Login gone sower!

evo4ever

Ok im back here with a problem with my login system! here goes:
Everytime I try to login I get redirected to the login page saying that my user name and password are not recognised! But there in the damn database!

Heres the code what gets executed when the submit button is pressed:

<?php
// This section is only run when the form has been submitted
if($Submit=="Login")
{
  session_start();

  // Check wether the login details are correct, and put
  // the user status into session variable.
  $statusCheck = check_login($HTTP_POST_VARS);
  if ($statusCheck == "Admin" || $statusCheck == "Staff")
  {
    session_register("statusCheck");
	header("Location: /memonly/index.php");
  }
}
?>

Heres some more that might be relevant to see:

 // Query Database with username and encrypted password
  $myquery = "SELECT * FROM users WHERE username = '" . $user;
  $myquery .= "' AND password = '" . crypt($password, "DWMXPHP") . "'";
  $result = mysql_query($myquery);
  if (!$result)
  {
    $error = "Cannot run Query";
	return($error);
  }

  // Check that we have a record returned
  $numRows = mysql_num_rows($result);
  if ($numRows < 1)
  {
    $error = "User name or password not recognised";
	return($error);
  }

  // Get user status from returned record
  $userRecord = mysql_fetch_array($result);
  $status = $userRecord["status"];
  return($status);

}

Plz help! Thx.

evo4ever

BUMP

daveyboy

might you need $HTTP_POST_VARS[ 'user' ] or $_POST[ 'user' ] ?

posting 'check_login()' would also help.

Yamakazi

At one moment you do this:

header("Location: /memonly/index.php");

But you can only send hearders in the first line's of your script. And thats the same for session_start();

Don't know if that 's the prob?

I'm pretty noobish myself 🙂

evo4ever

Nah. None of that seamed to help! 🙁 I just don't know whats wrong :mad:

Weedpacket

Using $_SESSION[] (or $HTTP_SESSION_VARS[] on older versions of PHP) will make things simpler.

$variable='something';
session_register('variable')

runs the risk of clobbering $variable so that it doesn't contain 'something' any more. But

$_SESSION['variable']='something';

has no such problem.

Also, Yamakazi says
But you can only send hearders in the first line's of your script. And thats the same for session_start();

No, they only need to be called before any content is sent to the browser (they wouldn't be very useful if they had to be on the first line of the script).

Putting session_start() at the very top doesn't hurt, saves having to do it lower down (PHP gives you the option of implicitly putting it at the top of every page), but nor is it necessary.

Here's an idea. Right after the line $statusCheck=check_login(...) put the lines

echo "check_login: statusCheck=$statusCheck";
exit;

And see what your check_login() function is actually returning (the exit is to stop it continuing and probably choking).

And like daveyboy asked, post the rest of check_login - does $user and $password have the values they should (echo $myquery before sending it to the database)?