473,586 Members | 2,718 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Login script validation & sessions

The below login script does work. The form does not seem to be
submitting. I keep getting the username and password fields. The only
errors I get are notices that email and password and undefined
indexes.

Here's the login script:
<?php
session_start() ;

// includes
include_once ("includes/common.php");
include_once ("includes/db_vars.inc");
//check to see isLoggedIn is True
if (!isset($_SESSI ON["isLoggedIn "])) {
?>
<!-- LOGIN FORM -->
<form method=post action="<?echo $_SERVER['PHP_SELF']?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username: </td><td><input type="text" name="email"
size=10></td><tr>
<td>Password: </td><td><input type="password" name="password"
size=10></td><tr>
<td>&nbsp;</td><td><input type="submit" name="submit" value="Log
In"></td>
</table></form>
<?php
//connect to database
dbConnect('crc1 ');
$email = $_POST['email'];
$password = $_POST['password'];
$sql = "SELECT * FROM crc1.tblusers WHERE emailaddress = '$email' AND
password = md5('$password' )";
echo $sql;
$result = mysql_query($sq l) or die ("Error in query: $sql. " .
mysql_error());
while ($row=mysql_fet ch_array($resul t)) {
if (mysql_num_rows ($result)!= False) {
$isLoggedIn = TRUE;
session_registe r($email);
session_registe r($password);
session_registe r($isLoggedIn);
header('locatio n: http://localhost/app/mycrc/mycrc.php');
}// end if
}//end if
}else{
//debugging
echo ''.$_POST['email'].' <br/>';
echo ''.$_POST['password'].'<br/>';
echo 'Could not log you in.<br/>';
print_r ($_SESSION);
}//end if
?>

I'd appreciate it if someone could give me some pointers.
Jul 16 '05 #1
8 12671
Steve Fitzgerald wrote:
The below login script does work. The form does not seem to be
submitting. I keep getting the username and password fields. [...]I'd appreciate it if someone could give me some pointers.


You don't want to show the form after the user presses the submit
button, and you only want to validate input after the user presses the
button.
Enclose the form and validation in another if()

<?php if (!isset($_POST['submit'])) { ?>

## FORM HERE ##

<?php } else { ?>

## VALIDATION HERE ##

<?php } ?>
--
"Yes, I'm positive."
"Are you sure?"
"Help, somebody has stolen one of my electrons!"
Two atoms are talking:
Jul 16 '05 #2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Whilst lounging around on 3 Jul 2003 03:24:16 -0700, sf@mnetsys.com
(Steve Fitzgerald) amazingly managed to produce the following with
their Etch-A-Sketch:
The below login script does work. The form does not seem to be
submitting. I keep getting the username and password fields. The
only errors I get are notices that email and password and undefined
indexes.

Here's the login script:
<?php
session_start() ;

// includes
include_once ("includes/common.php");
include_once ("includes/db_vars.inc");
//check to see isLoggedIn is True
if (!isset($_SESSI ON["isLoggedIn "])) {
?>
<!-- LOGIN FORM -->
<form method=post action="<?echo $_SERVER['PHP_SELF']?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username: </td><td><input type="text" name="email"
size=10></td><tr>
<td>Password: </td><td><input type="password" name="password"
size=10></td><tr>
<td>&nbsp;</td><td><input type="submit" name="submit" value="Log
In"></td>
</table></form>
<?php
//connect to database
dbConnect('crc1 ');
$email = $_POST['email'];
$password = $_POST['password'];

Unnecessary use of vars.

$sql = "SELECT * FROM crc1.tblusers WHERE emailaddress = '$email'
AND password = md5('$password' )"; ^^^

Function call within a string won't help =)
$sql = "
SELECT *
FROM crc1.tblusers
WHERE emailaddress = '{$_POST['email']}'
AND password = '" . md5($_POST['password']) . "'
";

echo $sql;
$result = mysql_query($sq l) or die ("Error in query: $sql. " .
mysql_error());
while ($row=mysql_fet ch_array($resul t)) {
if (mysql_num_rows ($result)!= False) { ^^^^^

This doesn't return a boolean value, rather an INT.
if (mysql_num_rows ($result) > 0) {

$isLoggedIn = TRUE;
session_registe r($email);
session_registe r($password);
session_registe r($isLoggedIn); ^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^
See www.php.net for SESSION information.

header('locatio n: http://localhost/app/mycrc/mycrc.php');
}// end if
}//end if
}else{
//debugging
echo ''.$_POST['email'].' <br/>'; ^^

???

What purpose are these serving? No need for them whatsoever.

echo ''.$_POST['password'].'<br/>';
echo 'Could not log you in.<br/>';
print_r ($_SESSION);
}//end if
?>

I'd appreciate it if someone could give me some pointers.

In additon to the above, I strongly suggest www.php.net for some
reading to help you understand some of this code.. and www.mysql.com
for the MySQL manual for your SQL syntax.

