By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,404 Members | 2,145 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,404 IT Pros & Developers. It's quick & easy.

php mysql authentication problem! help

P: 1
Hi Guys

I have created a website and to makes things easier i decided to use dreamweaver to do the secure login section and access levels for the pages.

When testing locally on wamp my website works perfectly. On internet though, the pages that don't require a user to log in i can search my job database perfectly and see the results so the connection to the database is fine.

When i try to log in though i just get a user is unauthorised error because for some reason its not getting the info from the right database or the right table on the database or the connection is not right im not sure. I have emailed my support and they say they can't see an error with the connection dbusername dbpass dbname and suggest its a problem with my code somewhere.

It works perfectly on my local machine though arghhh!! Below is some of the code from the wizard.php page that was created in the /connections folder by dreamweaver. It all looks correct to me.

$[PHP] hostname_Wizard = "mysqlservername";

$database_Wizard = "mydatabasename";

$username_Wizard = "mysqlusername";

$password_Wizard = "mysqlpassword";

$Wizard = mysql_pconnect($hostname_Wizard, $username_Wizard, $password_Wizard) or trigger_error(mysql_error(),E_USER_ERROR);

Below is code from the page where the user will log in located above the head tag.

<?php require_once('Connections/Wizard.php'); ?>

<?php

//initialize the session

session_start();



// ** Logout the current user. **

$logoutAction = $ SERVER['PHP_SELF']."?doLogout=true";

if ((isset( $ SERVER['QUERY_STRING'])) && ( $ SERVER['QUERY_STRING'] != "")){

$logoutAction .="&". htmlentities( $ SERVER['QUERY_STRING']);

}



if ((isset( $ GET['doLogout'])) &&( $ GET['doLogout']=="true")){

//to fully log out a visitor we need to clear the session varialbles

session_unregister('MM_Username');

session_unregister('MM_UserGroup');



$logoutGoTo = "stafflogin.php";

if ($logoutGoTo) {

header("Location: $logoutGoTo");

exit;

}

}

?>

<?php

// *** Validate request to login to this site.

if (!isset( $ SESSION)) {

session_start();

}



$loginFormAction = $ SERVER['PHP_SELF'];

if (isset( $ GET['accesscheck'])) {

$ SESSION['PrevUrl'] = $ GET['accesscheck'];

}



if (isset( $ POST['username2'])) {

$loginUsername= $ POST['username2'];

$password= $ POST['password2'];

$MM_fldUserAuthorization = "accesslevel";

$MM_redirectLoginSuccess = "securestaff.php";

$MM_redirectLoginFailed = "unauthorised.php";

$MM_redirecttoReferrer = true;

mysql_select_db($database_Wizard, $Wizard);



$LoginRS__query=sprintf("SELECT name, pass, accesslevel FROM staff WHERE name='%s' AND pass='%s'",

get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));



$LoginRS = mysql_query($LoginRS__query, $Wizard) or die(mysql_error());

$loginFoundUser = mysql_num_rows($LoginRS);

if ($loginFoundUser) {



$loginStrGroup = mysql_result($LoginRS,0,'accesslevel');



//declare two session variables and assign them

$ SESSION['MM_Username'] = $loginUsername;

$ SESSION['MM_UserGroup'] = $loginStrGroup;



if (isset( $ SESSION['PrevUrl']) && true) {

$MM_redirectLoginSuccess = $ SESSION['PrevUrl'];

}

header("Location: " . $MM_redirectLoginSuccess );

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

}

?>

[/PHP]

Below is code from the body of the page at the login boxes.



[HTML] <form action="<?php echo $loginFormAction; ?>" method="POST">

<table width="271" border="0" cellspacing="2" cellpadding="1">

<tr>

<td width="96" bgcolor="#EAEAEA"><label>Username:</label></td>

<td width="120"><input type="text" name="username2" size="20" /></td>

<td width="41">&nbsp;</td>

</tr>

<tr>

<td bgcolor="#EAEAEA"><label>Password: </label></td>

<td><input type="password" name="password2" size="20" /></td>

<td>&nbsp;</td>

</tr>

<tr>

<td bgcolor="#EAEAEA">Log In:</td>

<td><input type="submit" value=" Log In " /></td>

<td>&nbsp;</td>

</tr>

</table>

</form>

[/HTML]

Below is some code from the page that works it all out.



