lanceox Posted April 24, 2011 Share Posted April 24, 2011 Hi guys, I got a little bit of an issue. I have a register page, which works fine and submits to itsself, however i also have a login page which currently has no errors but doesnt allow any1 to log in. If some1 can see why that will be great, as this is causing so many issues. This is the last step i cant get past. Here is the code <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>Forensics E-learning Package</title> <script type="text/javascript" src="start.js"></script> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <div id="wrapper"> <div id="header"> <div id="toplinks"> </div> </div> <div id="menu"> <ul> <li><a class="selected" href="index.html">Home</a></li> <li><a href="index.php">Initial Quiz</a></li> <li><a href="about.php">About</a></li> <li><a href="member.php">Member Section</a></li> </ul> </div> <div id="content"> <div id="main"> <h1>Forensics E-Learning Package</h1><BR /></head> Login to the User Profiled E-Learning Course which is specifically aimed to raise awareness in computer forensics. <?php $submit =&$_POST['submit']; if(isset($submit)) { if($username && sha1($password)) { $username =&$_POST['username']; $password =&$_POST['password']; $_SESSION['$username'] = $username; $_SESSION['$password'] = sha1($password); $connect = mysql_connect("localhost","root", "") or die ("Couldn't Connect!"); mysql_select_db("userlogin", $connect) or die("Couldn't find db"); //$con = mysql_connect('userscores.db.7767668.hostedresource.com','userscores','L3tt3r09'); //mysql_select_db('userscores', $con); $query = mysql_query("SELECT * FROM users WHERE username=' $username'"); $numrows = mysql_num_rows($query); if ($numrows!=0) { //code to login while ($row = mysql_fetch_assoc($query)) { $dbusername = $row['username']; $dbpassword = $row['password']; $dbscore = $row['score']; $dbdclty = $row['dclty']; $dbid = $row['id']; $dbnewdclty = $row['newdclty']; } $_SESSION['id'] = $dbid; $_SESSION['PreviousScore'] = $dbscore; $_SESSION['dclty'] = $dbdclty; $_SESSION['newdclty'] = $dbnewdclty; if ($username==$dbusername&&sha1($password)==$dbpassword) { $username==$dbusername; } else { echo ("Incorrect Password!"); } } else { echo("That user doesn't exist!"); } } else { echo("Please enter a username and password!"); } echo ("You Successfully Logged In!"); } else { ?><BR /><BR /><?php echo("Please Log In!"); } if ($submit) echo "Logged In Successfully!"; ?> <BR /><BR /> <form action='index.php' method='POST'> Username: <input type='text' name='username'><BR /> Password: <input type='password' name='password'><BR /> <input type='submit' value='Log In'> </form> <p><BR /><BR /> <a class="button" href='register.php'><span><button class="button" id="save">Register</button></span></a> </div> <div id="right"> <h2>Right Menu</h2> <div class="rightitem"> <ul> <li><a class="selected" href="index.html">Home</a></li> <li><a href="index.php">Initial Quiz</a></li> <li><a href="about.php">About</a></li> <li><a href="member.php">Members Area</a></li> <li><a href="contact.php">Leave Feedback</a></li> </ul> </div> </div> </div> <div class="clearbottom"></div> <div id="footer"></div></div> </body> </html> Thanks for any help Lance Quote Link to comment Share on other sites More sharing options...
fugix Posted April 24, 2011 Share Posted April 24, 2011 i would echo your $numrows variable to make sure that you are grabbing a row in your database if the user exists..that would be my first step Quote Link to comment Share on other sites More sharing options...
lanceox Posted April 24, 2011 Author Share Posted April 24, 2011 I checked my num rows variable and its not echoing anything out. What do you think should be my next step? thanks Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted April 24, 2011 Share Posted April 24, 2011 You have got a SPACE between the single-quote and the $username variable in the following line of code - $query = mysql_query("SELECT * FROM users WHERE username=' $username'"); You are asking the database to find values in the username column that match 'space$username'. I'm sure that wont' match any of the data values you have in your table. Remove the space that is in there. Quote Link to comment Share on other sites More sharing options...
lanceox Posted April 24, 2011 Author Share Posted April 24, 2011 I tried it and it still the same, i put the echo ("please log in") so i could see whether it submits or not but it never changes or no pages that require a username work. Any more suggestions would be great. Thanks again! Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted April 24, 2011 Share Posted April 24, 2011 Because your logic is not quite right when you're logging in the user. This is how I'd proccess the login <?php // check form has been submitted if(isset($_POST['submit'])) { // grab username/password // sanitize username and encrypt password $username = mysql_real_escape_string($_POST['username']); $password = sha1($_POST['password']); $connect = mysql_connect("localhost","root", "") or die ("Couldn't Connect!"); mysql_select_db("userlogin", $connect) or die("Couldn't find db"); // comprare username AND password within the query. $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); // check that there was a match if (mysql_num_rows($query) == 1) { // grab the data, no need for a while when only one record was return from the query $row = mysql_fetch_assoc($query); // get the data, no need to grab username/password as we already have those $dbscore = $row['score']; $dbdclty = $row['dclty']; $dbid = $row['id']; $dbnewdclty = $row['newdclty']; // set the session vars $_SESSION['username'] = $username; $_SESSION['password'] = $password; $_SESSION['id'] = $dbid; $_SESSION['PreviousScore'] = $dbscore; $_SESSION['dclty'] = $dbdclty; $_SESSION['newdclty'] = $dbnewdclty; // display success message echo ("You Successfully Logged In!"); } else { // no records returned either invalid user or password was wrong echo("Invalid username/password provided"); } } ?> add your login form here As your're using sha1() encryption make sure your passwords are stored as the encrypted form too. You should also make sure your password field is set to VARCHAR with atleast 42 characters (as that is length of a sha1 string). If its set to anything different the query with fail regardless of using the correct username/password. Quote Link to comment Share on other sites More sharing options...
lanceox Posted April 24, 2011 Author Share Posted April 24, 2011 Thanks for advice. With a bit of shuffling the pages around it worked. Thanks for all the advice. Lance P.s my project is done now.... thanks to you Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.