Check my login codes Please!

Arithan

Please check the following code. It is very simple however, it
doesn't want to work as i would like it to. I checked the MySQL
database so that is not the problem. By the way, this code is not
all one page. I seperated the different files by comments.

<?php //Form page ?>
<HTML>
<HEAD>
<TITLE>TheADM</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>

<BODY BGCOLOR=#FFFFFF LEFTMARGIN=0 TOPMARGIN=0 MARGINWIDTH=0 MARGINHEIGHT=0>
<form name="form1" method="post">
  <p>
    <input name="f_user" type="text">
  </p>
  <p> 
    <input name="f_pass" type="password">
  </p>
  <p> 
    <input type="submit" name="Submit" value="Submit">
  </p>
</form>
</body>
</html>

<?php
//Authenticate page

//What does status equal?

$status = authenticate($f_user, $f_pass);
//Begin the other page showing results
//Lets code the meat of the application
if ($status == 1)
{ //If user exists and pass is correct
	//Start a session
	session_start();

//Register some variables (We will use these on the pages)
session_register('SESSION');

//I want to display the username on the page, if the person is logged in
session_register('LoginName');
$LoginName = $f_user;

//Now we redirect people to the index, but as logged in
header("Location: ./index.php");
exit();
}
//Else if there is no user...
else
{
	//Tell them nicely to go away
	header("Location: /error.php?e=$status");
	exit();
} 
//I made 2 different authenticate functions but none work
function authenticate($user, $pass)
{
		$username = '+++++';
		$password = '+++++';
		if ($user == $username && $pass == $password)
		{
				return 1;
		}
		else 
		{
				return 0;
		}
}

/* This part doesn't work either
//Returns 1 if valid combo, 0 if not
function authenticate($f_user, $f_pass)
{
		//Configure variables we're going to use to access database
		$db_user = '++++';			//Username used to login to MySQL
		$db_pass = '++++';		//Password used with username
		$db_name = '++++';		//The name of the database
		$db_host = 'localhost';     //Host of the MySQL server
		//OK. Now we're done setting those up, and now we can do the query variables
		//Define our connection
		$connection = mysql_connect($db_host, $db_user, $db_pass) or die ('Unable to connect to Server');
		mysql_select_db($db_name);  //Select the right database
		//Store our query
		$query = "SELECT id FROM passwords WHERE username = '$f_user' AND password = '$f_pass'";
		//This is the return string
		$result = mysql_query($query, $connection) or die ("Error in query: $query. " . mysql_error());

	//Now we check our return string and see if the user exists or not
	//If row exists, then user+pass combo is valid 
	if (mysql_num_rows($result) == 1)
	{
		//The user exists, so we return 1
		return 1;
	}
	else
	{
		//The person doesn't exist in our database
		return 0;
	}
} */
?>

<?php 
//Here's the error page
if ($e == 0)
{
?>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<table width="792" border="0" cellpadding="0" cellspacing="0">
  <!--DWLayoutTable-->
  <tr> 
    <td width="159" height="123">&nbsp;</td>
    <td width="490" valign="top"><div align="center">
        <p><font color="#FF0000" size="6">BAD LOGIN</font></p>
        <p><font color="#FF0000" size="6">Your login info is incorrect<br>
          Please try again</font></p>
      </div></td>
    <td width="143">&nbsp;</td>
  </tr>
  <tr>
    <td height="100">&nbsp;</td>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
</table>
</body>
</html>
<?php
}
else
{
echo("An unexpected error has occured!");
header("Location: ./index.php");
}
?>

So there it is. Any suggestions? Hints?
Thanks in advance

Kudose

You didnt write this code did you. Anyways, here is an EXAMPLE of how I would verify my users without SESSIONS.

 <? 
	   if($username=='' || $password=='' || $eventname=='' || $promotedby=='' || $venue=='' || $location='' || $date=='' || $doorfee=='' || $rooms=='' || $infoline=='' || $lineup=='' || $username==''){
	       echo "           

          <td height='475' width='100%' valign='center'> <strong><font size='2' face='Tahoma'>You 
            left required feilds blank. Please go back and fix this. <a href='addevent.php'>&lt;- 
            Back</a></font></strong></td>";
       } else {

   include('dbinfo.inc.php'); // this is where my DB connect info is stored
$query=mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$rows = mysql_num_rows($query);
if($rows != "1"){
	   echo"
	   			<td height='475' width='100%' valign='center'> <strong><font size='2' face='Tahoma'>
				Your username and/or password is not valid. Please go back and fix this.
				 <a href='addevent.php'>&lt;- Back</a></font></strong></td>";

	} else { echo" Whatever! "; }}

Keep in mind I did not specifically write this for you, so you will hjave to edit it as you see fit.

My dbinfo.inc.php would look like this:

mysql_connect('localhost', 'username', 'password', 'dbname');

Arithan

Are you talking about the table divisions? No I didn't write that.
I used dreamweaver. However, the php code i used i did write.

Arithan

Is this code for a calendar? I don't understand the point of the if
compares. Are saying i should hardcode the passwords and check
them with an if block like this:

//Login forum on different page
//The textbox is named user and passbox is named pass:
<?php
if (submit)
{
if ($user == 'Hardcoded User' && $pass == 'Hardcoded Pass')
{ //here we rederect user to protected page or something
  //also store the logged in state somehow, whether with sessions
  //or cookies
}
else
{ //Check failed, send them to error page}
}
?>

Kudose

You should have a login.php page. that is a form ad sends you to verify.php which authenticates. Yuo can use sessions if you want, then have a redirect to another pace and include verify.php beofre any of your code to check sessions.

Kudose

Your last post is how I would do it.

Arithan

Thanks,
Ill try it and see what happens