Member Avatar for zacharysr

Why isnt this form working? I have changed it around alot but it wont seem to let anyone log in thats not on the same server as me, it works on my computer and any computer in the house, but if its off of ours it wont work

<html>
<head>
<title>Login</title>
</head>
<body>
<?php // Connects to your Database 
mysql_connect("host name", "", "password") or die(mysql_error());
 mysql_select_db("serch engin") or die(mysql_error()); 

//Checks if there is a login cookie 

if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page 

{ 	$username = $_COOKIE['ID_my_site']; 	$pass = $_COOKIE['Key_my_site'];
 	 	$check = mysql_query("SELECT * FROM members WHERE username = '$username'")or die(mysql_error());
		 	while($info = mysql_fetch_array( $check )) 	 		{ 		if ($pass != $info['password'])
			 			{
							 			 			}
													 		else
															 			{
																			 			header("Location: members.php");
																						 			} 		} } 

//if the login form is submitted 

 if (isset($_POST['submit'])) { 

// if form has been submitted
// makes sure they filled it in
 	if(!$_POST['username'] | !$_POST['pass']) {
 		die('You did not fill in a required field.');
 	}
 	// checks it against the database
 
 	if (!get_magic_quotes_gpc()) {
 		$_POST['username'] = addslashes($_POST['username']);
 	}
 	$check = mysql_query("SELECT * FROM members WHERE username = '".$_POST['username']."'")or die(mysql_error());
 
 //Gives error if user dosen't exist
 $check2 = mysql_num_rows($check);
 if ($check2 == 0) {
 		die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
 				}
 while($info = mysql_fetch_array( $check )) 	
 {
 $_POST['pass'] = stripslashes($_POST['pass']);
 	$info['password'] = stripslashes($info['password']);
 	$_POST['pass'] = md5($_POST['pass']);
 
 //gives error if the password is wrong
 	if ($_POST['pass'] != $info['password']) {
 		die('Incorrect password, please try again.');
 	}
else { 
// if login is ok then we add a cookie 	 
$_POST['username'] = stripslashes($_POST['username']); 	 
$hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); 
setcookie(Key_my_site, $_POST['pass'], $hour);	 
//then redirect them to the members area 
header("Location: members.php"); } } } else {	 
// if they are not logged in 
?> 
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 
<table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> 
<tr><td>Username:</td><td> 
<input type="text" name="username" maxlength="40"> 
</td></tr> <tr><td>Password:</td><td> 
<input type="password" name="pass" maxlength="50"> 
</td></tr> 
<tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> 
</td></tr> </table> </form> 
<?php } ?>  
</body>
 </html>
Edited by zacharysr because: n/a
  • 2 Contributors
  • 9 Replies
  • 150 Views
  • 9 Hours Discussion Span
  • Latest Post Latest Post by diafol
Member Avatar for diafol

OK 1st question - are your DB connection details valid? Do you need to change them to remote?

Member Avatar for zacharysr

They should work, because everything else on the website works, and almost everything depends on the database.

Member Avatar for diafol

Odd, anyway there were a few errors. I've tried to tidy them - give this a go and if there are any errors, please tell use where they are:

<html>
<head>
<title>Login</title>
</head>
<body>
<?php  
mysql_connect("host name", "", "password") or die(mysql_error());
mysql_select_db("serch engin") or die(mysql_error()); 
 
if(isset($_COOKIE['ID_my_site'])){ 	
	$username = $_COOKIE['ID_my_site'];
	$pass = $_COOKIE['Key_my_site'];
 	$check = mysql_query("SELECT * FROM members WHERE username = '$username'")or die(mysql_error());
	while($info = mysql_fetch_array( $check )){
		if ($pass == $info['password']){
			header("Location: members.php");
			exit;
		}
	}
} 
 
if (isset($_POST['submit'])) { 
 	if(!$_POST['username'] || !$_POST['pass']) {
 		die('You did not fill in a required field.');
 	}
 	if (!get_magic_quotes_gpc()) {
 		$_POST['username'] = addslashes($_POST['username']);
 	}
 	$check = mysql_query("SELECT * FROM members WHERE username = '{$_POST['username']}'")or die(mysql_error());
 	$check2 = mysql_num_rows($check);
 	if ($check2 == 0) {
 		die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
 	}
 	while($info = mysql_fetch_array( $check )) {
 		$_POST['pass'] = stripslashes($_POST['pass']);
 		$info['password'] = stripslashes($info['password']);
 		$_POST['pass'] = md5($_POST['pass']);
	 
	 //gives error if the password is wrong
		if ($_POST['pass'] != $info['password']) {
			die('Incorrect password, please try again.');
		}else{ 
			$_POST['username'] = stripslashes($_POST['username']); 	 
			$hour = time() + 3600; 
			setcookie("ID_my_site", $_POST['username'], $hour); 
			setcookie("Key_my_site", $_POST['pass'], $hour);	 
			//then redirect them to the members area 
			header("Location: members.php");
			exit;
		}
	}
}else{	 
?> 
    <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 
    	<table border="0">
            <tr>
                <td colspan=2><h1>Login</h1></td>
            </tr> 
            <tr>
                <td>Username:</td>
                <td><input type="text" name="username" maxlength="40" /></td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><input type="password" name="pass" maxlength="50" /></td>
            </tr> 
            <tr>
                <td colspan="2" align="right"> <input type="submit" name="submit" value="Login" /></td>
            </tr>
     	</table>
    </form> 
<?php
}
?>  
</body>
</html>
Member Avatar for zacharysr

I had my friend try, and she says its still not working, I dont seem to see whats wrong with it. its letting me sign in.... but not them...

