Results 1 to 24 of 24
  1. #1
    Join Date
    Feb 2005
    Location
    Norway
    Posts
    391

    Login Script with MySQL

    Hi,

    I have a simple login script, but I have now changed so many things over and over again so that it has been messed, and no longer work.

    I first have a database with the table 'users'.
    This table has 3 rows, - Username, password and id.

    I have a register script which will when a user has filled in their requested username and password, fill it in in the database.

    I then use my loginscript to see if their username and pass is in the database, if it is, then they get to the members area:

    PHP Code:
    @session_start();
    mysql_connect($host,$db_user,$db_pass); 
    @
    mysql_select_db($db_name) or die("Unable to select that database");     
    $query "SELECT * FROM users WHERE Username = '".$Username."' AND Password = '".$Password."'"
    $result mysql_query($query);

    if (@
    mysql_num_rows($result) < 1
    {        
    echo 
    "<B>No such username or  password</B><BR>"
    mysql_close();
    $_SESSION['logged_in'] = false;;
    include(
    "login.php"); 
    exit;   
    }    
    else    
    {        
    $_SESSION['logged_in'] = true;
    include(
    "members.php");
    }
    mysql_close(); 
    This is my loginscript which is supposed to check if the username and password specified by the user exist in the database of users&passes, if it found 0 rows containing their user+pass, their not registered and it will say no such user or pass. Else it will put a logged_in in their session and include the members.php

    In the members.php I have this to check if the logged_in is in their session:
    PHP Code:
    @session_start();
    if(
    $_SESSION['logged_in'] != true) {
    echo 
    "You need to login to access this page";
    include(
    "login.php");

    But when I enter my username and password to try to login I just get "You need to login to access this page", even though I have made sure the username and password is in the database, and if I remove the session checking then it works. But at the login I entered valid user+pass, so it found atleast 1 or more rows containing my info, which are supposed to put the logged_in in my session, but on next page it appears to not be there..
    Anyone know why this is happening?

    Thanks again for your input!

  2. #2
    Join Date
    Jun 2004
    Location
    Bay Area -USA
    Posts
    1,738
    A quick glance shows you have two ;; on the same line.

    PHP Code:
    $_SESSION['logged_in'] = false;; 
    Also you dont need the first mysql_close(); (in the If statement)
    <<< Please see Forum Guidelines for signature setup. >>>

  3. #3
    Join Date
    Feb 2005
    Location
    Norway
    Posts
    391
    Sorry thats typos I just rewrote the above code to be similar to my original one

  4. #4
    Join Date
    Feb 2005
    Location
    Norway
    Posts
    391
    So basicly Im wondering if I have done the sessions wrong,
    this is correct right?:

    if($_SESSION['logged_in'] = true) {
    include("members.php");
    exit;
    } else {
    die("u need to login");
    }

    or is it supposed to be 2 or 3 of these == ?
    can anyone look over tht code so I know its correct before I look for alternate ways?
    Thanks!

  5. #5
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    144
    So is this just part of your code? Does this snippet belong to a function? How do $Username & $Password get passed to this code you've shown us?

    During development you can always scrutinize your session on any page by using:

    PHP Code:
    print_r($_SESSION); 
    if($php !== $javascript){
    echo "Good it's not supposed to be";
    }

  6. #6
    Join Date
    Feb 2005
    Location
    Norway
    Posts
    391
    Yea this is a part of my code, I dont use any functions I think..
    I use a HTML form for the users to pass $Username & $Password. In top of the code in top of my post it uses the MySQL to check if username and password is in the database, if it is, then do this:
    $_SESSION['logged_in']; = true;
    and include("members.php");
    In members.php I have a check so that not anyone can just access it, I have used this in its top:
    <?php
    @session_start();
    if(($_SESSION['logged_in']) !== true) {
    die("you are not logged in");
    }

    // members content here..
    ?>

    I have tried that in several varieties but I always get 'you are not logged in'.
    When I did: print_r($_SESSION);
    It gave this output: Array ( )

  7. #7
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    144
    Post all of your code.

