Member Avatar for pgmarco

Hello,

I am familiar with PHP and MySQL and teaching myself how to create a login script, I am not sure if I am simple missing something or something is worong with the code. I am able to signup a user and submit the data to the MySQL table, It connects to the database ok too, but when I try to login and fetch the data from the table when I click on submit it does not validate correctly, I am using Sessions and cookies. All it does is go to login_process.php, it does not redirect me to index.php. What am I doing wrong? I appreciate all the help.

Thank You
Pete
www.pgiammarco.com

HTML Code:

index.php

<? include("header.php"); ?>

<div id="content">

<div id="header">

<span class="email">
<? echo('<p>' . $error_msg . '</p>'); ?>
<? include("login.php"); ?>
</span>

</div>

<? include("footer.php"); ?>

login.php

<form action="login_process.php" method="post" class="login">

    Username:&nbsp;<input type="text" name="username" id="username" value="<?echo $_COOKIE["user"];?>" /><br />
    Password:&nbsp;<input type="password" name="password" id="password" /><br />

    <input type="submit" value="Submit" />

</form>

login_process.php

    //Start session
    session_start();

    //Include database connection details
    require_once('config.php');

        if(!isset($_SESSION['user']) )
        {
            if(isset($_POST['submit']))
            {
                $error_msg = "";

                //Connect to mysql server
                $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

                if(!$link) 
                {
                    die('Failed to connect to server: ' . mysql_error());
                }

                //Select database
                $dbc = mysql_select_db(DB_DATABASE);

                if(!$dbc) 
                {
                    die("Unable to select database");
                }

                $username = $_POST['username'];
                $password = $_POST['password'];

                if(!empty($username) && !empty($password))
                {
                    $query = "SELECT * FROM tuser WHERE username = '$username' AND password = SHA('$password')";
                    $result = mysql_query($query);

                    if($result) 
                    {
                        if ( mysqli_num_rows($result) == 1 )
                        {
                            $row = mysql_fecth_assoc($result);
                            $_SESSION['user_id'] = $row['userid'];
                            $_SESSION['user'] = $row['username'];
                            $_SESSION['fname'] = $row['firstname'];
                            $_SESSION['lname'] = $row['lastname'];
                            setcookie('user', $row['username'], "/")
                            session_write_close();
                            header("Location: index.php");
                            exit(); 
                            else
                        {
                            $error_msg = "Please enter a valid username or password";
                            header("Location: index.php");
                        }           

                    }
                    else 
                    {
                        die("Query failed");
                    }

                }
                else
                {
                $error_msg = "Please enter a username or password";
                header("Location: index.php");
                }   

            }
        }

MySQL:

CREATE TABLE IF NOT EXISTS `tuser` (
  `userid` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(32) NOT NULL,
  `firstname` varchar(50) NOT NULL,
  `lastname` varchar(100) NOT NULL,
  `email` varchar(100) NOT NULL,
  `password` varchar(40) NOT NULL,
  `join_date` date NOT NULL,
  PRIMARY KEY (`userid`)
) 

INSERT INTO `tuser` (`userid`, `username`, `firstname`, `lastname`, `email`, `password`, `join_date`) VALUES
(19, 'pgmarco', 'peter', 'giammarco', 'strike411@aol.com', '8cb2237d0679ca88db6464eac60da96345513964', '2012-06-09');
  • 5 Contributors
  • 7 Replies
  • 324 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by pgmarco
Member Avatar for Biiim

does header.php contain session_start();?

also has the password been made with the sha() function and not been truncated?

also i noticed a bracket missing:

if($result) 
                    {
                        if ( mysqli_num_rows($result) == 1 )
                        {
                            $row = mysql_fecth_assoc($result);
                            $_SESSION['user_id'] = $row['userid'];
                            $_SESSION['user'] = $row['username'];
                            $_SESSION['fname'] = $row['firstname'];
                            $_SESSION['lname'] = $row['lastname'];
                            setcookie('user', $row['username'], "/")
                            session_write_close();
                            header("Location: index.php");
                            exit(); 
                        } else//<-- here
                        {
                            $error_msg = "Please enter a valid username or password";
                            header("Location: index.php");
                        }           
                    }
Edited by Biiim
Member Avatar for pgmarco

The password has been made with the SHA function, MySQL query that I used is below.

