PHP login - can someone tell why

Question

LloydFarrell 0 Junior Poster

14 Years Ago

Theres an error on this script,

A mate of mine has asked me to look at this for him, and to try and fix it.

the error message he gets is
"return_msg=no_good"
once he trys to login to his profile based website \ page

heres the form that is used for collecting the login information

<link href="style/main.css" rel="stylesheet" type="text/css" />
<div align="center">  
  <form id="gslogin" name="gslogin" method=POST action="scripts/login.php">
  <table width="500" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td>
      <div align="center">
        <input name="email" type="text" class="textfield" id="email" value="email address" />
        </div></td>
    <td><div align="center">
      <input name="pass" type="password" class="textfield" id="pass" value="password" />
    </div></td>
    <td>
      <div align="center">
      remember me >>> <input type="checkbox" name="remember" id="remember" />
        
        </div>   </td>
    <td>
      <input name="submit" type="submit" class="textfield" id="submit" value="Login" />
    </td>
  </tr>
</table>
  </form>
  </div>

and the login.php page to get the posted email and pass, the error message that is printed at when submitting the form, is at the bottom of the login form here below, I have tried a few times to remove the message, change the variables being passed. ie. from email to mail and pass to password but then the form is blank once i click login - iv no idea how to fix this .

Iv also tried to change the if ($_POST != "") to
if ($_POST != ""), but again, the form is just white

but the username and password being entered are correct ??

<?php

if ($_POST['email'] != "") {

include_once "connect_to_mysql.php";

$email = $_POST['email'];
$pass = $_POST['pass'];
$remember = $_POST['remember']; // Added for the remember me feature

$email = strip_tags($email);
$pass = strip_tags($pass);
$email = mysql_real_escape_string($email);
$pass = mysql_real_escape_string($pass);
$email = eregi_replace("`", "", $email);
$pass = eregi_replace("`", "", $pass);

$pass = md5($pass);

//make query
$sql = mysql_query("SELECT * FROM Goodisonpark WHERE email='$email' AND password='$pass' AND email_activated='1'"); 
$login_check = mysql_num_rows($sql);

if($login_check > 0){ 

    while($row = mysql_fetch_array($sql)){ 

        $id = $row["id"];   
        session_register('id'); 
        $_SESSION['id'] = $id;
       
	    $firstname = $row["firstname"];   
        session_register('firstname'); 
        $_SESSION['firstname'] = $firstname;
       
	    $email = $row["email"];   
        session_register('email'); 
        $_SESSION['email'] = $email;
         
        mysql_query("UPDATE Goodisonpark SET last_log_date=now() WHERE id='$id'"); 
          
    } // close while
	
    // Remember Me Section Addition... if member has chosen to be remembered in the system
    if($remember == "yes"){
      setcookie("idCookie", $id, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
      setcookie("firstnameCookie", $firstname, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
      setcookie("emailCookie", $email, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
      setcookie("passCookie", $pass, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
    }	
	$my_msg = "all_good";
        print "return_msg=$my_msg&id=$id&firstname=$firstname"; 
		
} else {
$my_msg = "no_good";
    print "return_msg=$my_msg"; 
  exit();
}


}// close if post
?>

php

4 Contributors
6 Replies
141 Views
1 Week Discussion Span
Latest Post 14 Years Ago Latest Post by phpuser

cwarn23 387 Occupation: Genius

14 Years Ago

Is email_activated an integer field because if it is then the mysql query would be as follows.

mysql_query("SELECT * FROM `Goodisonpark` WHERE `email`='$email' AND `password`='$pass' AND `email_activated`=1");

cwarn23 387 Occupation: Genius

14 Years Ago

Your mysql connect is invalid if you are assigning a link. Try the following.

$link=mysql_connect(db_host, db_username, db_pass, true);

Also line 66 and 67 are invalid and should be as follows:

$qry="SELECT * FROM `Goodisonpark` WHERE `email`='$email' AND `password`='$pass' AND `email_activated`=1";
	$result=mysql_query($qry) or die(mysql_error());

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

LloydFarrell 0 Junior Poster · Answer 1 · 2010-01-24T21:41:56+00:00

hi again, I have tried many different ways, including your post but im still getting a different error,
iv copied the code from a working login form and adapted that to suit the current login-exce script, but im still not allowed to login ??
Heres how the email_activated is setup in the db
email_activated enum('0','1') NOT NULL default '0',

As you can see from my workings, and those comments I have \\commented out.

Im not lost and im not sure what im doing wrong, or what im missing, I would appreciate a helping hand as I still learning PHP with MYSQL, regards Lloyd

<?php
	//Start session
	session_start();
	//if (isset ($_POST['email']));
	//Include database connection details
	include_once "scripts/connect_to_mysql.php";
	
	//Array to store validation errors
	$errmsg_arr = array();
	
	//Validation error flag
	$errflag = false;
	
	//Connect to mysql server
	//$link = mysql_connect(db_host, db_username, db_pass);
	//if(!$link) {
	//	die('Failed to connect to server: ' . mysql_error());
	//}
	
	//Select database
	//$db = mysql_select_db(db_name);
	//if(!$db) {
		//die("Unable to select database");
	//}
	
	//Function to sanitize values received from the form. Prevents SQL injection
	function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		}
		return mysql_real_escape_string($str);
	}
	
	//Sanitize the POST values
	$email = clean($_POST['email']);
	$pass = clean($_POST['pass']);
	$email = strip_tags($email);
	$pass = strip_tags($pass);
	$email = mysql_real_escape_string($email);
	$pass = mysql_real_escape_string($pass);
	$email = eregi_replace("`", "", $email);
	$pass = eregi_replace("`", "", $pass);

