469,292 Members | 1,299 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,292 developers. It's quick & easy.

Login script validation & sessions

The below login script does work. The form does not seem to be
submitting. I keep getting the username and password fields. The only
errors I get are notices that email and password and undefined
indexes.

Here's the login script:
<?php
session_start();

// includes
include_once ("includes/common.php");
include_once ("includes/db_vars.inc");
//check to see isLoggedIn is True
if (!isset($_SESSION["isLoggedIn"])) {
?>
<!-- LOGIN FORM -->
<form method=post action="<?echo $_SERVER['PHP_SELF']?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username:</td><td><input type="text" name="email"
size=10></td><tr>
<td>Password:</td><td><input type="password" name="password"
size=10></td><tr>
<td>&nbsp;</td><td><input type="submit" name="submit" value="Log
In"></td>
</table></form>
<?php
//connect to database
dbConnect('crc1');
$email = $_POST['email'];
$password = $_POST['password'];
$sql = "SELECT * FROM crc1.tblusers WHERE emailaddress = '$email' AND
password = md5('$password')";
echo $sql;
$result = mysql_query($sql) or die ("Error in query: $sql. " .
mysql_error());
while ($row=mysql_fetch_array($result)) {
if (mysql_num_rows($result)!= False) {
$isLoggedIn = TRUE;
session_register($email);
session_register($password);
session_register($isLoggedIn);
header('location: http://localhost/app/mycrc/mycrc.php');
}// end if
}//end if
}else{
//debugging
echo ''.$_POST['email'].' <br/>';
echo ''.$_POST['password'].'<br/>';
echo 'Could not log you in.<br/>';
print_r ($_SESSION);
}//end if
?>

I'd appreciate it if someone could give me some pointers.
Jul 16 '05 #1
8 12376
Steve Fitzgerald wrote:
The below login script does work. The form does not seem to be
submitting. I keep getting the username and password fields. [...]I'd appreciate it if someone could give me some pointers.


You don't want to show the form after the user presses the submit
button, and you only want to validate input after the user presses the
button.
Enclose the form and validation in another if()

<?php if (!isset($_POST['submit'])) { ?>

## FORM HERE ##

<?php } else { ?>

## VALIDATION HERE ##

<?php } ?>
--
"Yes, I'm positive."
"Are you sure?"
"Help, somebody has stolen one of my electrons!"
Two atoms are talking:
Jul 16 '05 #2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Whilst lounging around on 3 Jul 2003 03:24:16 -0700, sf@mnetsys.com
(Steve Fitzgerald) amazingly managed to produce the following with
their Etch-A-Sketch:
The below login script does work. The form does not seem to be
submitting. I keep getting the username and password fields. The
only errors I get are notices that email and password and undefined
indexes.

Here's the login script:
<?php
session_start();

// includes
include_once ("includes/common.php");
include_once ("includes/db_vars.inc");
//check to see isLoggedIn is True
if (!isset($_SESSION["isLoggedIn"])) {
?>
<!-- LOGIN FORM -->
<form method=post action="<?echo $_SERVER['PHP_SELF']?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username:</td><td><input type="text" name="email"
size=10></td><tr>
<td>Password:</td><td><input type="password" name="password"
size=10></td><tr>
<td>&nbsp;</td><td><input type="submit" name="submit" value="Log
In"></td>
</table></form>
<?php
//connect to database
dbConnect('crc1');
$email = $_POST['email'];
$password = $_POST['password'];

Unnecessary use of vars.

$sql = "SELECT * FROM crc1.tblusers WHERE emailaddress = '$email'
AND password = md5('$password')"; ^^^

Function call within a string won't help =)
$sql = "
SELECT *
FROM crc1.tblusers
WHERE emailaddress = '{$_POST['email']}'
AND password = '" . md5($_POST['password']) . "'
";

echo $sql;
$result = mysql_query($sql) or die ("Error in query: $sql. " .
mysql_error());
while ($row=mysql_fetch_array($result)) {
if (mysql_num_rows($result)!= False) { ^^^^^

This doesn't return a boolean value, rather an INT.
if (mysql_num_rows($result) > 0) {

$isLoggedIn = TRUE;
session_register($email);
session_register($password);
session_register($isLoggedIn); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
See www.php.net for SESSION information.

header('location: http://localhost/app/mycrc/mycrc.php');
}// end if
}//end if
}else{
//debugging
echo ''.$_POST['email'].' <br/>'; ^^

???

