BelovedDoll Posted January 26, 2011 Share Posted January 26, 2011 Building a website for work. I am struggling with the login for some reason. I`m using a lot of the same code as I did for my personal site and a few other websites I`ve programmed which has always worked. But for some reason, it isn`t working now. I`ve already told it to display to me the information that`s being processed and that is all correct (it even updates the database like it`s supposed to). It just won`t show the person being logged in, which defeats the purpose of logging in, yanno? Here are all the files in question. login.php <?php include "file_calls.php"; $title = "Business Name (Beta): Log In"; include "functions.php"; session_start(); echo "$title"; echo "<p>"; echo "Log into the Business Name website. Only authorized members of the Business Name Staff can log into the website."; echo "<p>"; include "login_form.php"; ?> login_form.php <?php echo "<form action='logging.php' method='post'>"; echo "E-Mail Address:"; echo "<br><input type='text' name='email' size=60 maxlength=100>"; echo "<p>"; echo "Password:"; echo "<br><input type='password' name='pass' size=60 maxlength=25>"; echo "<p>"; $buttonlabel = "Log In"; include "formbutton_format.php"; echo "</form>"; ?> logging.php <?php include "file_calls.php"; $title = "Business Name (Beta): Logging In"; include "functions.php"; session_start(); echo "$title"; echo "<p>"; echo "Logging into the Business Name website. Only authorized members of the Business Name Staff can log into the website."; echo "<p>"; $email = $_POST['email']; $pass = $_POST['pass']; $entry_date = strftime("%B\ %e\,\ %Y %I:%M:%S %p", time()); $res = mysql_query("SELECT id, memlev, pwd1, pwd2, email, name FROM user_data WHERE email='$email'"); $by = mysql_fetch_row($res); mysql_free_result($res); $log = $by[4]; $pas = $by[2]; $pas2 = $by[3]; if ($email && $pass) { if ($by[0]) { if ($by[1] == 2) { $passwd = crypt($_REQUEST['pass'],$by[5]); if ($pass == $pas2) { mysql_query("UPDATE user_data SET lastlogin='$entry_date' WHERE email='$email'"); mysql_close($con); header("Location: index.php"); } elseif ($passwd != $pas) { header("Location: nolog.php?logout=1&m=4"); } } elseif ($by[1] == 1) { header("Location: nolog.php?logout=1&m=2"); } elseif ($by[1] == 0) { header("Location: nolog.php?logout=1&m=3"); } } elseif (!$by[0]) { header("Location: nolog.php?logout=1&m=1"); } } elseif (!$email || !$pass) { echo "<b>Error:</b> Both username and password must be entered in order to log in."; echo "<p>"; include "login_form.php"; } ?>[/php index.php [code=php:0]<?php include "file_calls.php"; $title = "Business Name (Beta)"; include "functions.php"; session_start(); echo "$title"; echo "<p>"; echo "This website is currently under construction. Thank you for your patience."; echo "<p>"; if ($lev > 1) { echo "Hello, $loggeduser !"; } elseif ($lev < 2) { echo "Not logged in."; } echo "<p>"; echo "$lev"; echo "<br>$loggeduser<br>$email"; ?> auth.php <?php // Defines DEFINE('SESSION_MAGIC','sadhjasklsad2342'); // Initialization @session_start(); @ob_start(); /* Redirects to another page */ function Redirect($to) { @session_write_close(); @ob_end_clean(); @header("Location: $to"); } /* Deletes existing session */ function RemoveSession() { $_SESSION = array(); if (isset($_COOKIE[session_name()])) { @setcookie(session_name(), '', time()+(60*60*24*365), '/'); } } /* Checks if user is logged in */ function isLoggedIn() { return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)); } /* read message count */ function CountMessages($id) { if ($res=mysql_query("SELECT * FROM user_data WHERE