Login script not working

Question

kaosjon 0 Light Poster

13 Years Ago

Hi, i am trying to create my login script for my website, however when i enter my details it does not do anything, it just goes to the same screen. I have used the same script roughly as i used for another website of mine, but i cannot figure this one out. Any advice i would greatly appreciate it.

<?php

// Start Session to enable creating the session variables below when they log in
session_start();
// Force script errors and warnings to show on page in case php.ini file is set to not display them
error_reporting(E_ALL);
ini_set('display_errors', '1');
//-----------------------------------------------------------------------------------------------------------------------------------
// Initialize some vars
$errorMsg = '';
$username = '';
$password = '';
$remember = '';
if (isset($_POST['username'])) {
	
	$username = $_POST['username'];
	$password = $_POST['password'];
	if (isset($_POST['remember'])) {
		$remember = $_POST['remember'];
	}
	$username = stripslashes($username);
	$password = stripslashes($password);
	$username = strip_tags($username);
	$password = strip_tags($password);
	
	// error handling conditional checks go here
	if ((!$username) || (!$password)) { 

		$errorMsg = 'Please fill in both fields';

	} else { // Error handling is complete so process the info if no errors
		include 'connect_to_mysql.php'; // Connect to the database
		$username = mysql_real_escape_string($username); // After we connect, we secure the string before adding to query
	    $password = mysql_real_escape_string($password); // After we connect, we secure the string before adding to query
		$password = md5($pass); // Add MD5 Hash to the password variable they supplied after filtering it
		// Make the SQL query
        $sql = mysql_query("SELECT * FROM user_info WHERE username='$username' AND password='$password' AND verified_email='1'"); 
		$login_check = mysql_num_rows($sql);
        // If login check number is greater than 0 (meaning they do exist and are activated)
		if($login_check > 0){ 
    			while($row = mysql_fetch_array($sql)){
					
					// Pleae note: Adam removed all of the session_register() functions cuz they were deprecated and
					// he made the scripts to where they operate universally the same on all modern PHP versions(PHP 4.0  thru 5.3+)
					// Create session var for their raw id
					$id = $row["id"];   
					$_SESSION['id'] = $id;
					// Create the idx session var
					$_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id");
                    // Create session var for their username
					$username = $row["username"];
					$_SESSION['username'] = $username;
					// Create session var for their password
					$userpass = $row["password"];
					$_SESSION['userpass'] = $userpass;

					mysql_query("UPDATE user_info SET last_login=now() WHERE id='$id' LIMIT 1");
        
    			} // close while
	
    			// Remember Me Section
    			if($remember == "yes"){
                    $encryptedID = base64_encode("g4enm2c0c4y3dn3727553$id");
    			    setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
			        setcookie("passCookie", $pass, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
    			} 
    			// All good they are logged in, send them to homepage then exit script
    			include_once 'profile.php?test=$id'; 
    			exit();
	
		} else { // Run this code if login_check is equal to 0 meaning they do not exist
		    $errorMsg = "Incorrect login data, please try again";
		}


    } // Close else after error checks

} //Close if (isset ($_POST['uname'])){

?>

Thanks

php

3 Contributors
21 Replies
297 Views
1 Month Discussion Span
Latest Post 13 Years Ago Latest Post by Treasurepet

diafol

13 Years Ago

// All good they are logged in, send them to homepage then exit script
    			include_once 'profile.php?test=$id';

does this send them to the homepage?

diafol

13 Years Ago

don't you need to do this:

header("Location: profile.php?test=$id");

instead?

diafol

13 Years Ago

Well, I suppose if the error code comes from it, it would be a good idea, yes.

diafol

13 Years Ago

perhaps your id options are a bit extreme. You only needd to check if it's an integer. SO you could use

if(is_int($_GET['id']))

and the rest is a bit verbose:

$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");
$existCount = mysql_num_rows($sql);
 if ($existCount == 0) {
	 echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
     exit();
}
while($row = mysql_fetch_array($sql)){ 
 
	$username = $row["username"];
	$balance = $row["balance"];
 
}

how about:

$sql = mysql_query("SELECT * FROM user_info WHERE id=$id LIMIT 1");
if(mysql_num_rows($sql) > 0){
  $row = mysql_fetch_array($sql)){ 
  $username = $row["username"];
  $balance = $row["balance"];
}else{
  echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
}

diafol

13 Years Ago

SELECT * FROM user_info WHERE id=$id LIMIT 1

run that in phpmyadmin and substitute $id for a real integer.

Also you can echo the query:

echo "SELECT * FROM user_info WHERE id=$id LIMIT 1";

to see if anything looks weird.

Is the table actually called user_info. Is the field actually id. In your connection details, are you sure you've connected to the right DB.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

kaosjon 0 Light Poster · Answer 1 · 2011-09-18T22:08:15+00:00

Hi, Yes their profile page is the index page for them once they have logged in

kaosjon 0 Light Poster · Answer 2 · 2011-09-18T22:45:47+00:00

Hi, i tried what you said and at least now i am getting some viewable errors, here they are

Error: The user you are trying to access does not exist in our system. Press back.

I am not sure why it is saying this, would you like the code for the profile.php?

kaosjon 0 Light Poster · Answer 3 · 2011-09-18T23:06:22+00:00

profile.php

<?php
session_start();

$id = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$country = "";
$balance = "";
include 'connect_to_mysql.php';
if (isset($_GET['id'])) {
	 $id = preg_replace('#[^0-9]#i', '', $_GET['id']); // filter everything but numbers
} else if (isset($_SESSION['idx'])) {
	 $id = $logOptions_id;
} else {
   header("location: index.php");
   exit();
}

// ------- FILTER THE ID AND QUERY THE DATABASE --------
$id = preg_replace('#[^0-9]#i', '', $id); // filter everything but numbers on the ID just in case
$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");
$existCount = mysql_num_rows($sql);
 if ($existCount == 0) {
	 echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
     exit();
}
while($row = mysql_fetch_array($sql)){ 

	$username = $row["username"];
	$balance = $row["balance"];

}
?>

kaosjon 0 Light Poster · Answer 4 · 2011-09-19T01:09:14+00:00

Hi, okay i added what you said and it seems we have made progress with this problem, now the profile page is displayed, however i get two errors at the top still

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\RewardRealmsTest\profile.php on line 25
Error: The user you are trying to access does not exist in our system. Press back.

Also the places where the variables $username and $balance should display, do not display at all.

Here is my new profile.php code

<?php
session_start();

$id = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$country = "";
$balance = "";
include 'connect_to_mysql.php';
if (isset($_GET['id'])) {
	 $id = preg_replace('#[^0-9]#i', '', $_GET['id']); // filter everything but numbers
} else if (isset($_SESSION['idx'])) {
	 $id = $logOptions_id;
} else {
   header("location: index.php");
   exit();
}
// ------- END ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS ---------

// ------- FILTER THE ID AND QUERY THE DATABASE --------
$id = preg_replace('#[^0-9]#i', '', $id); // filter everything but numbers on the ID just in case
$sql = mysql_query("SELECT * FROM user_info WHERE id=$id LIMIT 1");
if(mysql_num_rows($sql) > 0){
  $row = mysql_fetch_array($sql);
  $username = $row["username"];
  $balance = $row["balance"];
}else{
  echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
}
?>

Thanks for you help by the way, i really appreciate it.

kaosjon 0 Light Poster · Answer 5 · 2011-09-19T02:51:48+00:00

Hi, bad news i am afraid i tried the query in mysql and it produced the right result, i have checked, checked and double checked everything in the php and it all looks to be correct.

I'm really confused as to what else to do.

EDIT

just tried to echo the query again like you said and i got these errors

SELECT * FROM user_info WHERE id='' LIMIT 1
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp\htdocs\RewardRealmsTest\profile.php on line 26
Error: The user you are trying to access does not exist in our system. Press back.

diafol · Answer 6 · 2011-09-19T03:18:31+00:00

OK, that means the $id isn't getting passed. It's getting lost somewhere along the line.

You've got this variations on this operation twice:

$id = preg_replace('#[^0-9]#i', '', $id);

just do this once:

$id = intval($_GET['id']);

to force $id to an integer OR
test for an integer with:

if(is_int($_GET['id'])){
...
}

kaosjon 0 Light Poster · Answer 7 · 2011-09-19T03:55:50+00:00

Hi, that makes sense, i tried what you suggested but still got the error.

heres the code for profile.php

<?php
session_start();

$id = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$country = "";
$balance = "";
include 'connect_to_mysql.php';
if (isset($_GET['id'])) {
	 $id = intval($_GET['id']); // filter everything but numbers
} else if (isset($_SESSION['idx'])) {
	 $id = $logOptions_id;
} else {
   header("location: index.php");
   exit();
}
// ------- END ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS ---------