    The form
    The db check
    if($php !== $javascript){
    echo "Good it's not supposed to be";
    }

  8. #8
    Join Date
    Feb 2005
    Location
    Norway
    Posts
    391
    Okay may look pretty messy but here they are as requested.. all of them, hope it helps:

    Index.php:
    PHP Code:
    <?PHP
    require("login.php");
    ?>
    login.php:
    PHP Code:
    <center><FORM action="log_in.php" method="post">
    Username:<BR>
    <INPUT type="text" name="Username"><BR>
    Password:<BR>
    <INPUT type="text" name="Password"><BR>
    <input type="hidden" name="IP" value=<? echo $_SERVER[REMOTE_ADDR];?>>
    <INPUT type="submit" value="Login">
    </FORM><BR>
    <?PHP
    @session_start();
    if((
    $_SESSION['logged_in']) !== false) {
    print(
    "<a href=register.php>Register</a>");
    } else {
    print(
    "<a href=logout.php>LogOut</a>");
    }
    ?></center>


    log_in.php
    PHP Code:
    <?php @session_start(); ?>
    <center><?php 
    include("config.php"); 
    $Username $_POST['Username'];    
    $Password $_POST['Password'];     
    //if (empty($Username) || empty($Password)) { 
     //     $logged_in = false; 
     //       $_SESSION['logged_in'] = false; 
     //      echo "<B>$no_login</B><BR>"; 
     //      include("login.php"); 
     //      exit; 
    //}
    if(($_SESSION['logged_in']) == true) {
    $_SESSION['logged_in'] = true;
    @
    mysql_close();
    Header('Location: main.php');
    exit;

    mysql_connect($host,$db_user,$db_pass); 
    @
    mysql_select_db($db_name) or die("Unable to select that database");     
    $query "SELECT * FROM users WHERE Username = '".$Username."' AND Password = '".$Password."'"
    $result mysql_query($query);
    if (@
    mysql_num_rows($result) < 1
    {        
    if((
    $_SESSION['logged_in']) !== true) {
    echo 
    "<B>$wrong_login</B><BR>"
    mysql_close();
    include(
    "login.php"); 
    exit;   
    }    
    }
    else    
    {        
    @
    mysql_close();
    $_SESSION['logged_in'] = true;
    Header('Location: main.php');
    exit;
    ?>
    <meta http-equiv="refresh" content="5" />
    <HTML>
    <HEAD>
    <center><H2>Rainbow Tables</H2><bR></center>
    </HEAD>
    <BODY>
    <br>
    <CENTER>
    <FORM action="crack.php" method="post">
    MD5 HASH:<BR>
    <INPUT type="text" name="userinput"><BR>
    <INPUT type="submit" value="Try">
    </FORM><BR>
    <br><br>
    <?php

        mysql_connect
    ($host,$db_user,$db_pass);
        @
    mysql_select_db($db_name) or die("Unable to select that database");
        
    $query "SELECT progress FROM rtables;";

            
    $result mysql_query($query);
        if (@
    mysql_num_rows($result) > 0
        {        
        
    mysql_close(); 
        } else {   
        
    mysql_close();
        exit;
        }


        
    $contents file_get_contents("output.txt");
        
    mysql_connect($host,$db_user,$db_pass);
        @
    mysql_select_db($db_name) or die("Unable to select that database");
        
    $query "SELECT * FROM rtables ORDER BY id DESC;";
        
    $result=mysql_query($query);
        
    $num=@mysql_numrows($result);
        
    mysql_close();

    ?>

        <table border="0" cellspacing="2" cellpadding="2">
        <tr>
        <th><font face="Arial, Helvetica, sans-serif">Last output:</font></th>
        </tr>

    <?php
        $i
    =0;
        while (
    $i $num) {
        
    $progress=@mysql_result($result,$i,"progress");
    ?>

        <tr>
        <td><font face="Arial, Helvetica, sans-serif"><? echo $progress?></font></td></tr>
    <?
        $i
    ++;
        }
    ?></BODY>
    </form>
    </CENTER>
    <?php