What purpose are these serving? No need for them whatsoever.

echo ''.$_POST['password'].'<br/>';
echo 'Could not log you in.<br/>';
print_r ($_SESSION);
}//end if
?>

I'd appreciate it if someone could give me some pointers.

In additon to the above, I strongly suggest www.php.net for some
reading to help you understand some of this code.. and www.mysql.com
for the MySQL manual for your SQL syntax.

Regards,

Ian

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPwQSOWfqtj251CDhEQLS8gCePOVZ5EibvfOuLxqB+bW95K lYD8AAnjZO
Fblxk6iUk+x9H+B7r1WTSwvp
=pBYj
-----END PGP SIGNATURE-----

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
Jul 16 '05 #3
"Ian.H [dS]" <ia*@WINDOZEdigiserv.net> writes:
(Steve Fitzgerald) amazingly managed to produce the following with
$sql = "SELECT * FROM crc1.tblusers WHERE emailaddress = '$email'
AND password = md5('$password')";

^^^
Function call within a string won't help =)


md5() is a valid MySQL function, should work fine.
http://www.mysql.com/doc/en/Miscella...functions.html

--
Chris
Jul 16 '05 #4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Whilst lounging around on 03 Jul 2003 12:51:48 +0100, Chris Morris
<c.********@durham.ac.uk> amazingly managed to produce the following
with their Etch-A-Sketch:
"Ian.H [dS]" <ia*@WINDOZEdigiserv.net> writes:
(Steve Fitzgerald) amazingly managed to produce the following
with
$sql = "SELECT * FROM crc1.tblusers WHERE emailaddress =
'$email' AND password = md5('$password')";

^^^
Function call within a string won't help =)


md5() is a valid MySQL function, should work fine.
http://www.mysql.com/doc/en/Miscella...functions.html

Ahh yes, my apologies Chris.. well pointed out =)

Regards,

Ian

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPwQoE2fqtj251CDhEQJvfgCfbn3aJi+wd8UZZquQF7QPWR 7SOAoAoKQ5
AyoUAlJB/OzwwmQDWmxPOmaA
=Fa3t
-----END PGP SIGNATURE-----

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.net | forum.digiserv.net
Programming, Web design, development & hosting.
Jul 16 '05 #5
The below code authenticates my login, but my sessions are not
registering. In the debugging section I have print_r ($_SESSION); and
all that produces in Array (). Am I missing something?

<?php
session_start();

// includes
include_once ("includes/common.php");
include_once ("includes/db_vars.inc");
//check to see if this form has already been submitted
if (!isSet($_POST['submit'])){
?>
<!-- LOGIN FORM -->
<form method=post action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username:</td><td><input type="text" name="email"
size=10></td><tr>
<td>Password:</td><td><input type="password" name="password"
size=10></td><tr>
<td>&nbsp;</td><td><input type="submit" name="submit" value="Log
In"></td>
</table></form>
<?php
}else{
//connect to database
dbConnect('crc1');
$email = $_POST['email'];
$password = $_POST['password'];
$sql = "SELECT * FROM crc1.tblusers WHERE emailaddress = '$email' AND
password = md5('$password')";
echo $sql;
$result = mysql_query($sql) or die ("Error in query: $sql. " .
mysql_error());
while ($row=mysql_fetch_array($result)) {
if (mysql_num_rows($result)!= False) {
$isLoggedIn = TRUE;
session_register("email");
session_register("password");
session_register("isLoggedIn");
//header('location: http://localhost/app/mycrc/mycrc.php');
}// end while
}//end if
echo '<br/>'.$_POST['email'].' <br/>';
echo ''.$_POST['password'].'<br/>';
print_r ($_SESSION);
}//end if
?>

Chris Morris <c.********@durham.ac.uk> wrote in message news:<87************@dinopsis.dur.ac.uk>...
"Ian.H [dS]" <ia*@WINDOZEdigiserv.net> writes:
(Steve Fitzgerald) amazingly managed to produce the following with
$sql = "SELECT * FROM crc1.tblusers WHERE emailaddress = '$email'
AND password = md5('$password')";

^^^
Function call within a string won't help =)


md5() is a valid MySQL function, should work fine.
http://www.mysql.com/doc/en/Miscella...functions.html

Jul 16 '05 #6
I corrected part of the problem by using $_SESSION instead of
session_register(). Now, the problem is that my code to validate if
$_SESSION["isLoggedIn"] has been set on the top of each of the pages
I'm trying to protect does not seem to work.

