User Authentication

jennifer_ann

Apparently what I am trying to do is way out of the scope of what I know. I have a form for register.php, signin.php, and forgottenpassword.php

What I need is when I put my username and password into my signin.php page, I need it to search through the database, make sure its valid, and then let me continue on to my Home page which is C:\Program Files\EasyPHP1-8\www\HomePage.htm. Can anyone help?

This is my signin.php

<html>

<head>
<title>Login to Mapleside</title>
<link rel="stylesheet" type="text/css" href="../pama.css">
</head>

<body>


<p align="center"><big><font color="#ff0000"><b>Login to Mapleside</b></font></big></p>

<form method="POST" name="FL" align="center">
  <input type="hidden" name="login" value="1"><p>&nbsp;</p>
  <div align="center"><center><table border="0" cellspacing="1" class="table-bg" width="250"
  cellpadding="3">
    <tr>
      <td align="center"><small></small></td>
    </tr>
    <tr>
      <td align="center" bgcolor="#FFFFFF" height="2"></td>
    </tr>

<tr align="center">
  <td align="center" class="table-bg-header"><b>LOGIN</b></td>
</tr>
<tr>
  <td align="center" bgcolor="#FFFFFF" height="2"><font size="2"><strong>Username</strong><br>
  <input TYPE="text" SIZE="26" NAME="username" maxlength="128" tabindex="1"
  value=""><br>
  <strong>Password</strong><br>

  <input TYPE="password" SIZE="15" NAME="password" maxlength="32" tabindex="2"
  value=""></font><br>
  <input type="button" onclick="javascript:document.location='get_details.php'"
  value="Login" name="login" class="button" tabindex="4"></small></td>
</tr>
<tr align="center">

  <td align="center" bgcolor="#FFFFFF" height="2"><small><small><a
  href="forgottenpassword.php">I forgot my password</a> | <a href="http://localhost/register.php">Register</a> </small></small></td>
</tr>
  </table>
  </center></div>
</form>
<script LANGUAGE="JavaScript"><!--

document.FL.username.focus();
document.onkeydown = post_form;

function post_form()
{
 if (event.keyCode == 13) send_details();
}

function send_details()
{
}

// --></script>

<p align="center"><strong><font color="#FF0000"><br>
Click the Login button to continue.<br>
</body>
</html>


<div align="center"><center>
<table border="0" width="100%" class="table-bg-footer" cellpadding="2" cellspacing="0">
  <tr>

  </tr>
  <tr><td bgcolor="#FFFFFF">
</td>
  </tr>
</table>
<br><br><br><br>
Back to main page: <a href="C:\Program Files\EasyPHP1-8\www\HomePage.htm">Mapleside Home Page</a>
</center></div>

</body>

</html>

And this is my login.php

<?php
//start out session
session_start();
//Include our configuration file
include ("config.php");
//Below checks to see if the post data is there if it is it sets it if it doesn't it doesn't.
$loginsubmit = isset($_POST["LoginSubmit"]) ? $_POST["LoginSubmit"] : '';

//first check to see if they have pressed the login button I edited it to check for $loginsubmit rather then a posted value.
if ($loginsubmit) //this will be the name of the button on the webpage
{

//connect to our database
mysql_connect("localhost","root","") or die (mysql_error());

//select our database
mysql_select_db("mapleside") or die (mysql_error());

//get and store our variables from the form
$Customer_UserName = $_POST["Customer_UserName"];
$Customer_Password = $_POST["Customer_Password"];
$LoginSubmit = $_POST["LoginSubmit"];


//grab everything in our database that relates to the user
$query = mysql_query ("SELECT * FROM customer WHERE Customer_UserName = '$Customer_UserName') or die (mysql_error());
$users = mysql_fetch_array ($query); // we use this because there is more than one file returning

//check the username and the password according to our database
if($Customer_Password != $users['Customer_Password'])
{
	echo "Password is incorrect, please try again"; //display error
	die (); // do nothing else
}
	elseif ($Customer_Password == $Customer_UserName['Customer_Password'])
{
	$_SESSION['loggedIn'] = true;
	$_SESSION['Customer_UserName'] = $Customer_UserName;
	$_SESSION['Customer_Password'] = $Customer_Password;
	echo "Logged in sucessfully.<br>";
	echo "<a href='http://localhost/signin.php?".SID."'>Please click here to continue</a>";
	}
}
else //create our form for loggin in
{
	//notice Mapleside is passing the session_id in when user hits login?
echo "
	<form action='login.php?".SID."' method='post' name='Mapleside'>
	Login Name: <input type='text' name='Customer_UserName' maxlength='25' size='15'><br>
	Login Password: <input type='password' name='Customer_Password' maxlength='25' size='15'><br>
	<input type='submit' name='LoginSubmit' value='Login'>
	<input type='reset' name='Reset' value='Reset'>
	</form>";

}
?>

On the login.php no matter what username and password I put in, it keeps telling me that Password is incorrect. I'm confused...very very confused.

Shrike

Are your usernames unique? You have a comment which suggests they aren't, in which case the call to mysql_fetch_array() will fetch the first row from the result set which matches the username, which might not be the one you expect.

Also the following line looks a bit suspicious

... ("SELECT * FROM customer WHERE Customer_UserName = '$Customer_UserName') ...

You have a double quote at the start and two single quotes at the end - should cause a parse error.

laserlight

elseif ($Customer_Password == $Customer_UserName['Customer_Password'])

The above code looks problematic. During development, keep error_reporting to E_ALL and display_errors to On.