Jump to content

I Need Major Help, PHP mysqli,

drogers76

By drogers76
in PHP Coding Help

 Share

Recommended Posts

drogers76 Newbie

drogers76

Posted
Posted

Here is my code so far... I can't login using this php, i am new to php and am trying my hardest to figure this out... i have been on this for 4 days and am about to pull all of my hair out... can anyone please help me...

 

//******** start of login.php ********

 

<?php

  require_once('connectvars.php');

 

  // Start the session

  session_start();

 

  // Clear the error message

// $error_msg = "";

 

  // If the user isn't logged in, try to log them in

  if (!isset($_SESSION['user_id'])) {

    if (isset($_POST['submit'])) {

      // Connect to the database

      $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

 

if (!$dbc) {

    die('Could not connect: ' . mysqli_error());

}

 

echo 'Connected successfully';

 

      // Grab the user-entered log-in data

      $user_email = mysqli_real_escape_string($dbc, trim($_POST['email']));

      $user_pass = mysqli_real_escape_string($dbc, trim($_POST['password']));

 

      if (!empty($user_email) && !empty($user_password)) {

        // Look up the username and password in the database

        $query = "SELECT tb_user_id, tb_user_email FROM tb_users WHERE tb_user_email = '$user_email' AND tb_user_password = SHA('$user_pass')";

$data = mysqli_query($dbc, $query);

 

        if (mysqli_num_rows($data) == 1) {

 

 

          // The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page

 

          $row = mysqli_fetch_array($data);

  $_SESSION['user_id'] = $row['tb_user_id'];

          $_SESSION['email'] = $row['tb_user_email'];

          setcookie('user_id', $row['tb_user_id'], time() + (60 * 60 * 24 * 30));    // expires in 30 days

          setcookie('email', $row['tb_user_email'], time() + (60 * 60 * 24 * 30));  // expires in 30 days

          $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';

          header('Location: ' . $home_url);

        }

        else {

          // The username/password are incorrect so set an error message

  $error_msg = 'Sorry, you must enter a valid username and password to log in1.';

        }

      }

      else {

//*********** This is the error i keep getting

// The username/password weren't entered so set an error message

      $error_msg = 'Sorry, you must enter your username and password to log in2.';

      }

    }

  }

 

  // Insert the page header

  $page_title = 'Log In';

  require_once('header.php');

 

  // If the session var is empty, show any error message and the log-in form; otherwise confirm the log-in

  if (empty($_SESSION['user_id'])) {

    echo '<p class="error">' . $error_msg . '</p>';

?>

 

  <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

    <fieldset>

      <legend>Log In</legend>

      <label for="email">Email Address:</label>

      <input type="text" name="email" value="<?php if (!empty($user_email)) echo $user_email; ?>" /><br />

      <label for="password">Password:</label>

      <input type="password" name="password"/>

    </fieldset>

    <input type="submit" value="Log In" name="submit" />

  </form>

 

<?php

  }

  else {

    // Confirm the successful log-in

    echo('<p class="login">You are logged in as ' . $_SESSION['email'] . '.</p>');

  }

?>

 

<?php

  // Insert the page footer

  require_once('footer.php');

?>

 

Link to comment
Share on other sites
rwwd Member

rwwd

Posted
Posted

Hi there,

      $user_email = mysqli_real_escape_string($dbc, trim($_POST['email']));
      $user_pass = mysqli_real_escape_string($dbc, trim($_POST['password']));

      if (!empty($user_email) && !empty($user_pass)) {

 

Alter the vars name in the !empty($user_password) and take off the word I have placed in bold, it doesn't match what you had called the variable in the previous lump of code..

 

And the use of $_SERVER['PHP_SELF']; isn't recommended now as there are security issues around it, either leave the attribute blank or put in the filename of the file that you have written the code in.

 

Change this:-

<input type="text" name="email" value="<?php if (!empty($user_email)) echo $user_email; ?>" /><br />

 

to:-

 

<input type="text" name="email" value="<?php echo(!empty($user_email)) ? $user_email : ''); ?>" /><br />

 

That just makes that easier to read.

 

have you tried this (reformatted):-

$query = "SELECT `tb_user_id`, `tb_user_email` FROM `tb_users` WHERE `tb_user_email` = '".$user_email."' AND `tb_user_password` = SHA('".$user_pass."')";

 

through phpmyadmin/mysql query browser to see if it gives you the result your expecting (by which I mean the populated string and not the code;-p)

 

And instead of doing this: if (mysqli_num_rows($data) == 1) { do this: if (mysqli_num_rows($data) > 0) { This just makes the code a little bit more lenient and not so critical (though this could be argued)

 

I'm not sure that this will fix it, but you can give it a go!

 

Cheers,

Rw

Link to comment
Share on other sites
drogers76 Newbie

drogers76

Posted
  • Author
Posted

ok, now i am getting the error:

"Sorry, you must enter a valid username and password to log in1"

so i think i am getting close... here is all of the new code....

