Login help needed

Staggy11

I am in the process of building a membership system. However, logging in is proving to be impossible, and even the correct password and username combo are denied. I think I have the problem narrowed down to a single 'if' statement, but cannot tell what is wrong with it. Here it is:

$get_user = mysql_query("SELECT * FROM `pet_game` WHERE 'username' = '".$_POST['username']."' AND 'user_password' = '".md5($_POST['password'])."'");
$q = mysql_fetch_object($get_user);
    if($q==FALSE) 
     {die("Login Failure: An error occured, please verify your username and password are correct.");}
    else 
     { header("Location: http://staggy11.byethost3.com/home.php"); }

Its probably a simple mistake, but can anyone see the problem, or have any idea as to what it could be?

Houdini

Why

$q = mysql_fetch_object($get_user);

Possibly use

$q = mysql_fetch_array($get_user);

Staggy11

No, it still returns that my username/password is wrong.

OOP

try this

$get_user = mysql_query("SELECT * FROM `pet_game` WHERE 'username' = '".$_POST['username']."' AND 'user_password' = '".md5($_POST['password'])."'"); 
$q = mysql_num_rows($get_user); 
    if($q > 0) 
     {die("Login Failure: An error occured, please verify your username and password are correct.");} 
    else 
     { header("Location: http://staggy11.byethost3.com/home.php"); }

Staggy11

It works now. Thanks OOP and Houdini!

Staggy11

Sorry for the double post, but I didnt think that this merited a new topic.

My sessions do not seem to be working. Data is not saved from page to page. My login page is supposed to create a session, and another page is supposed to open the session, look at who is currently logged in, then open a MySQL table accordingly. However, this doesnt happen.

Here is the login page code again:

<? include 'rg_off.php';
session_start();
include 'login_check.php';
include 'links_main.php';
include 'table_main.php'; 

 ob_start();
require_once($_SERVER['DOCUMENT_ROOT'].'/db.php'); 

if(isset($_SESSION['username']) && isset($_SESSION['password'])) {
       //REDIRECT TO USERS PROFILE...
	   header("Location: http://staggy11.byethost3.com/game/home.php");
} //end if logged in

//IF SUBMIT BUTTON PRESSED
if(isset($_POST['submit'])) {

   if(!$_POST['username']) die("Error: You must enter your username before logging in.");
   if(!$_POST['password']) die("Error: You must enter your password before logging in.");

 //set cookie if checked
   if(!empty($_POST['stay_in'])) {  

         $joined =''.$_POST['username'].'[]'.md5($_POST['password']).'';
         setcookie('login_cookie', $joined, 2147483647, '/', 'http://staggy11.byethost3.com');   

    } //end if

//verify user...
$get_user = mysql_query("SELECT * FROM `pet_game` WHERE 'username' = '".$_POST['username']."' AND 'user_password' = '".md5($_POST['password'])."'"); 
$q = mysql_num_rows($get_user); 
    if($q > 0) 
     {die("Login Failure: An error occured, please verify your username and password are correct.");} 
    else 
     { header("Location: http://staggy11.byethost3.com/home.php"); } 
//set session variables 

$_SESSION['logged_in'] = 1;
$_SESSION['username'] = $_POST['username']; 
$_SESSION['password'] = $_POST['password']; 


header("Location: http://staggy11.byethost3.com/home.php");

} else {
//show login form
?>
<form name="login" method="post" action="<? $_SERVER['PHP_SELF']; ?>" >
<table align="center">
<tr>
  <td>Username:<input type="text" id="username" name="username"></td>
</tr>
<tr>
  <td align=right>Password:<input type="password" id="password" name="password"></td>
</tr>
<tr>
<td>Remember me? <input type="checkbox" name="stay_in[]" checked="yes"></td>
</tr>
<tr>
  <td align="center"><br><input type="submit" value="Submit" name="submit" id="submit" align="center"></td>
</tr>
</table>
</form>
<?
}//end else

if($_SESSION['logged_in'] != 1)
{  echo 'Logged in not working.';}
else
 { echo 'Logged in working.';}

if($_SESSION['username'] =="")
 { echo 'Username not working.';}
else
{  echo 'Username working.';}

if($_SESSION['password'] =="")
 { echo 'Password not working.';}
else
{  echo 'Password working.';}
include 'bottom_table.php'; ?>