$query = "INSERT INTO tuser (username, password, email, firstname, lastname, join_date) VALUES ('$username', SHA('$password1'), '$email', '$fname', '$lname', NOW() )";

mysql_query($query);

header.php did not have session_start(), i added it to index.php though, header.php only had:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<? include("global.php"); ?>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<title>First login PHP Script</title>
<link rel="stylesheet" type="text/css" href="css/index.css" />
</head>

<BODY>

Code:



if(!empty($username) && !empty($password))
                {
                    $query = "SELECT * FROM tuser WHERE username = '$username' AND password = SHA('$password')";
                    $result = mysql_query($query);

                    if($result) 
                    {
                        if ( mysqli_num_rows($result) == 1 )
                        {
                            $row = mysql_fecth_assoc($result);
                            $_SESSION['user_id'] = $row['userid'];
                            $_SESSION['user'] = $row['username'];
                            $_SESSION['fname'] = $row['firstname'];
                            $_SESSION['lname'] = $row['lastname'];
                            setcookie('user', $row['username'], "/");
                            session_write_close();
                            header("Location: home.php");
                            exit();     

                        }
                        else {
                            $error_msg = "Please enter a valid username or password";
                            header("Location: home.php");
                        }           

                    }
                    else {
                        die("Query failed");
                    }

                }
                else {
                $error_msg = "Please enter a username or password";
                header("Location: home.php");
                }

It is still stopping at login_process.php and not redirecting me, I appreciate the help, thank you.

Edited by pgmarco
Member Avatar for Aardwolf

replace
$query = "SELECT * FROM tuser WHERE username = '$username' AND password = SHA('$password')";

with

$query = "SELECT * FROM tuser WHERE username = '".$username."' AND password = ".sha($password).";

Member Avatar for Squidge

i maybe wrong but i think you need to have your session before any output, also i notice you are changing between MySQL and MySQLi. Is there a reason for that?

Member Avatar for Red Dragon

could ur prob just be a simple typo?

$row = mysql_fecth_assoc($result);

Member Avatar for pgmarco

Thank you everyone, finally got it working

Member Avatar for pgmarco 
<?
//Start session
    session_start();

    $_SESSION['message'] = "";

    //Include database connection details
    require_once('global.php');


    //Connect to mysql server
    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    if(!$link) {
        die('Failed to connect to server: ' . mysql_error());
    }

    //Select database
    $db = mysql_select_db(DB_DATABASE);
    if(!$db) {
        die("Unable to select database");
    }

    if(!empty($login) && !empty($password)) {

        $login = mysql_real_escape_string($_POST['login']);
        $password = mysql_real_escape_string($_POST['password']);

        $query = "SELECT * FROM tuser WHERE username = '$login' AND password = SHA('$password')";
        $data = mysql_query($query);

        if($data) {
            if (mysql_num_rows($data) == 1 ) {
                $row = mysql_fetch_assoc($data);
                $_SESSION['userid'] = $row['userid'];
                $_SESSION['username'] = $row['username'];
                $_SESSION['message'] = "Welcome,&nbsp;" . $_SESSION['username'];
                header('Location: member.php');
                exit();
            }
            else {
                $_SESSION['message'] = "Please enter a valid username or password";
                header('Location: error.php');
                exit();
            }

        }
        else {
            die("Query failed");
        }

    }
    else {
        $_SESSION['message'] = "Please enter a username or password";
        header('Location: error.php');
        exit();
    }


?>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.