    //include("main.php");
    }
    ?></center>



    main.php:
    PHP Code:
    <center><?PHP
    @session_start();
    if((
    $_SESSION['logged_in']) === true) {
    } else {
    echo 
    "<B>You need to login to access this page</B>"
    include(
    "login.php"); 
    exit;
    }


    include(
    "config.php");
    //if($_SESSION['logged_in'] = false) {
    //echo "<B>$not_loggedin</B>";
    //$_SESSION['logged_in'] = false;
    //$logged_in = false;
    //include("login.php");
    //exit;
    //}
    //if($logged_in !=false) {
    [email protected]_start();
    //$_SESSION['logged_in'] = true;
    //$logged_in = true;
    //}
    ?>
    <meta http-equiv="refresh" content="5" />
    <HTML>
    <HEAD>
    <center><H2>Rainbow Tables</H2><bR></center>
    </HEAD>
    <BODY>
    <br>
    <CENTER>
    <FORM action="crack.php" method="post">
    MD5 HASH:<BR>
    <INPUT type="text" name="userinput"><BR>
    <INPUT type="submit" value="Try">
    </FORM><BR>
    <br><br>
    <?php

        mysql_connect
    ($host,$db_user,$db_pass);
        @
    mysql_select_db($db_name) or die("Unable to select that database");
        
    $query "SELECT progress FROM rtables;";

            
    $result mysql_query($query);
        if (@
    mysql_num_rows($result) > 0
        {        
        
    mysql_close(); 
        } else {   
        
    mysql_close();
        exit;
        }


        
    $contents file_get_contents("output.txt");
        
    mysql_connect($host,$db_user,$db_pass);
        @
    mysql_select_db($db_name) or die("Unable to select that database");
        
    $query "SELECT * FROM rtables ORDER BY id DESC;";
        
    $result=mysql_query($query);
        
    $num=@mysql_numrows($result);
        
    mysql_close();

    ?>

        <table border="0" cellspacing="2" cellpadding="2">
        <tr>
        <th><font face="Arial, Helvetica, sans-serif">Last output:</font></th>
        </tr>

    <?php
        $i
    =0;
        while (
    $i $num) {
        
    $progress=@mysql_result($result,$i,"progress");
    ?>

        <tr>
        <td><font face="Arial, Helvetica, sans-serif"><? echo $progress?></font></td></tr>
    <?
        $i
    ++;
        }
    ?></BODY>
    </form>
    </CENTER></center>

    crack.php:
    PHP Code:
    <CENTER><?php
    @session_start(); 
    if((
    $_SESSION['logged_in']) !== true) { 
    echo 
    "You need to login to access this page"
    include(
    "login.php"); 
    exit;
    }

    //include("main.php");

    include("config.php");
    $_GET['userinput'];
    $hash escapeshellcmd($userinput);


    mysql_connect($host,$db_user,$db_pass); 
    @
    mysql_select_db($db_name) or die("Unable to select that database");     
    $query "SELECT * FROM rtables WHERE progress LIKE '%$hash%';"
    $result mysql_query($query);
    if (@
    mysql_num_rows($result) > 0
    {
    mysql_close();
    include(
    "main.php");
    echo 
    "<B>That MD5 hash already exists in our database</B><BR><BR>"
    exit;   
    }

    $s1="Stopped";
    $op_cont file_get_contents("output.txt");

    $filename 'output.txt';
    $f3=" - Failed to";
    $e1="<B>You need to enter a valid MD5 hash!</B><BR><BR>";
    $e2="<B>Something whent wrong!<BR></B>";

    if (
    strlen($_POST['userinput']) < 32 || strlen($_POST['userinput']) > 32 ) {
    echo 
    "$e1";
    Header('Location: main.php');
    //include("main.php");
    exit;
    }
    $crack system("c:\\rcrack.exe c:\\*.rt -h $hash");
    if (
    is_writable($filename)) {
    if (!
    $handle fopen($filename'w')) {
    echo 
    "$e2 $f3 open $filename";
    include(
    "main.php");
    exit;
    }
    if (
    fwrite($handle$crack) === FALSE) {
    echo 
    "$e2 $f3 write output to $filename";
    //include("main.php");
    exit;
    }
    fclose($handle);

