php login

dirkdetken

I'm trying to set-up the register and login example in Chapter 12 (Larry Ullman PHP and MySQL for dynamic websites) - with an extra entry field of 'url'. The code exactly replicates the chapter 12 source code - with the extra 'url' component.

The database has been set-up correctly and the registration process works fine - with the input data being received and logged in the appropriate rows / columns in the database (see: www.red-media-design.com/database.htm).

However, the login set-up isn't working - and I can't see where the code is going wrong - despite having examined it for the past 24 hours.

I'd be grateful for a 2nd pair of eyes to look at the code below and the database to see where the problem is.

Many thanx

Dirk

The registration page code:

if (isset($_POST['submit'])) { // Handle the form.

require_once ('xxxxxxx/mysql_connect.php'); // Connect to the database.

// Check for a first name.
if (eregi ("^[[:alpha:].' -]{2,15}$", stripslashes(trim($_POST['first_name'])))) {
	$fn = escape_data($_POST['first_name']);
} else {
	$fn = FALSE;
	echo '<p><font color="red" size="+1">Please enter your first name!</font></p>';
}

// Check for a last name.
if (eregi ("^[[:alpha:].' -]{2,30}$", stripslashes(trim($_POST['last_name'])))) {
	$ln = escape_data($_POST['last_name']);
} else {
	$ln = FALSE;
	echo '<p><font color="red" size="+1">Please enter your last name!</font></p>';
}

// Check for an email address.
if (eregi ("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,4}$", stripslashes(trim($_POST['email'])))) {
	$e = escape_data($_POST['email']);
} else {
	$e = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid email address!</font></p>';
}

// Check for a client url address.
if (eregi ("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,4}$", stripslashes(trim($_POST['url'])))) {
	$e = escape_data($_POST['url']);
} else {
	$e = FALSE;
	echo '<p><font color="red" size="+1">Please enter a client url!</font></p>';
}

// Check for a username.
if (eregi ("^[[:alnum:]_]{4,20}$", stripslashes(trim($_POST['username'])))) {
	$u = escape_data($_POST['username']);
} else {
	$u = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid username!</font></p>';
}

// Check for a password and match against the confirmed password.
if (eregi ("^[[:alnum:]]{4,20}$", stripslashes(trim($_POST['password1'])))) {
	if ($_POST['password1'] == $_POST['password2']) {
		$p = escape_data($_POST['password1']);
	} else {
		$p = FALSE;
		echo '<p><font color="red" size="+1">Your password did not match the confirmed password!</font></p>';
	}
} else {
	$p = FALSE;
	echo '<p><font color="red" size="+1">Please enter a valid password!</font></p>';
}

if ($fn && $ln && $e && $url && $u && $p) { // If everything's OK.

	// Make sure the username is available.
	$query = "SELECT user_id FROM users WHERE username='$u'";		
	$result = @mysql_query ($query);

	if (mysql_num_rows($result) == 0) { // Available.

		// Add the user.
		$query = "INSERT INTO users (username, first_name, last_name, email, url, password, registration_date) VALUES ('$u', '$fn', '$ln', '$e', '$url' , PASSWORD('$p'), NOW() )";		
		$result = @mysql_query ($query); // Run the query.

		if ($result) { // If it ran OK.

			// Send an email, if desired.
			echo '<h3>Thank you for registering!</h3>';
			exit();				

		} else { // If it did not run OK.
			// Send a message to the error log, if desired.
			echo '<p><font color="red" size="+1">You could not be registered due to a system error. We apologize for any inconvenience.</font></p>'; 
		}		

	} else { // The username is not available.
		echo '<p><font color="red" size="+1">That username is already taken.</font></p>'; 
	}

	mysql_close(); // Close the database connection.

} else { // If one of the data tests failed.
	echo '<p><font color="red" size="+1">Please try again.</font></p>';		
}

} // End of the main Submit conditional.
?>

<h1>Register</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>

<p><b>First Name:</b> <input type="text" name="first_name" size="15" maxlength="15" value="<?php if (isset($_POST['first_name'])) echo $_POST['first_name']; ?>" /></p>

<p><b>Last Name:</b> <input type="text" name="last_name" size="30" maxlength="30" value="<?php if (isset($_POST['last_name'])) echo $_POST['last_name']; ?>" /></p>

<p><b>Email Address:</b> <input type="text" name="email" size="40" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /> </p>

<p><b>Client URL:</b> <input type="text" name="url" size="50" maxlength="40" value="<?php if (isset($_POST['url'])) echo $_POST['url']; ?>" /> </p>

<p><b>User Name:</b> <input type="text" name="username" size="10" maxlength="20" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /> <small>Use only letters, numbers, and the underscore. Must be between 4 and 20 characters long.</small></p>

<p><b>Password:</b> <input type="password" name="password1" size="20" maxlength="20" /> <small>Use only letters and numbers. Must be between 4 and 20 characters long.</small></p>

<p><b>Confirm Password:</b> <input type="password" name="password2" size="20" maxlength="20" /></p>
</fieldset>

<div align="center"><input type="submit" name="submit" value="Register" /></div>

</form><!-- End of Form -->

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

The login code:

<?php # Script 12.7 - login.php
// This is the login page for the site.