Here's the code:
<?php
session_start();
if (isSet($_SESSION['isLoggedIn']) != '1'){
header('location: http://localhost/login.php');
exit();
}else{
...rest of code
}
?>
I always get sent back to the login page.

Any suggestions?
sf@mnetsys.com (Steve Fitzgerald) wrote in message news:<f1**************************@posting.google. com>...
The below code authenticates my login, but my sessions are not
registering. In the debugging section I have print_r ($_SESSION); and
all that produces in Array (). Am I missing something?

<?php
session_start();

// includes
include_once ("includes/common.php");
include_once ("includes/db_vars.inc");
//check to see if this form has already been submitted
if (!isSet($_POST['submit'])){
?>
<!-- LOGIN FORM -->
<form method=post action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username:</td><td><input type="text" name="email"
size=10></td><tr>
<td>Password:</td><td><input type="password" name="password"
size=10></td><tr>
<td>&nbsp;</td><td><input type="submit" name="submit" value="Log
In"></td>
</table></form>
<?php
}else{
//connect to database
dbConnect('crc1');
$email = $_POST['email'];
$password = $_POST['password'];
$sql = "SELECT * FROM crc1.tblusers WHERE emailaddress = '$email' AND
password = md5('$password')";
echo $sql;
$result = mysql_query($sql) or die ("Error in query: $sql. " .
mysql_error());
while ($row=mysql_fetch_array($result)) {
if (mysql_num_rows($result)!= False) {
$isLoggedIn = TRUE;
session_register("email");
session_register("password");
session_register("isLoggedIn");
//header('location: http://localhost/app/mycrc/mycrc.php');
}// end while
}//end if
echo '<br/>'.$_POST['email'].' <br/>';
echo ''.$_POST['password'].'<br/>';
print_r ($_SESSION);
}//end if
?>

Chris Morris <c.********@durham.ac.uk> wrote in message news:<87************@dinopsis.dur.ac.uk>...
"Ian.H [dS]" <ia*@WINDOZEdigiserv.net> writes:
(Steve Fitzgerald) amazingly managed to produce the following with
> $sql = "SELECT * FROM crc1.tblusers WHERE emailaddress = '$email'
> AND password = md5('$password')";
^^^
Function call within a string won't help =)


md5() is a valid MySQL function, should work fine.
http://www.mysql.com/doc/en/Miscella...functions.html

Jul 16 '05 #7
Steve Fitzgerald wrote:
I corrected part of the problem by using $_SESSION instead of
session_register(). Now, the problem is that my code to validate if
$_SESSION["isLoggedIn"] has been set on the top of each of the pages
I'm trying to protect does not seem to work.

Here's the code:
<?php
session_start();
if (isSet($_SESSION['isLoggedIn']) != '1'){
header('location: http://localhost/login.php');
exit();
}else{
..rest of code
}
?>
I always get sent back to the login page.

Any suggestions?


either just use
if (!isset($_SESSION['isLoggedIn']) {
or
if ($_SESSION['isLoggedIn'] != 1) {
you've mixed the two together

Jul 16 '05 #8
Steve Fitzgerald wrote:
if (isSet($_SESSION['isLoggedIn']) != '1'){
header('location: http://localhost/login.php');
exit();
}else{
..rest of code
}


if (
!isset($_SESSION['isLoggedIn']) ||
(isset($_SESSION['isLoggedIn']) && $_SESSION['isLoggedIn'] != 1)
) {
// Send them to the login page.
} else {
// Rest of code
}

Jul 16 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by koolyio | last post: by
2 posts views Thread by Tom | last post: by
tolkienarda
8 posts views Thread by tolkienarda | last post: by
3 posts views Thread by bull1099 | last post: by
reply views Thread by harlem98 | last post: by
1 post views Thread by Geralt96 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.