Regards,

Ian

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPwQSOWfqtj2 51CDhEQLS8gCePO VZ5EibvfOuLxqB+ bW95KlYD8AAnjZO
Fblxk6iUk+x9H+B 7r1WTSwvp
=pBYj
-----END PGP SIGNATURE-----

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
Programming, Web design, development & hosting.
Jul 16 '05 #3
"Ian.H [dS]" <ia*@WINDOZEdig iserv.net> writes:
(Steve Fitzgerald) amazingly managed to produce the following with
$sql = "SELECT * FROM crc1.tblusers WHERE emailaddress = '$email'
AND password = md5('$password' )";

^^^
Function call within a string won't help =)


md5() is a valid MySQL function, should work fine.
http://www.mysql.com/doc/en/Miscella...functions.html

--
Chris
Jul 16 '05 #4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Whilst lounging around on 03 Jul 2003 12:51:48 +0100, Chris Morris
<c.********@dur ham.ac.uk> amazingly managed to produce the following
with their Etch-A-Sketch:
"Ian.H [dS]" <ia*@WINDOZEdig iserv.net> writes:
(Steve Fitzgerald) amazingly managed to produce the following
with
$sql = "SELECT * FROM crc1.tblusers WHERE emailaddress =
'$email' AND password = md5('$password' )";

^^^
Function call within a string won't help =)


md5() is a valid MySQL function, should work fine.
http://www.mysql.com/doc/en/Miscella...functions.html

Ahh yes, my apologies Chris.. well pointed out =)

Regards,

Ian

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPwQoE2fqtj2 51CDhEQJvfgCfbn 3aJi+wd8UZZquQF 7QPWR7SOAoAoKQ5
AyoUAlJB/OzwwmQDWmxPOmaA
=Fa3t
-----END PGP SIGNATURE-----

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
Programming, Web design, development & hosting.
Jul 16 '05 #5
The below code authenticates my login, but my sessions are not
registering. In the debugging section I have print_r ($_SESSION); and
all that produces in Array (). Am I missing something?

<?php
session_start() ;

// includes
include_once ("includes/common.php");
include_once ("includes/db_vars.inc");
//check to see if this form has already been submitted
if (!isSet($_POST['submit'])){
?>
<!-- LOGIN FORM -->
<form method=post action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username: </td><td><input type="text" name="email"
size=10></td><tr>
<td>Password: </td><td><input type="password" name="password"
size=10></td><tr>
<td>&nbsp;</td><td><input type="submit" name="submit" value="Log
In"></td>
</table></form>
<?php
}else{
//connect to database
dbConnect('crc1 ');
$email = $_POST['email'];
$password = $_POST['password'];
$sql = "SELECT * FROM crc1.tblusers WHERE emailaddress = '$email' AND
password = md5('$password' )";
echo $sql;
$result = mysql_query($sq l) or die ("Error in query: $sql. " .
mysql_error());
while ($row=mysql_fet ch_array($resul t)) {
if (mysql_num_rows ($result)!= False) {
$isLoggedIn = TRUE;
session_registe r("email");
session_registe r("password") ;
session_registe r("isLoggedIn") ;
//header('locatio n: http://localhost/app/mycrc/mycrc.php');
}// end while
}//end if
echo '<br/>'.$_POST['email'].' <br/>';
echo ''.$_POST['password'].'<br/>';
print_r ($_SESSION);
}//end if
?>

Chris Morris <c.********@dur ham.ac.uk> wrote in message news:<87******* *****@dinopsis. dur.ac.uk>...
"Ian.H [dS]" <ia*@WINDOZEdig iserv.net> writes:
(Steve Fitzgerald) amazingly managed to produce the following with
$sql = "SELECT * FROM crc1.tblusers WHERE emailaddress = '$email'
AND password = md5('$password' )";

^^^
Function call within a string won't help =)


md5() is a valid MySQL function, should work fine.
http://www.mysql.com/doc/en/Miscella...functions.html

Jul 16 '05 #6
I corrected part of the problem by using $_SESSION instead of
session_registe r(). Now, the problem is that my code to validate if
$_SESSION["isLoggedIn "] has been set on the top of each of the pages
I'm trying to protect does not seem to work.

Here's the code:
<?php
session_start() ;
if (isSet($_SESSIO N['isLoggedIn']) != '1'){
header('locatio n: http://localhost/login.php');
exit();
}else{
...rest of code
}
?>
I always get sent back to the login page.

Any suggestions?
sf@mnetsys.com (Steve Fitzgerald) wrote in message news:<f1******* *************** ****@posting.go ogle.com>...
The below code authenticates my login, but my sessions are not
registering. In the debugging section I have print_r ($_SESSION); and
all that produces in Array (). Am I missing something?