 

//***************START login.php

<?php

  require_once('connectvars.php');

 

  // Start the session

  session_start();

 

  // Clear the error message

// $error_msg = "";

 

  // If the user isn't logged in, try to log them in

  if (!isset($_SESSION['user_id'])) {

    if (isset($_POST['submit'])) {

      // Connect to the database

      $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

 

if (!$dbc) {

    die('Could not connect: ' . mysqli_error());

}

 

echo 'Connected successfully';

 

      // Grab the user-entered log-in data

      $user_email = mysqli_real_escape_string($dbc, trim($_POST['email']));

      $user_pass = mysqli_real_escape_string($dbc, trim($_POST['password']));

 

      if (!empty($user_email) && !empty($user_pass)) {

        // Look up the username and password in the database

        $query = "SELECT tb_user_id, tb_user_email FROM tb_users WHERE tb_user_email = '$user_email' AND tb_user_password = SHA('$user_pass')";

$data = mysqli_query($dbc, $query);

 

        if (mysqli_num_rows($data) > 0) {

 

 

          // The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page

 

          $row = mysqli_fetch_array($data);

  $_SESSION['user_id'] = $row['tb_user_id'];

          $_SESSION['email'] = $row['tb_user_email'];

          setcookie('user_id', $row['tb_user_id'], time() + (60 * 60 * 24 * 30));    // expires in 30 days

          setcookie('email', $row['tb_user_email'], time() + (60 * 60 * 24 * 30));  // expires in 30 days

          $home_url = 'http://' . $_SERVER['HTTP_HOST'] . '/scripts/' . 'index.php';

          header('Location: ' . $home_url);

 

        }

        else {

          // The username/password are incorrect so set an error message

  $error_msg = 'Sorry, you must enter a valid username and password to log in1.';

        }

      }

      else {

 

// The username/password weren't entered so set an error message

      $error_msg = 'Sorry, you must enter your username and password to log in2.';

      }

    }

  }

 

  // Insert the page header

  $page_title = 'Log In';

  require_once('header.php');

 

  // If the session var is empty, show any error message and the log-in form; otherwise confirm the log-in

  if (empty($_SESSION['user_id'])) {

    echo '<p class="error">' . $error_msg . '</p>';

?>

 

  <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

    <fieldset>

      <legend>Log In</legend>

      <label for="email">Email Address:</label>

      <input type="text" name="email" value="<?php if (!empty($user_email)) echo $user_email; ?>" /><br />

      <label for="password">Password:</label>

      <input type="password" name="password"/>

    </fieldset>

    <input type="submit" value="Log In" name="submit" />

  </form>

 

<?php

  }

  else {

    // Confirm the successful log-in

    echo('<p class="login">You are logged in as ' . $_SESSION['email'] . '.</p>');

  }

?>

 

<?php

  // Insert the page footer

  require_once('footer.php');

?>

 

 

Link to comment
Share on other sites
drogers76 Newbie

drogers76

Posted
  • Author
Posted

There has to be something wrong with this section of code....

 

if (mysqli_num_rows($data) > 0) {

         

 

          // The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page

       

          $row = mysqli_fetch_array($data);

        $_SESSION['user_id'] = $row['tb_user_id'];

          $_SESSION['email'] = $row['tb_user_email'];

          setcookie('user_id', $row['tb_user_id'], time() + (60 * 60 * 24 * 30));    // expires in 30 days

          setcookie('email', $row['tb_user_email'], time() + (60 * 60 * 24 * 30));  // expires in 30 days

          $home_url = 'http://' . $_SERVER['HTTP_HOST'] . '/scripts/' . 'index.php';

          header('Location: ' . $home_url);

       

 

anymore help would be so awsome.. i cant move forward untill i figure this out... and it has been a nightmare...

 

Link to comment
Share on other sites
rwwd Member

rwwd

Posted
Posted

No your misunderstanding the issue, this appears to be an issue with what comes back from the sql server, echo the sql string to screen AFTER it is populated; make sure it is/has what you want, then copy and paste that into your phpmyadmin/sql query browser & see what it returns, this will highlight any spelling errors, wrongly assigned names etc, the code seems fine, so you need to go from the sql end of things now:-

 

if (!empty($user_email) && !empty($user_pass)) {
        // Look up the username and password in the database
        echo $query = "SELECT tb_user_id, tb_user_email FROM tb_users WHERE tb_user_email = '$user_email' AND tb_user_password = SHA('$user_pass')";
exit;
      $data = mysqli_query($dbc, $query);

 

Do this & see what you get and if it is as expected! From there you can debug it!

 

Cheers,

Rw

Link to comment
Share on other sites
drogers76 Newbie

drogers76

Posted
  • Author
Posted

i am going to scream and just pogo a hot poker for messing this thing up... i have the database set to only allow 32 charactor email addresses,  all of my email addresses were way longer.. so that was the problem all along... i am such a jack@$$... finally its all fixed though... Thank you everyone for your help, now to the psychologist for some real help...

 

 

Link to comment
Share on other sites
rwwd Member

rwwd

Posted
Posted

I guessed as much when the query moved the error message.

 

When you are using any hash/sha function, read the manual to see what char length is returned when data is passed into it. Then adjust your DB to suit, then this will eliminate anything else like this in the future. It's happened to me more time's than I care to mention!!

 

Anyway, it's working now, after a few revisions of the code you will wonder what all the fuss was about!!

 

Cheers,

Rw

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.