    //include("output.txt");

    } else {
    echo 
    "$e2";
    //mysql_connect($host,$db_user,$db_pass);
    [email protected]_select_db($db_name) or die("Unable to select that database");
    //$query = "INSERT INTO rtables (progress) VALUES('$op_cont');";
    //$result=mysql_query($query);
    //$num=mysql_numrows($result);
    //mysql_close();
    //include("main.php");
    //exit;
    }


    //$wp=fopen("output.txt","r"); 
    //while(!feof($wp)) { 
    //$content .= fread($wp,4096);
    //} 
    //fclose($wp);
    //$_SESSION['$wp'];


    mysql_connect($host,$db_user,$db_pass);
    @
    mysql_select_db($db_name) or die("Unable to select that database");
    $query "INSERT INTO rtables (progress) VALUES('$op_cont');";
    $result=mysql_query($query);
    $num=@mysql_numrows($result);
    mysql_close();
    //Header('Location: main.php');
    include("main.php");

    //mysql_connect($host,$db_user,$db_pass);
    [email protected]_select_db($db_name) or die("Unable to select that database");
    //$query = "INSERT INTO rtables (progress) VALUES('$op_cont');";
    //mysql_query($query);
    [email protected]_numrows($result);
    //mysql_close();
    @Header('Location: main.php');
    ?></CENTER>

    register.php:
    PHP Code:
    <center><?php
    @session_start();
    $_SESSION['IP'] = $_SERVER[REMOTE_ADDR];
    ?>
    <form method="POST" action="reg.php">
    First Name:<BR>
    <input type="text" name="Firstname" size="20" autocomplete="off"><BR>
    Last Name:<BR>
    <input type="text" name="Lastname" size="20" autocomplete="off"><BR>
    Username:<BR>
    <input type="text" name="Username" size="20" autocomplete="off"><BR>
    Password:<BR>
    <input type="text" name="Password" size="20" autocomplete="off"><BR>
    Email:<BR>
    <input type="text" name="Email" size="20" autocomplete="off"><BR>
    <input type="hidden" name="IP" value=<? echo $_SERVER[REMOTE_ADDR];?>>
    <input type="submit" value="Create"></center>

    reg.php:
    PHP Code:
    <center><?PHP
        
    @session_start();

        
    $Username $_POST['Username'];
        
    $Password $_POST['Password'];
        
    $id $_POST['id'];

        include(
    "config.php");
        
    mysql_connect($host,$db_user,$db_pass);
        @
    mysql_select_db($db_name) or die("Unable to select that database");
        
    $query "INSERT INTO users VALUES ('','$IP','$Username','$Password','$Firstname','$Lastname','$Email')";
        
    $result=mysql_query($query);
        
    mysql_close();

        echo 
    "<B>Thank you $Username, you are now registered!</B><BR>You can login below:<BR>";
        include(
    "login.php");
    ?></center>
    setup.php(this is ran once):
    PHP Code:
    <center><?
    require("config.php");
    mysql_connect($host,$db_user,$db_pass);
    @
    mysql_select_db($db_name) or die( "Unable to select database");
    $query="DROP TABLE IF EXISTS `rtables`;";
    mysql_query($query);
    mysql_close();


    mysql_connect($host,$db_user,$db_pass);
    @
    mysql_select_db($db_name) or die( "Unable to select database");
    $query="DROP TABLE IF EXISTS `users`;";
    mysql_query($query);
    mysql_close();



    mysql_connect($host,$db_user,$db_pass);
    @
    mysql_select_db($db_name) or die( "Unable to select database");
    $query="CREATE TABLE `users` ( 
    `id` INT( 6 ) NOT NULL AUTO_INCREMENT , 
    `IP` VARCHAR( 16 ) NOT NULL , 
    `Username` VARCHAR( 15 ) NOT NULL , 
    `Password` VARCHAR( 20 ) NOT NULL , 
    `Firstname` VARCHAR( 20 ) NOT NULL , 
    `Lastname` VARCHAR( 20 ) NOT NULL , 
    `Email` VARCHAR( 35 ) NOT NULL , 
    PRIMARY KEY ( `id` ) 
    );"
    ;
    mysql_query($query);
    mysql_close();