And here is the target page:

<? include 'rg_off.php'; 
 session_start(); 

$user_info = mysql_query("SELECT * FROM `pet_game` WHERE 'username' = '".$_SESSION['username']."'");  

$q = mysql_fetch_object($get_user); 
$name = "$q->username";
$pet_name = "$q->pet_name";
$money = "$q->credits"   ;
?>


<table cellpadding="5" cellspacing="10">
<tr>
<td width="1019" style="border: 1px solid #0066CC;" align="center">
Player name: <? echo $name; ?> ||
Pet name: <? echo $pet_name; ?> ||
Money: <? echo $money; ?>g ||
<a href='stats.php'>Player Stats</a>
</td>
</tr>
</table>

<? if($_SESSION['logged_in'] != 1)
  echo 'Not working'; ?>

</body>
</html>

Dose anyone know where I am going wrong?

Houdini

First off dont write with single line php scripts and then immediately open them again

<? include 'rg_off.php'; ?>
<? session_start(); ?>
<? include 'login_check.php'; ?>
<? include 'links_main.php'; ?>
<? include 'table_main.php'; ?>
<?

Change it to this

<? include 'rg_off.php'; 
session_start(); 
include 'login_check.php';
include 'links_main.php'; 
include 'table_main.php';

Where do the values for this come from?

if(isset($_SESSION['username']) && isset($_SESSION['password'])) {

Change this also

<? if($SESSION['logged_in'] != 1)
echo 'Logged in not working.'; ?>
<? if($SESSION['username'] =="")
echo 'Username not working.'; ?>
<? if($_SESSION['password'] =="")
echo 'Password not working.'; ?>

<? include 'bottom_table.php'; ?>

to this

}//end else
if($_SESSION['logged_in'] != 1)
  echo 'Logged in not working.'; 
if($_SESSION['username'] =="")
  echo 'Username not working.'; 
if($_SESSION['password'] =="")
  echo 'Password not working.'; 
include 'bottom_table.php'; ?>

Staggy11

The $SESSION['username'] and $SESSION['password'] are set further down the code, as the login form is submitted to the same page that it is on.

mrbill501

I've got one working. It uses an include form with the login boxes on. The form action is set to the page with this code in if thats any help?

$sql = "SELECT log_name FROM tbl_user
WHERE log_name='$_POST[fusername]'";
$result = mysql_query($sql)
or die ("Could not execute query1");
$num = mysql_num_rows($result);
if ($num == 1) { //login name exists
$sql = "SELECT log_name FROM tbl_user
WHERE log_name='$_POST[fusername]'
AND password='$_POST[fpassword]'";
$result2 = mysql_query($sql) or die ("Could not carry out SQL");
$num2 = mysql_num_rows($result2);
if ($num2 > 0) //password is correct
{
$_SESSION['auth']="yes";
$logname=$_POST['fusername'];
$_SESSION['logname'] = $logname;
$logdate = date("Y-m-d H:i:s");
$sql = "INSERT INTO tbl_login (log_name, logdate)
VALUES ('$logname','$logdate')";
mysql_query($sql);
//or die ("Could not execute query2");
header("Location: my_account.php");
} else { //password is wrong
unset($_GET['do']);
$message="The password entered was incorrect, please try again";
include("login_form.inc");
}
} elseif ($num ==0) { //login name is wrong
unset($_GET['do']);
$message = "The login name entered was incorrect, please try again";
include("login_form.inc");
}
break;
default: include("login_form.inc");
}

Staggy11

Thanks. I've decided to go through and completely re-do the code, but that could be difficult, as I have exams this week.

However, I currently have a free lunch hour, so I'll see what progress I can make.