[PHP] <?php

//initialize the session

session_start();



// ** Logout the current user. **

$logoutAction = $ SERVER['PHP_SELF']."?doLogout=true";

if ((isset( $ SERVER['QUERY_STRING'])) && ( $ SERVER['QUERY_STRING'] != "")){

$logoutAction .="&". htmlentities( $ SERVER['QUERY_STRING']);

}



if ((isset( $ GET['doLogout'])) &&( $ GET['doLogout']=="true")){

//to fully log out a visitor we need to clear the session varialbles

session_unregister('MM_Username');

session_unregister('MM_UserGroup');



$logoutGoTo = "index.php";

if ($logoutGoTo) {

header("Location: $logoutGoTo");

exit;

}

}

?>

<?php

session_start();

$MM_authorizedUsers = "administrator";

$MM_donotCheckaccess = "true";



// *** Restrict Access To Page: Grant or deny access to this page

function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {

// For security, start by assuming the visitor is NOT authorized.

$isValid = False;



// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.

// Therefore, we know that a user is NOT logged in if that Session variable is blank.

if (!empty($UserName)) {

// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.

// Parse the strings into arrays.

$arrUsers = Explode(",", $strUsers);

$arrGroups = Explode(",", $strGroups);

if (in_array($UserName, $arrUsers)) {

$isValid = true;

}

// Or, you may restrict access to only certain users based on their username.

if (in_array($UserGroup, $arrGroups)) {

$isValid = true;

}

if (($strUsers == "") && true) {

$isValid = true;

}

}

return $isValid;

}



$MM_restrictGoTo = "unauthorised.php";

if (!((isset( $ SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $ SESSION['MM_Username'], $ SESSION['MM_UserGroup'])))) {

$MM_qsChar = "?";

$MM_referrer = $ SERVER['PHP_SELF'];

if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";

if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)

$MM_referrer .= "?" . $QUERY_STRING;

$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);

header("Location: ". $MM_restrictGoTo);

exit;

}

?>

[/PHP] I know its a big ask but i would really appreciate some php gurus help here as im stuck because it all works perfectly on my local wampserver but not on the net.



Regards



Joseph
Jul 2 '06 #1
Share this Question
Share on Google+
2 Replies


ronverdonk
Expert 2.5K+
P: 4,258
Before going through this bunch of code, have you ever traced the content of the important variables during processing, such as $LoginRS__query (contains the actual query with username and password) and the results from that query.

That must at least give you an answer to your hunch that the query is wrong or that the incorrect data base is used.

Ronald :cool:
Jul 21 '06 #2

bevort
P: 53
I ran into a same kind of problem when having to reinstall my local developing machine. The code that worked before and still works on the net does noet work anymore. I found my solution in checking the PHP.INI file (working on a windows server) and the Apache server. Check your settings on your local machine and set them to your net server then you have the same area to develop in as your online site.

Major differances can be found in PHP.ini when using registor_globals are set on or off. the same goes for the session.save_path.

Changing your local setting may force you to rebuild parts of your code but you will be certain that the code will work on both servers now.

I also see 2 session_start() statements in your last page. This will generate 2 sessioncookies on the server. The code will work with the last and store variables in this one but the server will work with the 1st one. So going to another page and using session_start your browser will point to an empty session witn no login information.

Another this is to keep things together. Keep only those part thah have to do with ligon in its own script and the logout parts in another. Afterwords put duplicate code into includefiles. This makes your files readable and maintainable even after several years.

Vincent
Jul 30 '06 #3

Post your reply

Sign in to post your reply or Sign up for a free account.