    mysql_connect($host,$db_user,$db_pass);
    @
    mysql_select_db($db_name) or die( "Unable to select database");
    $query="CREATE TABLE `rtables` ( 
    `id` INT( 6 ) NOT NULL AUTO_INCREMENT , 
    `progress` VARCHAR( 250 ) NOT NULL ,
    PRIMARY KEY ( `id` ) 
    );"
    ;
    mysql_query($query);
    mysql_close();


    //mysql_connect($host,$db_user,$db_pass);
    [email protected]_select_db($db_name) or die( "Unable to select database");
    //$query="INSERT INTO rtables (progress) VALUES('-');";
    //mysql_query($query);
    //mysql_close();

    echo "<B>Install complete!</B><BR>Delete 'setup.php'"
    include(
    "login.php");
    ?></center>


    logout.php
    PHP Code:
    <?PHP
    @session_start();
    if(
    $_SESSION['logged_in'] = false) {
    $_SESSION['logged_in'] = false;
    @
    session_unset();
    @
    session_destroy();
    echo 
    "You are not logged in";
    include(
    "login.php");
    } else {
    @
    session_unset();
    @
    session_destroy();
    $_SESSION['logged_in'] = false;
    echo 
    "<B>You were successfully logged out!</B><BR>";
    include(
    "login.php");
    }
    @
    session_unset();
    @
    session_destroy();
    $_SESSION['logged_in'] = false;
    ?>


    config.php:
    PHP Code:
    <?PHP


        $db_user
    ="root";
        
    $db_pass="password";
        
    $db_name="test";
        
    $host="localhost";

        
    $no_login "No username or password specified";
        
    $wrong_login "Wrong username or password";
        
    $hidden "main.php";
        
    $not_loggedin "You are not logged in"
    ?>


    I know the code looks pretty messy.
    I have commented some parts of it as I were working with it and found better ways to do it or didnt need it anymore or are going to use it later, ignore most of the commented parts.

    What this does is..
    It allows users to register a account.
    They have to fill in firstname, lastname, username and password.
    Their IP and a id is also being assigned. Although they later on only need username&password to login. In setup.php it sets up all the tables etc to store the userinformation, and the table I named rtables, which should contain all cracked password hashes, and will be shown on main.php bottom in descending order so the newest cracked hashes at top. This page also auto refreshes every 5 seconds to see the progress of the cracking. This line in crack.php executes the query in cmd: $crack = system("c:\\rcrack.exe c:\\*.rt -h $hash");
    its the location for the program I use and its parameters. I have a textfile in the same folder, that all output from cmd will be written into. I then put that output in the database, which I said I will sort descending in main.php. The main problem I have now is the login part, I cant login even though Im sure I have the session in mym memory.. everything else working except the login thing.

    Thanks for all help
    Last edited by UrlGuy; 07-14-2005 at 07:02 PM.

  9. #9
    Join Date
    Dec 2003
    Location
    Vancouver BC, eh?
    Posts
    570
    Without actually trying your code, I didn't see any obvious errors except in commented code and in logout.php you have:
    if ($_SESSION['logged_in'] = false)
    {
    ....
    }

    which if you look at it will always be true!

    But my suggestion is to par down what you are attempting and take it in baby steps, thinking simply. Don't worry about setup.php ,etc.. or the crack.php, but get the basic login working first, then start adding on.

  10. #10
    Join Date
    Feb 2005
    Location
    Norway
    Posts
    391
    So whats the correct code for setting and checking for valid sessions? Thanks!