// ------- FILTER THE ID AND QUERY THE DATABASE --------
//$id = preg_replace('#[^0-9]#i', '', $id); // filter everything but numbers on the ID just in case
$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");

if(mysql_num_rows($sql) > 0){
  $row = mysql_fetch_array($sql);
  $username = $row["username"];
  $balance = $row["balance"];
}else{
  echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
}
?>

i am not sure where yo put the last option in the code -

if(is_int($_GET['id'])){
}

diafol · Answer 8 · 2011-09-19T04:46:22+00:00

Use either the intval or the is_int. The first forces any old input to an integer, while the second checks to see if the value is an integer, that way you can decide whether you want to proceed or not. Your choice - but I usually use is_int.

I'd still echo the query just to ensure that you're getting the $id in there.

kaosjon 0 Light Poster · Answer 9 · 2011-09-19T21:48:46+00:00

Hi, okay i used the is_int and still got the error, "no user exists in the system". I then echoed the query and got this error

Resource id #4
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp\htdocs\RewardRealmsTest\profile.php on line 26
Error: The user you are trying to access does not exist in our system. Press back.

The "Resource id #4" is new, i am not sure what this means, the id it should be using is 36

Any ideas?

Thanks for your help

diafol · Answer 10 · 2011-09-19T22:59:34+00:00

$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");
if(mysql_num_rows($sql) > 0){

It suggests that the SQL is all wrong. For now hard-code a value into the SQL for $id:

$sql = mysql_query("SELECT * FROM user_info WHERE id=1 LIMIT 1");
if(mysql_num_rows($sql) > 0){

That will give you details for user #1. See if it works. If it doesn't and user #1 exists, your user_info table or id field is misspelt. OR you've connected to the wrong DB.

kaosjon 0 Light Poster · Answer 11 · 2011-09-19T23:31:02+00:00

Hi, i have tried what you said and it works, which is good, but it means i am guessing that it is not getting the id, could the problem be in the login page, where it is not correctly sending the id to the profile page.

Thanks

diafol · Answer 12 · 2011-09-20T00:30:15+00:00

Yep, you should see the id=.. in the address bar if your are redirecting.

kaosjon 0 Light Poster · Answer 13 · 2011-09-20T01:45:51+00:00

Hi, right tried again and looked at the address bar and it does submit the right id

http://localhost/RewardRealmsTest/profile.php?test=36

So it is definately the code in the profile page.

kaosjon 0 Light Poster · Answer 14 · 2011-09-20T01:49:22+00:00

BRILLIANT NEWS, i managed to fix it, i remembered that i had an old script for a membership website that i built before and i took the part of the code that gets the id and replaced it in the profile page, now it works.

Heres the finished code for profile.php, just in case someone has the same problem again

<?php
session_start();

$id = "";
$firstname = "";
$lastname = "";
$username = "";
$email = "";
$country = "";
$balance = "";
include 'connect_to_mysql.php';
if ($_GET['id']) {
	
     $id = $_GET['id'];

} else if (isset($_SESSION['id'])) {
	
	 $id = $_SESSION['id'];

} else {
	
   include_once "index.php";
   exit();
}
// ------- END ESTABLISH THE PAGE ID ACCORDING TO CONDITIONS ---------

// ------- FILTER THE ID AND QUERY THE DATABASE --------
//$id = preg_replace('#[^0-9]#i', '', $id); // filter everything but numbers on the ID just in case
$sql = mysql_query("SELECT * FROM user_info WHERE id='$id' LIMIT 1");

if(mysql_num_rows($sql) > 0){
  $row = mysql_fetch_array($sql);
  $username = $row["username"];
  $balance = $row["balance"];
}else{
  echo '<h3>Error: The user you are trying to access does not exist in our system. Press back.</h3>';
}
?>

Thanks very much for your help ardav, really appreciate it.

diafol · Answer 15 · 2011-09-20T01:58:14+00:00

No prob. Mark the thread as solved (link beneath the edit box)

Treasurepet 0 Newbie Poster · Answer 16 · 2011-11-11T20:48:03+00:00

Hello,

I have similar problem, my login is working perfectly on my local server but when uploaded to remote sever, it returns me to index.html instead of member page.

Can somebody help me on what to do to make it work at it is working on local server.

thanks