Member Avatar for diafol

Will you try to tell us where it's failing?

Ask them to clear their cache (however, I doubt that will help).
Following that, ask them to delete any cookies from your site and try again

Member Avatar for zacharysr

Will you try to tell us where it's failing?

Ask them to clear their cache (however, I doubt that will help).
Following that, ask them to delete any cookies from your site and try again

Its still not working, It gives the error msg for not being filled out, or having a wrong password, or there not being no account. But if its all correct, its not doing nothing, it just refreshes the page.....

Member Avatar for diafol

What's the name of the file?

Anyway, are you saying that this is the issue?

$_POST['username'] = stripslashes($_POST['username']); 	 
$hour = time() + 3600; 
setcookie("ID_my_site", $_POST['username'], $hour); 
setcookie("Key_my_site", $_POST['pass'], $hour);	 
header("Location: members.php");
exit;

put in a number of echo commands to see which branch of the tree is being executed.

Member Avatar for zacharysr

What's the name of the file?

Anyway, are you saying that this is the issue?

$_POST['username'] = stripslashes($_POST['username']); 	 
$hour = time() + 3600; 
setcookie("ID_my_site", $_POST['username'], $hour); 
setcookie("Key_my_site", $_POST['pass'], $hour);	 
header("Location: members.php");
exit;

put in a number of echo commands to see which branch of the tree is being executed.

From what there telling me, yes its around where the page is changing


and the login form is on login.php

and the page it is supposed to send them to is members.php

Member Avatar for diafol

I've had a think. This is how I'd do it.
1) Don't have the form and the processing code on the same page if you can avoid it.
So I'd put the code in say 'includes/loginhandler.php' and send the form to that.
The following code then (minus the connection details) is all you need in the processing code.
***NOT TESTED - just off the top of my head***

I don't like the password being simply hashed in a cookie, perhaps it would be safer using a double salted hash, so that the DB-stored hashed pw cannot be known from the cookie. Anyway, just a thought.

<?php
//General cookie eater and redirector due to bad data
function badThings(){
	setcookie("ID_my_site", "", time() - 3600); 
	setcookie("Key_my_site", "", time() - 3600);
	exit('Your details are incorrect - <a href="../login.php">Go back to the Login Page</a> or <a href="../add.php">Click Here to Register</a>');			
}

//CHECKS FOR LOGIN FORM
if (isset($_POST['submit']) && $_POST['username'] !="" && $_POST['pass'] != ""){
    if (get_magic_quotes_gpc()) {
		$_POST['username'] = stripslashes($_POST['username']);
		$_POST['pass'] = stripslashes($_POST['pass']);	
	}
	$username = mysql_real_escape_string($_POST['username']);
	$pass = md5(mysql_real_escape_string($_POST['pass']));//maybe leave out mres in this one
	
//THEN FALLS BACK ON COOKIES	
}elseif(isset($_COOKIE['ID_my_site']) && isset( $_COOKIE['Key_my_site'])){
	//clean cookies (as they can be edited in some browsers)
	if(get_magic_quotes_gpc()){
		$_COOKIE['ID_my_site'] = stripslashes($_COOKIE['ID_my_site']);
		$_COOKIE['Key_my_site'] = stripslashes($_COOKIE['Key_my_site']);
	}
	$username = mysql_real_escape_string($_COOKIE['ID_my_site']);	
	$pass = mysql_real_escape_string($_COOKIE['Key_my_site']);
}else{
	//NO REASON FOR ANY OTHER SCENARIO TO PROCEED BEYOND HERE
	badThings();
}

$result = mysql_query("SELECT * FROM members WHERE username = '$username' LIMIT 1")or die(mysql_error());
if(mysql_num_rows($result) == 1){
	$info = mysql_fetch_array($result);
	if($pass == $info['password']){
		//SET COOKIES IF YOU WISH (perhaps check to see if user wishes to do that from a field in their record (preferences) or checkbox on login or presence of exisiting good cookie?	
		setcookie("ID_my_site", $username, 3600000);			
		setcookie("Key_my_site", $pass, 3600000); //I don't like this! 

		header("Location: members.php");
	}else{
		badThings();			
	}
}else{
	badThings();	
}
?>

What you don't seem to have is any session data. How do you keep your users logged in - not via vanilla cookies??

Edited by diafol because: n/a
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.