// Include the configuration file for error management and such.
require_once ('xxxxxxxxx/config.inc');

// Set the page title and include the HTML header.
$page_title = 'Login';

if (isset($_POST['submit'])) { // Check if the form has been submitted.

require_once ('xxxxxxx/mysql_connect.php'); // Connect to the database.

if (empty($_POST['username'])) { // Validate the username.
	$u = FALSE;
	echo '<p><font color="red" size="+1">You forgot to enter your username!</font></p>';
} else {
	$u = escape_data($_POST['username']);
}

if (empty($_POST['password'])) { // Validate the password.
	$p = FALSE;
	echo '<p><font color="red" size="+1">You forgot to enter your password!</font></p>';
} else {
	$p = escape_data($_POST['password']);
}

if ($u && $p) { // If everything's OK.

	// Query the database.
	$query = "SELECT user_id, first_name FROM users WHERE username='$u' AND password=PASSWORD('$p')";		
	$result = @mysql_query ($query);
	$row = mysql_fetch_array ($result, MYSQL_NUM); 

	if ($row) { // A match was made.

			// Start the session, register the values & redirect.
			$_SESSION['first_name'] = $row[1];
			$_SESSION['user_id'] = $row[0];

			ob_end_clean(); // Delete the buffer.

			header ("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "www.red-media-design.com/client_page_test.php");
			exit();

	} else { // No match was made.
		echo '<p><font color="red" size="+1">The username and password entered do not match those on file.</font></p>'; 
	}

	mysql_close(); // Close the database connection.

} else { // If everything wasn't OK.
	echo '<p><font color="red" size="+1">Please try again.</font></p>';		
}

} // End of SUBMIT conditional.
?>

<h1>Login</h1>
<p>Your browser must allow cookies in order to login.</p>
<form action="<?php echo $SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<p><b>User Name:</b> <input type="text" name="username" size="20" maxlength="20" value="<?php if (isset($POST['username'])) echo $_POST['username']; ?>" /></p>
<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="20" /></p>
<div align="center"><input type="submit" name="submit" value="Login" /></div>
</fieldset></form>

bpat1434

wow... how about wrapping those in [php] tags please....

So what is going wrong? What are you expecting to happen, and what really happens?

Secondly, are you sure your query goes off without a hitch? I see no query error catching statements (which is a no-no when you're trying to debug). Add in some or die() statements that spit out the error codes that mySQL gives you.

<?php

// Query the database.
$query = "SELECT user_id, first_name FROM users WHERE username='$u' AND password=PASSWORD('$p')";
$result = @mysql_query ($query);

if(!$result){ die('mySQL Errror!<br>'.mysql_errno().'<br>'.mysql_error()); }

$row = mysql_fetch_array ($result, MYSQL_NUM); 

?>

~Brett

dirkdetken

hi Brett

The problem is that the login values are being received in the database (screen print: www.red-media-design.com/database.htm) - but are not being accepted when coming to login.

So if u go to login (www.red-media-design.com/login.php) - enter a username and password present in the database (username: dirk p/w: coldplay) - the login is not accepting it saying that username and/or password are not registered.

This led me to think there maybe an issue with the arrival page once logged in - however a session call is present on the arrival page:

(if (isset($SESSION['first_name'])) {
echo ", {$SESSION['first_name']}!";

I'm obvioulsy missing something - just can't see what it is.

Grateful for any ideas.

thanx

Dirk

Rodney_H_

EDIT: It could be your redirect.

/*  SNIP */

// change this line..
header ("Location: http://www.red-media-design.com/client_page_test.php");
exit();

PS, you are using the same variable name for email and url in your register script/page.

<?php
if ($_POST['email']) {
$e = escape_data($_POST['email']);  /* "$e" for email */
} else {
$e = FALSE; 
echo '... ';
}


if ($_POST['url']) {
$e = escape_data($_POST['url']);     /* "$e" for url (should be "$url")  */
} else {
$e = FALSE;
echo '...';
}
?>