a result is found, the user must have provided a valid username/password combo
    	{
    		$_SESSION[username] = $row['username'];
    		echo "You are logged in as " . $row['username'];  //this bit doesn't work-- all i see is "You are logged in as..."
    	}
    	else
    	{
    	?>
    		<p>You must be logged in to view this page. <a href="login.php">back</a></p>
    	<?php
    		exit();
    	}
    ?>

  2. #2
    Join Date
    Aug 2009
    Posts
    593
    Remember to put quotes around string values when getting and setting array members, eg:

    PHP Code:
    if($_POST['logout'])
    $_SESSION['username'
    unless for some reason you have defined them as constants.

    As for the query, try printing out the result to see if your actually matching the desired entry.

    PHP Code:
    $row mysqli_fetch_array($resultMYSQL_ASSOC);
    echo 
    '<pre>';
    print_r($row);
    echo 
    '</pre>'

  3. #3
    Join Date
    Oct 2005
    Posts
    843
    Definantly make sure your query is showing what you want it to do as thraddash suggested, however if you know its working, just use the information from the POST data to set the name into the session variable and show there current username. Like:
    PHP Code:
        if($result) {
            
    $_SESSION[username] = $username;
            echo 
    "You are logged in as " $username;
        } else {
            echo 
    '<p>You must be logged in to view this page. <a href="login.php">back</a></p>';
        } 
    Also running ur current query string, it shows up as:
    Code:
    SELECT * FROM admin WHERE username = 'TestUsername' AND password = SHA1('TestPassword')
    so when you set the password from the post data set it to
    PHP Code:
    $password SHA1($_POST['password']);
    $query "SELECT * FROM admin WHERE username = '$username' AND password = '$password";
    //using TestUsername and TestPassword now returns:
    //SELECT * FROM admin WHERE username = 'TestUsername' AND password = '6250625b226df62870ae23af8d3fac0760d71588' 
    That might be the main issue behind it not working.
    Welsh

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles