login to check registrations

dickie_doodle

Hi there. I am somewhat of a newbie when it comes to php and mysql, so forgive me if I seem like an idiot..lol..

I made an online registration form for people to register for a workshop and it worked when I tested it...that is, the data went into the database.

However, I have a login page where an authorized user can check the database for registrants online, that is causing me some headaches. I can't seem to get the user to authenticate properly to check the registrations online.

I will post my code for the authorized user to login, in hopes that someone can spot my error for me.

Thanks..

<?php
session_start(); // must be called before anything is output to the browser

include("dbcon.php");

$username = $POST[username];
$password = $POST[password];

$error = $_GET[error];

if (($username && $password)!=null){
$userenc = md5($username);
$passenc = md5($password);
}

?>
<?php

if ($userenc && $passenc) {
$user_data = mysql_fetch_array(mysql_query("select infoid, username, password from infoLogin where username='$userenc' and
password='$passenc'"));
if ($user_data[infoid] > 0) {
header("Location: info.php");
echo "login successful";
$SESSION['loggedin'] = yes;
$SESSION['username'] = $username;
$_SESSION['password'] = $password;
} else { $login_error= true;
$error = "Login failed. Please check username and password.";

}
}

?>
<html>
<head>
<title>Administrative Login</title>
</head>
<body bgcolor=#000000>

<table align=center cellspacing=0 cellpadding=0>
<tr><td colspan=2 align=center bgcolor=#6699CC width=300><b>Info Fair 2008 Admin Login</b></td></tr>
<tr bgcolor=#FFFFFF height=30><td align=right width=100><b>Username:</b></td><td align=center><input type=text name=username size=15></td></tr>
<tr bgcolor=#FFFFFF height=30><td align=right width=100><b>Password:</b></td><td align=center><input type=password
name=password size=15></td></tr>
<tr><td align=center colspan=2 bgcolor=#6699CC><input type=submit value=Login></td></tr>
</table>

</form>
<center>
<font color=white><?php echo $error; ?></font>
</center>

</body>
</html>

the other bit of code that goes with that is ....

<?php

{

include ("dbcon.php");

$var= $GET["var"];
$var2= $GET["var2"];
$user = ['username'];

$connection = mysql_connect($db_host,$db_user,$db_pass);

If (!(mysql_select_db ($db_name,$connection))) {
echo "Could not connect to the database";
}
// a query to select all of the registrant data.
$query = "SELECT * FROM inforeg";
$queryConn = mysql_query($query, $connection) or die("Query failed : " . mysql_error());
$data = mysql_fetch_object($queryConn);
$rowCount = mysql_num_rows($queryConn);
$count = 0;
$colorDex=0;

if ($var!=infoprint){
echo '<a href="logout.php">Log out</a>';
echo '<br><br>';
echo "<b>Welcome $user</b>";
echo '<br>';
echo "<p><font size=\"5\">Online Registrants for the Baccalieu Trail Youth Employment Centre's Info Fair 2008:</font></p>";
}

if ($var==infoprint){
echo '<p><font size="5">BTYEC Info Fair<br />November 30 - December 1, 2007';
echo '<br/>Online Registrant';
echo '</font><br/><br/>';

}

if ($var==details){

$id = $_GET['id'];

// a query to select all of the registrant data.
$query = "SELECT * FROM inforeg where regId=$id";
$queryConn = mysql_query($query, $connection) or die("Query failed : " . mysql_error());
$data = mysql_fetch_object($queryConn);
$rowCount = mysql_num_rows($queryConn);
$count = 0;

IF ($data ==null){
echo 'There are no registrants registered online.';
}

IF ($user!="infoadmin"){
echo '<table>';
echo "<tr><td><a href=\"info.php?var=infomod&id=$id\">Modify</a></td><td>&nbsp; | &nbsp;</td><td><a href=\"info.php?var=infodel&id=$id\">Delete</a></td><td>&nbsp; | &nbsp;</td><td><a href=\"info.php?var=infoprint&id=$id\" target=new>Print View</a></td></tr></table>";
echo "<br>";
}
echo "<hr height=1 width=400 align=left color=black>";

echo '<table>';

then, the table is supposed to show the data...but I can't seem to get past the login page......I just get the message saying the login failed....
Please help!

arty56

dickie_doodle wrote:
if ($user_data[infoid] > 0) {
header("Location: info.php");
echo "login successful";
$SESSION['loggedin'] = yes;
$SESSION['username'] = $username;
$_SESSION['password'] = $password;
} else { $login_error= true;
$error = "Login failed. Please check username and password.";

before doing to much else

change where your header("Location: info.php"); is to:

<?php
ob_start();// needed because you are using a header re-direct. Stops php header error
if ($userenc && $passenc) {
$user_data = mysql_fetch_array(mysql_query("select infoid, username, password from infoLogin where username='$userenc' and
password='$passenc'"));
   if ($user_data[infoid] > 0) {
   echo "login successful";
   $_SESSION['loggedin'] = yes;
   $_SESSION['username'] = $username;
   $_SESSION['password'] = $password;
   } 
   else 
   { 
   $login_error= true;
   $error = "Login failed. Please check username and password.";
   exit();// stops rest of script/page being run or shown
   //add your footer information here
   }
header("Location: info.php");
ob_end_flush(); // ends the flush.
}
?>

Because you are sending people to the info.php before the rest of the script is run.

So it's not even getting a chance to perform the login.

Arty

dickie_doodle

Well, now I don't get the failed login error...I just get a blank screen. I tried turning on the error notices in php.ini, but to no avail. I tried viewing the source of the blank page but it has nothing there.
Any ideas?

dickie_doodle

Never mind...found what was causing my blank screen. Fixed the bit of code, and now it works. Thanks!

dickie_doodle

fixed!