email='$email'")) { $count=mysql_num_rows($res); mysql_free_result($res); return($count); } return 0; } /* Go login go! */ function Login($email,$pass) { global $nmsg, $rows; $ok=false; if ($res=mysql_query("SELECT id, email, name, pwd1, pwd2, memlev FROM user_data WHERE email='$email' AND pwd2='$pass'")) { if ($rows=mysql_fetch_row($res)) { $_SESSION['sess_name'] = $rows[2]; $_SESSION['pass'] = $pass; $_SESSION['gal'] = $rows[0]; $_SESSION['level2'] = $rows[5]; $_SESSION['email'] = $rows[1]; $_SESSION['magic'] = SESSION_MAGIC; $nmsg = CountMessages($rows[0]); $ok=true; } else { include('login_failed.php'); } mysql_free_result($res); } return($ok); } /* Terminates an existing session */ function Logout() { @RemoveSession(); @session_destroy(); } /* Escape array using mysql */ function Escape(&$arr) { if (Count($arr)>0) { foreach($arr as $k => $v) { if (is_array($v)) { Escape($arr[$k]); } else { if (function_exists('get_magic_quotes')) { if(!get_magic_quotes_gpc()) { $arr[$k] = stripslashes($v); } } $arr[$k] = mysql_real_escape_string($v); } } } } // ----------------------------------------------- // Main // ----------------------------------------------- Escape($_POST); Escape($_GET); Escape($_COOKIE); Escape($_REQUEST); Escape($_GLOBALS); Escape($_SERVER); ?> file_calls.php <?php include "info_con.php"; include "auth.php"; ?> functions.php <?php echo "<title>$title</title>"; $lev=isset($_SESSION['level2'])?$_SESSION['level2']:0; $logged=isset($_SESSION['gal'])?$_SESSION['gal']:0; $loggeduser=$_SESSION['sess_name']; $nmsg = 0; $rows = isset($_SESSION['rows'])?$_SESSION['rows']:array(); $email = isset($_SESSION['email'])?$_SESSION['email']:''; $pass = isset($_SESSION['pass'])?$_SESSION['pass']:''; function rand_chars($c, $l, $u = FALSE) { if (!$u) for ($s = '', $i = 0, $z = strlen($c)-1; $i < $l; $x = rand(0,$z), $s .= $c{$x}, $i++); else for ($i = 0, $z = strlen($c)-1, $s = $c{rand(0,$z)}, $i = 1; $i != $l; $x = rand(0,$z), $s .= $c{$x}, $s = ($s{$i} == $s{$i-1} ? substr($s,0,-1) : $s), $i=strlen($s)); return $s; } function ShowLoggedInBar() { global $email,$pass,$rows,$logid; $nmes=""; if($nmsg){ $nmes="($nmsg New)"; } echo "Hello, $loggeduser !"; } /* check if we are logging out */ if (isset($_REQUEST['logout'])) { Logout(); } /* check if already logged in */ if (isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)) { ShowLoggedInBar(); } else { /* not logged in, is it a form post? */ if (isset($_REQUEST['email']) && isset($_REQUEST['pass'])) { $email = $_REQUEST['email']; $pass = crypt($_REQUEST['pass'],$email); Login($email,$pass); } else { } } ?> Can anyone see why it works on everything but getting the person logged in? Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted January 26, 2011 Share Posted January 26, 2011 i would first remove every @ in the code. then i would add this at the top of the primary scripts: error_reporting(E_ALL); ini_set("display_errors", -1); then fix the notices and warnings until there are none. Quote Link to comment Share on other sites More sharing options...
BelovedDoll Posted January 26, 2011 Author Share Posted January 26, 2011 One of the errors is that it`s complaining about sess_name not being defined, but it is defined in auth.php: <?php $_SESSION['sess_name'] = $rows[2]; ?> Quote Link to comment Share on other sites More sharing options...
BelovedDoll Posted January 26, 2011 Author Share Posted January 26, 2011 Still need help. Been fighting with this for 2 days now and it`s holding things up. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 26, 2011 Share Posted January 26, 2011 What is the actual error that is returned? Quote Link to comment Share on other sites More sharing options...
