Jump to content

no errors but cant login

fife

By fife
in PHP Coding Help

 Share

Recommended Posts

fife Advanced Member

fife

Posted
Posted

Hi I suppose my post consists of two questions really.  The first being, when I try and login with an account that stored in the database (password is stored in md5 format) I get no syntax errors but I get my $error message of login details incorrect.  I know for sure they are not as I have run this many times now.  There must be a fault with the code.  I even tried entering the password in as is md5 but that did not work either.  Here is my code can anyone see where I have gone wrong?  The other question relates to sql injection.  I'm just wondering if the code I have written is safe or have I missed some basic checks out.  I'm very new to hand coding php myself as I've always used Dreamweaver.  However I do not like the way I puts in all that ridicules code.  Also you don’t get that sense of achievement from software like that.  Anyway here is the code.

<?php
include('Connections/database.php');
if(isset($_POST['submit3'])) {

	$qCheckUserInfo = "SELECT * FROM Members WHERE email='".mysql_real_escape_string($_POST['email3'])."'";
	$rCheckUserInfo = mysql_query($qCheckUserInfo);
	$numUsers = mysql_num_rows($rCheckUserInfo);

	if($numUsers == 0) {
		$message = "Incorrect login details";	
		$success = 0;
	}
	else {
		$userInfo = mysql_fetch_array($rCheckUserInfo);
		$password = $userInfo['password'];
		if($password == md5($_POST['password3'])) {

			$success = 1;
			$_SESSION['logged'] = 1;
			$_SESSION['username'] = $userInfo['username'];
			$_SESSION['first_name'] = $userInfo['first_name'];
			$_SESSION['last_name'] = $userInfo['last_name'];
			$_SESSION['email'] = $userInfo['email'];
			$_SESSION['user_type'] = $userInfo['user_type'];
			$_SESSION['access_level']= $userInfo['access_level'];
if($_SESSION['logged'])
			if($_SESSION['user_type']== 'Member') {
				header('Location: members/index.php');
			}
			else if($_SESSION['usertype'] == 'Owner') {
				header('Location: owner/index.php');
			}
			else if($_SESSION['usertype'] == 'Corporation') {
				header('Location: corporation/index.php');
			}
			else if($_SESSION['usertype'] == 'Administrator') {
				header('Location: owner/admin/index.php');
			}
			else if($_SESSION['usertype'] ==  'Staff') {
				header('Location: owner/staff/index.php');
			}
		}
		else {
			$message = "Incorrect login details";
			$success = 0;
		}
	}
}
?>
<body>
<div id="wrapper">
<div id="title_box">
<div id="logo"><img src="images/site_images/arena.jpg" /></div>
  <div id="login_box">
<?php
	if($success != 1 && !($_SESSION['logged'])) {
?><?php
		if($success==0) {
			echo $message;	
		}
	?>


<form   METHOD="POST" name="login_form" class="black_text" id="login_form">
  <table width="252" border="0" align="right" cellpadding="0" cellspacing="5" id="login_tab">
  <tr>
    <td width="84"><div align="left">Username:</div></td>
    <td><input name="email3" type="text" class="form_fields" value="<?php echo $_POST['email3']; ?>" id="email3" tabindex="1" /></td>
  </tr>
  <tr>
    <td><div align="left">Password:</div></td>
    <td><input name="password3" type="password" class="form_fields" id="password3" tabindex="2" /></td>
  </tr>
  <tr>
    <td colspan="2"></td>
    </tr>
  <tr>
    <td colspan="2" class="forgotten_pass"><div align="right">Forgotten your password?</div></td>
  </tr>
  <tr>
    <td height="24"><div align="left"></div></td>
    <td><div align="right">
      <input name="submit3" type="submit" id="submit3" tabindex="3" value="Login" />
    </div></td>
  </tr>
</table>
<?php
	} //end fail if
?>
  </form>
  </div>
</div>




  <?php include('nav.php');?>


<div id="test">main page </div>

<?php include('footer.php');?>
</div>
</body>

Link to comment
Share on other sites
wildteen88 Regular Member

wildteen88

Posted
Posted

You should compare the password within your MySQL Query, eg

if(isset($_POST['submit3']))
{
    $email = mysql_real_escape_string($_POST['email3']);
    $password = md5($_POST['password3']);

    $sql = "SELECT username, password FROM Members WHERE email='$email' AND password='$password'";
    $result = mysql_query($sql);

     // check that only one result has been returned, indicating a match with the username/password
    if($result && mysql_num_rows($result) == 1)
    {
          // user has provided correct login details
          // continue to login user
    }
    else
    {
        // User has provided invalid login details
        // display an error messsage
    }
}

 

've always used Dreamweaver.  However I do not like the way I puts in all that ridicules code.  Also you don’t get that sense of achievement from software like that

This is why it is best to type the code out yourself. That way you should understand your code and work out how to debug it if things go wrong.

Link to comment
Share on other sites
fife Advanced Member

fife

Posted
  • Author
Posted

Right I understand the code you wrote and yes thats a much better way to write it so.  I incorporated your code with my old code and came up with the code below.  Yet the same $error i wrote displays even if the right details are typed into the form. Any suggestions?????