<?php
session_start() ;

// includes
include_once ("includes/common.php");
include_once ("includes/db_vars.inc");
//check to see if this form has already been submitted
if (!isSet($_POST['submit'])){
?>
<!-- LOGIN FORM -->
<form method=post action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username: </td><td><input type="text" name="email"
size=10></td><tr>
<td>Password: </td><td><input type="password" name="password"
size=10></td><tr>
<td>&nbsp;</td><td><input type="submit" name="submit" value="Log
In"></td>
</table></form>
<?php
}else{
//connect to database
dbConnect('crc1 ');
$email = $_POST['email'];
$password = $_POST['password'];
$sql = "SELECT * FROM crc1.tblusers WHERE emailaddress = '$email' AND
password = md5('$password' )";
echo $sql;
$result = mysql_query($sq l) or die ("Error in query: $sql. " .
mysql_error());
while ($row=mysql_fet ch_array($resul t)) {
if (mysql_num_rows ($result)!= False) {
$isLoggedIn = TRUE;
session_registe r("email");
session_registe r("password") ;
session_registe r("isLoggedIn") ;
//header('locatio n: http://localhost/app/mycrc/mycrc.php');
}// end while
}//end if
echo '<br/>'.$_POST['email'].' <br/>';
echo ''.$_POST['password'].'<br/>';
print_r ($_SESSION);
}//end if
?>

Chris Morris <c.********@dur ham.ac.uk> wrote in message news:<87******* *****@dinopsis. dur.ac.uk>...
"Ian.H [dS]" <ia*@WINDOZEdig iserv.net> writes:
(Steve Fitzgerald) amazingly managed to produce the following with
> $sql = "SELECT * FROM crc1.tblusers WHERE emailaddress = '$email'
> AND password = md5('$password' )";
^^^
Function call within a string won't help =)


md5() is a valid MySQL function, should work fine.
http://www.mysql.com/doc/en/Miscella...functions.html

Jul 16 '05 #7
Steve Fitzgerald wrote:
I corrected part of the problem by using $_SESSION instead of
session_registe r(). Now, the problem is that my code to validate if
$_SESSION["isLoggedIn "] has been set on the top of each of the pages
I'm trying to protect does not seem to work.

Here's the code:
<?php
session_start() ;
if (isSet($_SESSIO N['isLoggedIn']) != '1'){
header('locatio n: http://localhost/login.php');
exit();
}else{
..rest of code
}
?>
I always get sent back to the login page.

Any suggestions?


either just use
if (!isset($_SESSI ON['isLoggedIn']) {
or
if ($_SESSION['isLoggedIn'] != 1) {
you've mixed the two together

Jul 16 '05 #8
Steve Fitzgerald wrote:
if (isSet($_SESSIO N['isLoggedIn']) != '1'){
header('locatio n: http://localhost/login.php');
exit();
}else{
..rest of code
}


if (
!isset($_SESSIO N['isLoggedIn']) ||
(isset($_SESSIO N['isLoggedIn']) && $_SESSION['isLoggedIn'] != 1)
) {
// Send them to the login page.
} else {
// Rest of code
}

Jul 16 '05 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
2850
by: koolyio | last post by:
Hey, could you please tell me what is wrong with my login script. I just started learning php. CODE: login.php <? session_start(); header("Cache-Control: private"); ?>
2
2037
by: Tom | last post by:
I hope someone can help me figure out what's going on here. I've re-read the section on sessions at php.net and Googled this high and low but I haven't found anything that quite explains my problem. The basic problem: session data (e.g. $_SESSION) gets dropped after visitor logs in and reloads the page via a form once or twice (it seems to...
2
1736
by: dubdave | last post by:
Hi I wrote a very basic login script which acesses a mySQL database, like this:- <?php // compares values entered in login page form with mySQL database, and then directs either to protected page or to a failure page
2
2392
by: drah | last post by:
Hello not exactly sure if it is a php script problem or a database/table issue i apologize if i'mposting in wrong category. I was asked to put a login script on a site for someone and i made the database,tables needed but when you enter a username and password to register the database,table records dont write the information so when attempting to...
8
2117
tolkienarda
by: tolkienarda | last post by:
hi all i have a login script that is simplified with out any extra stuff. and it doesn't seem to work. i think the problem is something to do with session variables. but i am not sure what it is. below are the scripts in their entirety along with a description of all outputs first page - login.htm <html> <head> <title>login</title>...
3
2071
by: bull1099 | last post by:
I designed a simple site which has a login for users to access their account page. When i had my files uploaded on a terrible hosting service site, my website I designed was fully functional. I moved my site to this newsit.es host service because it is ten times better but my login script wont work anymore. I believe it has to do with the settings...
5
1257
by: silmana | last post by:
Hi guys i have tried many ways and o cannot do this, could some one plizz tell me how to write a login script that many members can join and login, not only one, cuz it will be a community. Then when the member login he will have his own site?? i think cookie has something to doo with this. pliz give me the full script, thanks.
1
14064
by: sadanandsuvarna | last post by:
Hi, I hv created following script for rediffmail login, i've saved login name and password and has saved it with .html extension so that when i click on the file it wud directly take me to inbox screen, everything works fine, but it does not submit after displaying username and passwd. It shd directly submit after i run .html file, which is not...
0
7839
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
8200
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
0
8338
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
1
7954
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
8215
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6610
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
2345
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1448
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
1179
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.