  11. #11
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    144
    well to see if you sessions working at all. just put in:
    PHP Code:
    $_SESSION['check'] = 'Is the session working?'
    right after you set the session. Then just user your print_r();

    Your code(don't torture yourself):
    PHP Code:
    $result mysql_query($query);
    if (@
    mysql_num_rows($result) < 1)

    Use some code to help tshoot if anything goes wrong:

    PHP Code:
    $result mysql_query($query) or die('Select Statement Failed: ' mysql_error()); 
    if($php !== $javascript){
    echo "Good it's not supposed to be";
    }

  12. #12
    Join Date
    Dec 2004
    Posts
    30
    You checked to see if the session is there by:
    PHP Code:
    if($_SESSION['logged_in'] == false)
    {
    // some code

    I usally do it this way:
    PHP Code:
    if(session_is_registered("logged_in"))
    {
    // some code

    Hope this helps.

  13. #13
    Join Date
    Feb 2005
    Location
    Norway
    Posts
    391
    Originally posted by The Kid Scareya
    You checked to see if the session is there by:
    PHP Code:
    if($_SESSION['logged_in'] == false)
    {
    // some code

    I usally do it this way:
    PHP Code:
    if(session_is_registered("logged_in"))
    {
    // some code

    Hope this helps.



    I have this in my login script:

    session_start();
    If the user+pass is found in the database.. {
    $_SESSION['logged_in'] = true;
    Header('Location: members.php'); // I have also tried include
    } else {
    echo "your username+pass was not found in database";
    include("login.php");
    exit;
    }


    This will when the user and pass is found in the database put a $_SESSION['logged_in'] = true;
    in their session, and redirect them to members.php
    In members.php I have this:

    session_start();
    if($_SESSION['logged_in'] == false) {
    echo "You are not logged in";
    include("login.php");
    exit;
    }


    And when I try to login I always get "you are not logged" in, the the session appear not to be true, something I did wrong?
    Btw, how do I use session_is_registered(); ? I tried php.net but didnt find good examples.. can I use that for the login script instead? Thanks for everyones help so far..!!

  14. #14
    Join Date
    Dec 2004
    Posts
    30
    Originally posted by UrlGuy

    session_start();
    if($_SESSION['logged_in'] == false) {
    echo "You are not logged in";
    include("login.php");
    exit;
    }
    Try this instead of what you put above:
    PHP Code:
    if(session_is_registered('logged_in')){
    echo 
    "You are not logged in.";
    include(
    "login.php");
    exit;


  15. #15
    Join Date
    Feb 2005
    Location
    Norway
    Posts
    391
    Thanks, now it doesnt show "You are not logged in" but now I can also access it without logging in..

  16. #16
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    144
    Hello? He doesn't even have a session variable yet! urlguy just stick with print_r($_SESSION) until you actually define something.
    if($php !== $javascript){
    echo "Good it's not supposed to be";
    }

  17. #17
    Join Date
    Feb 2005
    Location
    Norway
    Posts
    391
    Okay.. and how do I define it?
    session_register("var"); ?
    I thought I could do that with the $_SESSION['logged_in'] = true; ? ..if I got you right.. or how do I define the variable and then check it on the next page? Thanks again!!

  18. #18
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    144
    Originally posted by UrlGuy
    Okay.. and how do I define it?
    session_register("var"); ?
    I thought I could do that with the $_SESSION['logged_in'] = true; ? ..if I got you right.. or how do I define the variable and then check it on the next page? Thanks again!!
    You can. It's not the way you are defining it; it's the fact the the code defining it does not execute.

    For example try this in a simple script:
    PHP Code:
    <?php
    session_start
    ();

    $_SESSION['yep'] = "I just defined this in the session";

        
    print_r($_SESSION);

    ?>
    if($php !== $javascript){
    echo "Good it's not supposed to be";
    }

  19. #19
    Join Date
    Feb 2005
    Location
    Norway
    Posts
    391
    gives
    Array ( [yep] => I just defined this in the session )
    but I did define it in log_in.php..
    if login is correct then
    $_SESSION['logged_in'] = true;
    and it then redirects to main.php which is the members page, which does a check if($_SESSION['loggged_in'] == true) { memberscontent..
    so it should execute.. .or? what did I do wrong then and how'd I fix?