	$pass = md5($pass);
	
	//Input Validations
	if($email == '') {
		$errmsg_arr[] = 'email ID missing';
		$errflag = true;
	}
	if($pass == '') {
		$errmsg_arr[] = 'Password missing';
		$errflag = true;
	}
	
	//If there are input validations, redirect back to the login form
	if($errflag) {
		$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
		session_write_close();
		header("location: login-form.php");
		exit();
	}
	
	//Create query
	$qry=mysql_query("SELECT * FROM `Goodisonpark` WHERE `email`='$email' AND `password`='$pass' AND `email_activated`=1");
	$result=mysql_query($qry);
	//if($result > 0){ 
	
	//$sql = mysql_query("SELECT * FROM Goodisonpark WHERE email='$email' AND password='$pass' AND email_activated='1'"); 
//$login_check = mysql_num_rows($sql);

//if($login_check > 0){ 

   // while($row = mysql_fetch_array($sql)){ 

    //while($row = mysql_fetch_array($result)){ 

    //    $id = $row["id"];   
    //    session_register('id'); 
    //    $_SESSION['id'] = $id;
       
	 //   $firstname = $row["firstname"];   
     //   session_register('firstname'); 
      //  $_SESSION['firstname'] = $firstname;
       
	  //  $email = $row["email"];   
       // session_register('email'); 
       // $_SESSION['email'] = $email;
         
       
		          
   // }
	
	//Check whether the query was successful or not
	if($result) {
		if(mysql_num_rows($result) == 1) {
			//Login Successful
		//	session_regenerate_id();
			$member = mysql_fetch_assoc($result);
		//	session_register('id'); 
       //		 $_SESSION['id'] = $id;
			$_SESSION['id'] = $member['id'];
			
			$_SESSION['firstname'] = $member['firstname'];
			
			$_SESSION['email'] = $member['lastname'];
			
			//$_SESSION['SESS_SECURE_CODE'] = $member['securecode'];
			session_write_close();
			header("location: profile.php");
			exit();
			
			 mysql_query("UPDATE Goodisonpark SET last_log_date=now() WHERE id='$id'");
			
		}else {
			//Login failed
			header("location: login-failed.php");
			exit();
		}
	}else {
		die("Query failed");
	}
?>

Thanks for looking over this in advance,

Is email_activated an integer field because if it is then the mysql query would be as follows.
mysql_query("SELECT * FROM `Goodisonpark` WHERE `email`='$email' AND `password`='$pass' AND `email_activated`=1");

vandenzergen -17 Light Poster · Answer 2 · 2010-01-25T12:41:53+00:00

<body>
	<center>
    	<form method="post">
		<table>
        	<tr>
            	<td>Username: </td>
                <td><input type="text" name="username" /></td>
            </tr>
            <tr>
            	<td>Password: </td>
                <td><input type="password" name="password" /></td>
            </tr>
            <tr>
            	<td></td>
            	<td><input type="submit" name="login" value="Login" /></td>
            </tr>
        </table>
        </form>
    </center>
</body>
</html>


<?php

	if(isset($_POST['login']))
	{
		include("includes/opendatabase_connection.php");
		
		$query = "SELECT * FROM users WHERE username='".$_POST['username']. "' AND password='".$_POST['password']."'";
		
		$result = mysql_query($query);
		
		while($row = mysql_fetch_array($result))
		{
			if(isset($row['username']) && isset($row['password']))
			{
				$_SESSION['login'] = "yes";
				
				echo "<script>window.location = 'http://mywebsite.com/index.php'</script>";				
		    }
		}
		
		include("includes/closedatabase_connection.php");
	}
?>

Hi! I have sample code for you... would this help?

LloydFarrell 0 Junior Poster · Answer 3 · 2010-01-28T11:28:43+00:00

I have not yet tried what you have suggested, but later on today I will let you know how it goes, thanks for your suggestion

Lloyd

<body>
	<center>
    	<form method="post">
		<table>
        	<tr>
            	<td>Username: </td>
                <td><input type="text" name="username" /></td>
            </tr>
            <tr>
            	<td>Password: </td>
                <td><input type="password" name="password" /></td>
            </tr>
            <tr>
            	<td></td>
            	<td><input type="submit" name="login" value="Login" /></td>
            </tr>
        </table>
        </form>
    </center>
</body>
</html>


<?php

	if(isset($_POST['login']))
	{
		include("includes/opendatabase_connection.php");
		
		$query = "SELECT * FROM users WHERE username='".$_POST['username']. "' AND password='".$_POST['password']."'";
		
		$result = mysql_query($query);
		
		while($row = mysql_fetch_array($result))
		{
			if(isset($row['username']) && isset($row['password']))
			{
				$_SESSION['login'] = "yes";
				
				echo "<script>window.location = 'http://mywebsite.com/index.php'</script>";				
		    }
		}
		
		include("includes/closedatabase_connection.php");
	}
?>

Hi! I have sample code for you... would this help?

phpuser 1 Junior Poster in Training · Answer 4 · 2010-02-03T11:07:57+00:00

Hi,

There is problem something in connection or problem while you fetch data from DB based on conditions

$login_check = mysql_num_rows($sql);

print $login_check variable what it returns. and if you used data type enum no problem with that single quote in "email_activated" field.

here as per your intially posted example , you not got value in $login_check and thats why script ingnore that first if loop.

Check where your script stopped....