 

 

 

<?php
include('Connections/database.php');
session_start();
?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>The only 1</title>
<?php
if(isset($_POST['submit3'])) {


  $email = mysql_real_escape_string($_POST['email3']);   
   $password = md5($_POST['password3']);    

$qCheckUserInfo = "SELECT email, password FROM Members WHERE email='$email' AND password='$password'";
$rCheckUserInfo = mysql_query($qCheckUserInfo);		
$result = mysql_num_rows($rCheckUserInfo);				

if($result && mysql_num_rows($result) == 1) {

			$success = 1;
			$_SESSION['logged'] = 1;
			$_SESSION['username'] = $userInfo['username'];
			$_SESSION['first_name'] = $userInfo['first_name'];
			$_SESSION['last_name'] = $userInfo['last_name'];
			$_SESSION['email'] = $userInfo['email'];
			$_SESSION['usertype'] = $userInfo['usertype'];
			$_SESSION['access_level']= $userInfo['access_level'];



			if($_SESSION['usertype']== 'Member') {
				header('Location: member_join.php');

			}
			else if($_SESSION['usertype'] == 'Owner') {
				header('Location: owner/index.php');
			}
			else if($_SESSION['usertype'] == 'Corporation') {
				header('Location: corporation/index.php');
			}
			else if($_SESSION['usertype'] == 'Administrator') {
				header('Location: owner/admin/index.php');
			}
			else if($_SESSION['usertype'] ==  'Staff') {
				header('Location: owner/staff/index.php');
			}
		}
		else {
			$message = "Incorrect login details";
			$success = 0;
		}
	}


?>
<link href="stylz.css" rel="stylesheet" type="text/css" />
<link href="reset.css" rel="stylesheet" type="text/css" />
</head>

    <body>
    <div id="wrapper">
    <div id="title_box">
     <div id="logo"><img src="images/site_images/your_arena.jpg" /></div>
      <div id="login_box">
       <?php
	if($success != 1 && !($_SESSION['logged'])) {
?><?php
		if($success==0) {
			echo $message;	
		}
	?>
<form name="login" method="post">
    
        <label for="username">Username:</label><br/>
        <input type="text" name="email3" id="email3" value="<?php echo $_POST['email3']; ?>"  /><br/>
        <label for="password">Password:</label><br/>
        <input type="password" name="password3" id="password3" /><br/>
        <br />
        <input type="submit" name="submit3" id="submit3" value="Log In" />
        <?
	}
	?>
           </form>
      </div>
    </div>
    
    
    
    
      <?php include('nav.php');?>
    
    
    <div id="test">main page </div>
    
    <?php include('footer.php');?>
    </div>
    </body>
</html>

Link to comment
Share on other sites
fife Advanced Member

fife

Posted
  • Author
Posted

I said there were no errors appearing in the code but I was wrong there is an error but it appears at the bottom of the page in the source code.  Problem is when i google the answer there is no actual solution.  They all seem to be different.  here is the error

 

Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively

 

What is this?

 

Here is my code again

<?php
include('Connections/YA1.php');
session_start();
?>

<?php
if(isset($_POST['submit3'])) {


  $email = mysql_real_escape_string($_POST['email3']);   
  $password = md5($_POST['password3']);    

$qCheckUserInfo = "SELECT email, password FROM Members WHERE email='$email' AND password='$password'";
$userInfo = mysql_query($qCheckUserInfo);		


if($userInfo && mysql_num_rows($userInfo) == 1) {

			$success = 1;
			$_SESSION['logged'] = 1;
			$_SESSION['username'] = $userInfo['username'];
			$_SESSION['first_name'] = $userInfo['first_name'];
			$_SESSION['last_name'] = $userInfo['last_name'];
			$_SESSION['email'] = $userInfo['email'];
			$_SESSION['usertype'] = $userInfo['usertype'];
			$_SESSION['access_level']= $userInfo['access_level'];

			echo $_SESSION['first_name'];

			if($_SESSION['usertype']== 'Member') {
				header('Location: member/index.php');

			}
			else if($_SESSION['usertype'] == 'Owner') {
				header('Location: owner/index.php');
			}
			else if($_SESSION['usertype'] == 'Corporation') {
				header('Location: corporation/index.php');
			}
			else if($_SESSION['usertype'] == 'Administrator') {
				header('Location: owner/admin/index.php');
			}
			else if($_SESSION['usertype'] ==  'Staff') {
				header('Location: owner/staff/index.php');
			}
		}
		else {
			$message = "Incorrect login details";
			$success = 0;
		}
	}


?>
<link href="stylz.css" rel="stylesheet" type="text/css" />
<link href="reset.css" rel="stylesheet" type="text/css" />
</head>

    <body>
    <div id="wrapper">
    <div id="title_box">
     <div id="logo"><img src="images/site_images/your_arena.jpg" /></div>
      <div id="login_box">
       <?php
	if($success != 1 && !($_SESSION['logged'])) {
?><?php
		if($success==0) {
			echo $message;	
		}
	?>
<form name="login" method="post">
    
        <label for="email3">Username:</label><br/>
        <input type="text" name="email3" id="email3" value="<?php echo $_POST['email3']; ?>"  /><br/>
        <label for="password3">Password:</label><br/>
        <input type="password" name="password3" id="password3" /><br/>
        <br />
        <input type="submit" name="submit3" id="submit3" value="Log In" />
        <?
	}
	?>
           </form>
      </div>
    </div>
    
    
    
    
      <?php include('nav.php');?>
    
    
    <div id="test">main page </div>
    
    <?php include('footer.php');?>
    </div>
    </body>
</html>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.