  20. #20
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    144
    Explain this. (what The Kid Scareya pointed out)

    PHP Code:
    if(($_SESSION['logged_in']) == true) {
    $_SESSION['logged_in'] = true;
    @
    mysql_close();
    Header('Location: main.php');
    exit;

    if($php !== $javascript){
    echo "Good it's not supposed to be";
    }

  21. #21
    Join Date
    Feb 2005
    Location
    Norway
    Posts
    391
    A little messy coding heh, supposed to be something like
    if(($_SESSION['logged_in']) == true) {
    Header('Location: main.php');
    exit;
    }

    And this works and redirects me to main.php..
    but in main.php I have a check so that not anyone can directly access it I have this code at top:

    if(($_SESSION['logged_in'] !== true)) {
    echo "you need to login";
    include("login.php");
    exit;
    }

    but this one always failes..
    is there any difference for the session whether I use redirect or include for the next page?
    Last edited by UrlGuy; 07-15-2005 at 12:24 PM.

  22. #22
    Join Date
    Mar 2003
    Location
    Toronto Ontario
    Posts
    1
    hi,
    i haven't used my account in these forums in A LONG time
    but when i was reading this i had to login and say something

    your code has a lot of redundant code
    things like
    $Username = $_POST['username'];
    is pointless and is just a waste

    things like mysql_close() doesn't need to be used

    and the MAIN problem is the Header()

    header() HAS TO BE THE VERY FIRST LINE
    you can't use it just anywhere, since the header part is sent with the buffer, if you're going to use it like you are right now there are two ways, first i forgot so i apologise second way is it use javascript,

    echo "<script type='text/javascript'> document.location("somesite")
    </script>";

    also when ever you have a mysql query always include "or die(mysql_error());" that will HELP A LOT, don't make up your own error msgs

    here i'm going to write sometihng for login i won't guaruntee it to work without bugs since i'm just writing it right now
    HTML
    PHP Code:
    <html>
    <
    body>
    <
    form method='post' action='login.php'>
      <
    input type='text' name='username' /><br/>
     <
    input type='password' name='password />
    <input type='
    submit' name='login' value='Login'/>
    </form>
    </body>
    </html> 
    PHP Code:
    session_start();
    header("Cache-control: private"); // theres a problem with IE and you need to use that line
    mysql_connect($host,$db_user,$db_pass); 
    $sql "SELECT Password FROM users WHERE Username = '" $_POST['username'] ."'";
    $result mysql_query($sql,$db_name) or die(mysql_error());
    if(
    mysql_result($result,0) == $_POST['Password']){
      
    $_SESSION['loggedin'] = "true";
    print(
    "LOGGED IN");
    }else{
    unset(
    $_SESSION['loggedin']);
    print(
    "NOT LOGGED IN");

    again i'm sorry if that doesn't work but it should be SOMETHING like that
    EVERYTHING, and i mean EVERYTHING you need to know about php is in their documentation

    php.net

    k laters

  23. #23
    Join Date
    Apr 2004
    Location
    Fullerton, CA
    Posts
    97
    Originally posted by UrlGuy
    A little messy coding heh, supposed to be something like
    if(($_SESSION['logged_in']) == true) {
    Header('Location: main.php');
    exit;
    }

    And this works and redirects me to main.php..
    but in main.php I have a check so that not anyone can directly access it I have this code at top:

    if(($_SESSION['logged_in'] !== true)) {
    echo "you need to login";
    include("login.php");
    exit;
    }

    but this one always failes..
    is there any difference for the session whether I use redirect or include for the next page?
    The reason this is failing is because you're checking for (boolean) true.

    It should be:
    PHP Code:
    if($_SESSION['logged_in'] != TRUE)
    {
    echo 
    "you need to login";
    include(
    "login.php");
    exit;


  24. #24
    Join Date
    Feb 2005
    Location
    Norway
    Posts
    391
    Wow.. thanks!!
    Cool.. that easy huh..
    I learned something new todays too now..
    Thanks again m8 that was exactly the answer I was looking for!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •