Why wont my login work???

evo4ever

Ok to line it all off I came to the conclusion that my login wont work at all! I don't know what the problem is becuase ive revised the code about 50 times!

Here is the code for the login page:

<?php include("../include/dreamweaver_hotel_admin.php"); ?>
<?php
	// This section is only run when the form has been submitted
	if($HTTP_POST_VARS['Submit']=='Login'){
		session_start();
		// Check whether the login details are correct, and put 
		// the user status into a session variable.
		$statusCheck = check_login($HTTP_POST_VARS); 
		if ($statusCheck == "Admin" || $statusCheck == "Staff"){
			session_register("statusCheck");
			header("Location: /memonly/index.php");
			}
	}		
?>
<?
	function check_login($formdata) {

	// This section queries the users table, and searches for
	// the username and password that were supplied. If the
	// user is not found, an error is returned. If the user
	// details are correct the users status is returned.

	// Setup MySQL Connection variables, set as correct for your system.
	$dbhost = "";
	$dbuser = "";
	$dbpassword = "";
	$db = "";

	// Get Form Data
	$form_data = trim($formdata);
	$user = $form_data['username'];
	$password = $form_data['password'];

	// Connect to the mySQL Server
	$mysql = mysql_connect($dbhost, $dbuser, $dbpassword);  
	if(!$mysql) {
		$error = "Cannot connect to Database Host";
		return($error);
	}

	// Open the mySQL Database
	$mysqldb = mysql_select_db($db);
	if(!$mysqldb) {
		$error = "Cannot open Database";
		return($error);
	}

	// Query Database
	$myquery = "SELECT * FROM users WHERE username = '" . $user . "' AND password = '" . crypt($password,"DWMXPHP") . "'";				
	$result = mysql_query($myquery);
	if (!$result){
		$error = "Cannot run Query";
		return($error);
	}

	// Check that we have a record returned
	$numRows = mysql_num_rows($result);
	if ($numRows < 1){
		$error = "User name or password not recognised";	
		return($error); }

	// Get user status from returned record
	$userRecord = mysql_fetch_array($result);
	$status = $userRecord["status"];
	return($status);
	}									
?>

Heres the code for the logged in page:

<?php
	session_start();
	// If the user logs out, destroy their session
    if($HTTP_GET_VARS['action']=='logout'){
		session_unregister("statusCheck");
		session_destroy(); }
	// If no session is set, redirect to login.php	
	if (!session_is_registered("statusCheck"))
		header("Location: [url]http://www.clanph.net/login_redirect.php[/url]");			
?>

The error I always get back is "User name or Password not recognised" but its in the damn database. And yes its set up correctly! Can anyone see any errors in the code?

evo4ever

Oh and if u want the include.php file here it is:

<?php 
##########################################
## dreamweaver_hotel_admin include file ##
##########################################

function trim_data($formdata) {
	// Trim any leading or trailing spaces
	// $formdata = Form Data Array
	foreach($formdata as $key => $value)
	{
		$key = trim($key);
		$value = trim($value);
	}
	return $formdata;
}

function check_form($formdata){
	// Check all fields are filled in
	// $formdata = Form Data Array
	foreach ($formdata as $key => $value) 
	{
		if (!isset($key) || $value == "" )
			return false;
	}
	return true;
}

function check_password_length($formdata, $password, $minlen) {
	// Check that password is required length
	// $formdata = Form Data Array
	// $password = Name of password field
	// $minlen = Minimum number of password characters
	if (strlen($formdata[$password]) < $minlen)
		return false;
	else
		return true;
}

function confirm_password($formdata, $password1, $password2) {
	// Check that two passwords given match
	// $formdata = Form Data Array
	// $password1 = Name of first password field
	// $password2 = Name of second password field

if ($formdata[$password1] === $formdata[$password2]) 
	return true; 
else 
	return false; 
}

function check_unique($formvalue, $db, $dbhost, $dbuser, $dbpassword, $table, $field) {
	// Checks a table in a database, so see if passed value already exists
	// $formvalue = Value you are checking to see if it is unique or not
	// $db = mySQL Database Name
	// $dbhost = mySQL Server address eg localhost
	// $dbuser = mySQL user name
	// $dbpassword = mySQL password
	// $table = mySQL Table to search
	// $field = mySQL Field to search

$error = "";
// Connect to the mySQL Server
$mysql = mysql_connect($dbhost, $dbuser, $dbpassword);  
if(!$mysql) 
{
	$error = "Cannot connect to Database Host";
	return($error);
}
// Open the mySQL Database
$mysqldb = mysql_select_db($db);
	if(!$mysqldb) 
{
	$error = "Cannot open Database";
	return($error);
}
// Query Table to see if $formvalue is unique
$myquery = "SELECT * FROM $table WHERE $field = '$formvalue'";
$result = mysql_query($myquery);
if (!$result)
	{
	$error = "Cannot run Query";
	return($error);
}
// Get number of Records found, should be 0 if $formvalue is unique
$unique = mysql_num_rows($result);

if ($unique > 0)
{
	$error = $formvalue. " already in use";
	return($error);
}
// Return true if $formvalue is unique
return("true");
}
?>

Might be helpful.

DoobyWho

I believe your getting that because

 if ($numRows < 1){
            $error = "User name or password not recognised";    

            return($error); }

doesn't that start with 0? I believe if you have a single result, the $numRows is going to equal 0, not 1.

evo4ever

No that didnt work. It just got rid of the error! I keep on getting redirected back to the login page but without the error.

DoobyWho

tell me what this gets you

if ($numRows == 0){
            $error = "User name or password not recognised";    

            return($error); }

evo4ever

That didnt work either! it came back to the login page but with the error aswel!

This may be a database issue! Here the users table in the database:

'ID' INT(8) NOT NULL AUTO_INCREMENT PRIMARY KEY,
'username' VARCHAR(20) NOT NULL,
'password' VARCHAR(20) NOT NULL,
'firstName' VARCHAR(30) NOT NULL,
'lastName' VARCHAR(30) NOT NULL,
'status' VARCHAR(10) NOT NULL
);

DoobyWho

Lemme finish a script for work real fast and i'll look it over again.

MrAlaska

Regarding the immediate problem: If it is returning that error, it appears to mean the password in the database does not match the encrypted password you are comparing it to, but I did not pick through the code that well. Did you encrypt it the same way when you entered it into the database?

The session functions you are using depend on globals being registered which has some inherent security flaws. You would be better off setting and reading the variables through the $_SESSION array and getting rid of session_is_registered(), session_register(). If you have a recent installation of PHP that globals are disabled by default, that will make the code break also.

evo4ever

look mate, im a total newbie on php. could u simplify on what you've just said?

MrAlaska

Oh, usually total newbies do not use such advanced functions and stuff.

First things first. You need to make sure the password in the database is the same password you are comparing it to. Just for testing purposes, try inserting this as your query and see what you get. I did not test the syntax and I tend to be a space cadet, so it might throw an error or something but if it works it should echo back the strings and they should be identical.

I am assuming the user names are unique? If not, then the code will need modified to loop through them.

EDIT: nevermind, I modified it anyway.

<?php
// Query Database
$myquery = "SELECT password FROM users WHERE username = '".$user."'";
$result = mysql_query($myquery) or die (mysql_error());
while($row=mysql_fetch_array($result, MYSQL_ASSOC)) {
    $echo "database password is: ".$row[password];
    $echo "<br>";
    echo "submitted password is: ".crypt($password,"DWMXPHP");
    $echo "<p>";
}
exit;
?>

evo4ever

Nope that didnt work. I just got a load of parse errors. One on line 50. Which is this:

$result = mysql_query($myquery);

MrAlaska

I told you there would probably be a syntax error. If you are unable to diagnose simple errors, then I suggest going back to $helloWorld and work your way up (assuming you have ever been there). This forum is for help with coding problems, not to teach you how to code from the beginning or build your script for you. The newbie forum is the proper place to ask for clarification on simple questions if you are having trouble with a concept or understanding something.

Beginner tip: If an unexpected error ocurs at the the beginning of a line, look for an unterminated line preceding it. In this case I had forgot the semicolon, it's fixed now (maybe).

I think you should drop this project for the time being and do a little PHP 101. Find a tutorial that appears as though it might be understandable, start from the beginning, and take it one step at a time.

Php manual:
http://www.php.net/manual/en/
http://www.php.net/manual/en/tutorial.php

Beginning PHP tutorials:
http://hotwired.lycos.com/webmonkey/programming/php/
http://hotwired.lycos.com/webmonkey/programming/php/tutorials/tutorial4.html
http://www.zend.com/zend/tut/ (beginning - advanced)
http://www.newbienetwork.net/sections.php (PHP and MySql)
http://www.webmasterbase.com/subcats/53 (beginning - advanced)
http://www.thefreecountry.com/ (general programming tips, tutorials, and articles)
http://www.phpbuilder.net/columns/ (tutorials and articles)
http://php.resourceindex.com/Documentation/ (many tutorials and articles)
http://www.wdvl.com/Authoring/Languages/PHP/ (some articles/tutorials intermedieate and advanced)
http://www.onlamp.com/php/ (many articles/tutorials beginning - advanced)

Some SQL help:
http://www.sqlcourse.com
http://www.sqlzoo.net
http://www.devshed.com/Server_Side/MySQL/Intro/page1.html
http://www.devshed.com/Server_Side/PHP/DB_Basics/page1.html

MySql manual:
http://www.mysql.com/doc/en/index.html