BelovedDoll Posted January 26, 2011 Author Share Posted January 26, 2011 Notice: Undefined index: sess_name in /home1/pesterad/public_html/header.php on line 10 Which is: $loggeduser=$_SESSION['sess_name']; In which was defined in auth.php: if ($res=mysql_query("SELECT id, memlev, email, name FROM user_data WHERE email='$email' AND pwd2='$pass'")) { if ($rows=mysql_fetch_row($res)) { $_SESSION['sess_name'] = $email; $_SESSION['pass'] = $pass; $_SESSION['gal'] = $rows[0]; $_SESSION['level2'] = $rows[1]; $_SESSION['email'] = $rows[2]; $_SESSION['name'] = $rows[3]; $_SESSION['magic'] = SESSION_MAGIC; $nmsg = CountMessages($rows[0]); $ok=true; } else { include('login_failed.php'); } mysql_free_result($res); } Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 26, 2011 Share Posted January 26, 2011 You haven't posted the header.php file. Quote Link to comment Share on other sites More sharing options...
BelovedDoll Posted January 26, 2011 Author Share Posted January 26, 2011 header.php <?php include "info_con.php"; include "auth.php"; include "functions.php"; echo "<title>$title</title>"; $lev=isset($_SESSION['level2'])?$_SESSION['level2']:0; $logged=isset($_SESSION['gal'])?$_SESSION['gal']:0; $loggeduser=$_SESSION['sess_name']; $nmsg = 0; $rows = isset($_SESSION['rows'])?$_SESSION['rows']:array(); $email = isset($_SESSION['email'])?$_SESSION['email']:''; echo "<img src='logo.jpg'>"; echo "<p>"; ?> Some of the stuff in header.php were in functions.php but then I moved them to header.php. I did away with file_calls.php and moved it`s content to header.php. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted January 26, 2011 Share Posted January 26, 2011 are you sure this line is reached before you reference $_SESSION['sess_name'], and have you checked the value of $rows[2]? $_SESSION['sess_name'] = $rows[2]; Quote Link to comment Share on other sites More sharing options...
BelovedDoll Posted January 27, 2011 Author Share Posted January 27, 2011 I have all of my code posted in the first post. I can`t get anything about the logged in user to show up since the page is not even allowing the user to be logged in. Quote Link to comment Share on other sites More sharing options...
BelovedDoll Posted January 27, 2011 Author Share Posted January 27, 2011 Hmm, I guess no one can figure out this hard puzzle either? Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted January 27, 2011 Share Posted January 27, 2011 are you sure this line is reached before you reference $_SESSION['sess_name'], and have you checked the value of $rows[2]? $_SESSION['sess_name'] = $rows[2]; Did you add echo's after the condition to see if it is ever reached? Debugging is tedious, not magical. Quote Link to comment Share on other sites More sharing options...
BelovedDoll Posted January 27, 2011 Author Share Posted January 27, 2011 I`ve already said that it didn`t return anything. I also ran a bunch of echos on each and every little step with the actual login process and it was returning things just fine and verified information in the database just fine. But it just won`t have the person logged in. logging.php <?php // June 19 2009 require_once "header.php"; session_start(); $Title = "PET: Logging In"; echo "<title>$Title</title>"; echo "$Title"; echo "<p>"; $log = $_POST['log']; $pass = $_POST['pass']; $id = $_SESSION['gal']; $entry_date = strftime("%B\ %e\,\ %Y %I:%M:%S %p", time()); $res = mysql_query("SELECT id, memlev FROM user_data WHERE id='$id'"); $by = mysql_fetch_row($res); mysql_free_result($res); $res = mysql_query("SELECT id, memlev, pwd1, pwd2, name, email FROM user_data WHERE email='$log'"); $by2 = mysql_fetch_row($res); mysql_free_result($res); echo "$log <br>$pass <br>$entry_date"; echo "<p>"; echo "$by2[0] || $by2[1] || $by2[2] || $by2[3] || $by2[4] || $by2[5]"; $log2 = $by2[5]; $pass2 = $by2[2]; if ($log && $pass) { echo "<p>Part 1 Done"; if ($by2[0]) { echo "<p>Part 2 Done"; if ($by2[1] == 2) { echo "<p>Part 3 Done"; $passwd = crypt($_REQUEST['pass'],$by2[4]); echo "<br>$passwd || $pass2"; echo "<p>"; if ($passwd == $pass2) { mysql_query("UPDATE user_data SET lastlogin='$entry_date' WHERE id='$id'"); mysql_close($con); echo "$log <br>$pass <br>$entry_date"; echo "<p>You are logged in! <a href='index.php'>Main Page</a>."; } elseif ($passwd != $pass2) { echo "Error with password."; } } elseif ($by2[1] == 0) { echo "Error: Your application has not been accepted."; } } elseif (!$by2[0]) { echo "Error User doesnt exist."; } } else { echo "<span class='emph'>Error:</span> Both username and password must be entered in order to log in."; echo "<p>"; include "log.php"; } ?> Every bit of that is working perfectly. What isn`t working is when we go to any pages, the person is not logged in. Here are the other pages again: header.php <?php include "info_con.php"; include "auth2.php"; include "designpoints.php"; include "parsecomment.php"; ?> <META NAME="keywords" CONTENT=""> <META NAME="description" CONTENT=""> <body onLoad="if (self != top) top.location = self.location"> <link REL="SHORTCUT ICON" HREF="favicon.ico"> <?php echo "<a href='index.php'><img src='logo.jpg' border=0></a>"; echo "<br>"; include "log.php"; if ($lev < 1) { echo "<br><br><br>"; } $log = isset($_SESSION['sess_name'])?$_SESSION['sess_name']:''; $pass = isset($_SESSION['pass'])?$_SESSION['pass']:''; $nmsg = 0; $rows = isset($_SESSION['rows'])?$_SESSION['rows']:array(); $logid = isset($_SESSION['gal'])?$_SESSION['gal']:''; /* ========================================================================== */ function ShowLoggedInBar() { global $log,$pass,$nmsg,$rows,$logid; $nmes=""; if($nmsg){ $nmes="($nmsg New)"; } $res = mysql_query("SELECT name FROM user_data WHERE id='$logged'"); $loggeduser = mysql_fetch_row($res); mysql_free_result($res); $url = $_SERVER['SERVER_NAME']; echo "<p>"; echo "<b><a href='trancer.php?g=$logid'>$log</a></b>"; echo "<br><br>"; echo "<font size=2><a href='logout.php?logout=1'>Logout</a></font>"; } /* check if we are logging out */ if (isset($_REQUEST['logout'])) { Logout(); } /* check if already logged in */ if (isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)) { ShowLoggedInBar(); } else { /* not logged in, is it a form post? */ if (isset($_REQUEST['log']) && isset($_REQUEST['pass'])) { $log = $_REQUEST['log']; $pass = crypt($_REQUEST['pass'],$log); Login($log,$pass); } else { } } ?> designpoints.php <?php include("info_con.php"); $lev=isset($_SESSION['level2'])?$_SESSION['level2']:0; $logged=isset($_SESSION['gal'])?$_SESSION['gal']:0; $loggeduser=$_SESSION['sess_name']; ?> auth2.php <?php // Defines DEFINE('SESSION_MAGIC','sadhjasklsad2342'); // Initialization @session_start(); @ob_start(); /* Redirects to another page */ function Redirect($to) { @session_write_close(); @ob_end_clean(); @header("Location: $to"); } /* Deletes existing session */ function RemoveSession() { $_SESSION = array(); if (isset($_COOKIE[session_name()])) { @setcookie(session_name(), '', time()+(60*60*24*365), '/'); } } /* Checks if user is logged in */ function isLoggedIn() { return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)); } /* read message count */ function CountMessages($id) { if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1")) { $count=mysql_num_rows($res); mysql_free_result($res); return($count); } return 0; } /* Go login go! */ function Login($username,$password) { global $nmsg, $rows; $ok=false; if ($res=mysql_query("SELECT id, memlev, email, name FROM user_data WHERE email='$username' AND pwd1='$password'")) { if ($rows=mysql_fetch_row($res)) { $_SESSION['sess_name'] = $username; $_SESSION['pass'] = $password; $_SESSION['gal'] = $rows[0]; $_SESSION['level2'] = $rows[1]; $_SESSION['magic'] = SESSION_MAGIC; $nmsg = CountMessages($rows[0]); $ok=true; } else { } mysql_free_result($res); } return($ok); } /* Terminates an existing session */ function Logout() { @RemoveSession(); @session_destroy(); } /* Escape array using mysql */ function Escape(&$arr) { if (Count($arr)>0) { foreach($arr as $k => $v) { if (is_array($v)) { Escape($arr[$k]); } else { if (function_exists('get_magic_quotes')) { if(!get_magic_quotes_gpc()) { $arr[$k] = stripslashes($v); } } $arr[$k] = mysql_real_escape_string($v); } } } } // ----------------------------------------------- // Main // ----------------------------------------------- Escape($_POST); Escape($_GET); Escape($_COOKIE); Escape($_REQUEST); Escape($_GLOBALS); Escape($_SERVER); ?> These are all files I have used on many other website projects and they work perfectly. The only thing I changed are names of tables and fields to match what`s being used for this current project and yet it doesn`t work. This is very frustrating. This work -has- to get done for work and this is day 3 of trying to get this simple function to work. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted January 27, 2011 Share Posted January 27, 2011 I`ve already said that it didn`t return anything. Sorry, I don't see a reply to my post about echoing values to see if they are set. I don't know what you mean by "I`ve already said that it didn`t return anything." i see you also ignored my suggestion to remove @ and add error_reporting. I won't bother you any more. Quote Link to comment Share on other sites More sharing options...
BelovedDoll Posted January 27, 2011 Author Share Posted January 27, 2011 I did remove the @ but it did not make a difference in how the code was functioning so I put them back in. Quote Link to comment Share on other sites More sharing options...
phpSensei Posted January 27, 2011 Share Posted January 27, 2011 Why do you have so many useless includes? It seems like your are just making things more complicated, just trying to figure things out for your makes my head spin, some pages dont even have the session_start() properly. auth1.php auth2.php login_form.php I dont see the point of this. Reorganized your code. Quote Link to comment Share on other sites More sharing options...
BelovedDoll Posted January 27, 2011 Author Share Posted January 27, 2011 I apologize for not clarifying myself. auth.php was replaced with auth2.php, so auth.php is no longer in the workings of the code, there is only auth2.php. login_form.php is the form for logging in. It is used in a few different pages and I felt it easier to have one file to edit when I want/need to make changes to the login form instead of having to try to remember which files have the form and update multiple files. That`s what a lot of these file calls are, calling on a file that has information in it that will be used on multiple pages and I just want to update only one file when changes are made. Quote Link to comment Share on other sites More sharing options...
phpSensei Posted January 29, 2011 Share Posted January 29, 2011 I apologize for not clarifying myself. auth.php was replaced with auth2.php, so auth.php is no longer in the workings of the code, there is only auth2.php. login_form.php is the form for logging in. It is used in a few different pages and I felt it easier to have one file to edit when I want/need to make changes to the login form instead of having to try to remember which files have the form and update multiple files. That`s what a lot of these file calls are, calling on a file that has information in it that will be used on multiple pages and I just want to update only one file when changes are made. Ah that makes more sense. Alright, Output every variable that is being used in a IF/ELSE condition, see if the variables are passing the validation, then MAKE SURE EVERYPAGE where a session is called upon you have session_start(); before any HTML ... just put it at the first line of your page, easier this way. Reorganize your coding, add comments and proper indents so seperate the functions/operations performed in the script... Debug every way possible, and if you still have trouble come back herer <3 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.