PDA

View Full Version : log in script problem

destrugter
07-27-2007, 12:50 AM
ok, i made a register system, which everyone who helped me thank you it works very great..now i have a log in problem. Here is my log in script for my index file and the process file..Please tell me what i did wrong cause when i hit log in then it goes to process and is supposed to set a cookie and on the homepage it is supposed to display that they are logged in.

Index.php

<!------------------------------------------------ Log In Script!---------------------------->
<td align="right"> <td align="right">
<TABLE border=0 width=100% cellpadding=2 cellspacing=0 bgcolor="black" >
<TR>
<TD width="100%">
<TABLE width="100%" border=0 cellpadding=4 cellspacing=0 bgcolor="#003399" >

</TD>
</TR>
<TR>
<TD bgcolor="#003399" valign=top width="100%" class="gwrow2">

<?php
if(isset($_COOKIE['username']))
{
echo "Welcome, $_COOKIE .";
}
else
{
echo "Welcome to our site!";
}
?>

<h1>Login</h1>
<?
/**
* User not logged in, display the login form.
* If user has already tried to login, but errors were
* found, display the total number of errors.
* If errors occurred, they will be displayed.
*/
if($form->num_errors > 0){
echo "<font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font>";
}
?>
<form action="process.php" method="POST">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="username" maxlength="30" value="<? echo $form->value("username"); ?>"></td><td><? echo $form->error("username"); ?></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember" <? if($form->value("remember") != ""){ echo "checked"; } ?>>
<font size="2">Remember me next time &nbsp;&nbsp;&nbsp;&nbsp;
<input type="hidden" name="sublogin" value="1">
<input type="submit" value="Login"></td></tr>
<tr><td colspan="2" align="left"><br><font size="2">[<a href="forgotpass.php">Forgot Password?</a>]</font></td><td align="right"></td></tr>
<tr><td colspan="2" align="left"><br>Not registered? <a href="/register">Sign-Up!</a></td></tr>
</table>
</form>

<?


/**
* Just a little page footer, tells how many registered members
* there are, how many users currently logged in and viewing site,
* and how many guests viewing site. Active users are displayed,
* with link to their user information.
*/
echo "</td></tr><tr><td align=\"center\"><br><br>";
echo "<b>Member Total:</b> ".$database->getNumMembers()."<br>";
echo "There are $database->num_active_users registered members and ";
echo "$database->num_active_guests guests viewing the site.<br><br>";

include("include/view_active.php");

?>




Process

<?php
header("Location: /index.php");
$con=mysql_connect"mysql","cheese","pizza");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}// some code
mysql_select_db("my_db", $con);
$result = mysql_query("SELECT * FROM users");
if ($_POST ['username']== "username")
if ($_POST ['pass']== "pass")
{
setcookie("username" , time()+3600);
}
?>
UnlimitedMB
07-27-2007, 01:03 AM
I dont know where to begin, nearly every line of code you got there is wrong.

You need to rewrite the whole thing.
destrugter
07-27-2007, 01:12 AM
which part the log in part or the process code?
UnlimitedMB
07-27-2007, 01:24 AM
echo "Welcome, $_COOKIE .";
should be
echo "Welcome, ".$_COOKIE['username']." .";

However, you should not take the presence of the cookie to be proof that the user logged in, cookies can be faked.
Check that username/password stored in the cookie is valid on each page view.

As for the second part.
Put the header() line last, because if you put a Location header, everything after that line is ignored because the browser would be already redirected.

Also sql query is wrong, "SELECT * FROM users" is going to select all rows, and you only want the row belonging to that user.

Your useage of setcookie is wrong, its (name,value,expires) not (name,expires)

This is better:

<?php
$con=mysql_connect"mysql","cheese","pizza");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}// some code
mysql_select_db("my_db", $con);
$result = mysql_query('SELECT * FROM `users` WHERE `username` = \''.mysql_escape_string($_POST['username']).'\' AND `pass` = \''.mysql_escape_string($_POST['pass']).'\' ');
if (mysql_num_rows($result) > 0){
setcookie("username", $_POST['username'], time()+3600);
setcookie("pass", $_POST['pass'], time()+3600);
} else {
echo "wrong user/pass"
}

header("Location: /index.php");
?>
destrugter
07-27-2007, 06:31 AM
somebody told me to do this

<?php
$con=mysql_connect("mysql","cheese","pizza");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}// some code
mysql_select_db("my_db", $con);
$result = mysql_query('SELECT * FROM `users` WHERE `username` = \''.mysql_escape_string($_POST['username']).'\' AND `pass` = \''.mysql_escape_string($_POST['pass']).'\' ');
if (mysql_num_rows($result) > 0){
setcookie("username", $_POST['username'], time()+3600);
setcookie("pass", $_POST['pass'], time()+3600);
} else
{
echo "wrong user/pass";
}

header("Location: /index.php");
?>

and it didnt pop up any errors but it said i had wrong user and pass but i did in fact have the right user and pass can you help me please
malagrond
08-19-2007, 06:18 PM
Instead of using cookies, might I suggest sessions? They are more secure, and they are completely (I'm pretty sure) server-side. The data isn't easily accessible to the user, but very easy to use for a php script.

Put this on the first line of your page:

<?php
ob_start();
session_start();
?>

The output buffering is just in case, but the session_start() should go before any HTML output. Then, variables are set like so:

if(isset ($_POST['submit'])){
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
}
etc.
UnlimitedMB
08-19-2007, 06:45 PM
no no no, dont use sessions, they are not more secure then cookies.
Sessions are the lazy programmers way.

Sessions rely on cookies to store the session id, and if the user clears his cookie, or the server temp directory is emptied the session will be lost.

Also why did your code have ob_start() ? this has nothing to do with sessions.

ob_start turs on output buffering and increases the load on the server, so if you arent actually making any use of it (it has nothing to do with sessions) then there is no point in turning it on.

destrugter, there is nothing wrong with your code.
You are entering wrong user/pass, or you named your input boxes different in the html code which you didnt post here.
destrugter
08-21-2007, 10:49 PM
sorry for not coming here for a while, i have fixed everything, and i am soon launching my site to the public. Cr0w has been so much help and i thank him very very deeply for his help. I thank Unlimitedmb as well, i have put both of you in my affiliats section wich appears on every single page of my website, i may have overdone it but hey, i want everyone to know what great people you guys are and you all deserve for your sites to be known. My website isnt perfect, and i know this, for now i am using the most basic log in, log out, register, and post system you can possibly use, i am upgrading it as i go along though. Thanks, till next time

-Destrugter