Login form problems

code-a

So it looks like, thanks to the help here, I was able to debug the main errors in my scripts to remove syntax errors.

My second problem ended up being an internal server issue. I was receiving an error verifying user and password from my function script to the mysql database. Technical support was able to help me remedy the problem by creating a new password in phpmyadmin and inputting that new password into the functions.php file.

So thank all I can now see the form. Problem now, is that when I enter login info from the table in my database, the form doesn't do anything.


<?php

include 'functions.php';

if (loggedin())
{
   header("Location: profile.php");
   exit();
}

if ($_POST['login'])
{
 //get data
 $username = $_POST['username'];
 $password = $_POST['password'];
 $rememberme = $_POST ['rememberme'];

if ($username&&$password)
{

 $login = mysql_query("SELECT * FROM user WHERE username='$username'");
 while ($row = mysql_fetch_assoc($login))
 {

       $db_password = $row['password'];
       if (md5 ($password) ==$db_password)
          $loginok = TRUE;
       else
          $loginok = FALSE;

       if ($loginok==TRUE)
       {

          if ($rememberme=="on")
             setcookie("username", $username, time()+7200);
          else if ($rememberme=="")
               $_SESSION['username']=$username;

          header("Location: profile.php");
          exit();

       }
       else
           die("Incorrect username/password combination.");

  }
}
 else
     die("Please enter a username and password.");

}

?>



<form action="login.php" method="POST">
Username:<br />
<input type="text" name="username"><p />
Password:<br />
<input type="password" name="password"><p />

<input type="checkbox" name="rememberme"> Remember me<br />
<input type="submit" name="login" value="Log in"
</form>

darkangel2001lv

Here is complete Login php script, just edit where shown to your set up.

data base needs to have the following at min for this script to work as is

user_id ( the username)
password
level ( do you want them to have user access or Admin access)

Hope it helps you out.

Paste code before anything else on page

<?php require_once('your connection file'); ?> 

<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    

    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['myusername'])) {
  $loginUsername=$_POST['myusername'];
  $password=$_POST['mypassword'];
  $MM_fldUserAuthorization = "level";
  $MM_redirectLoginSuccess = "PAGE WHERE YOU WANT USER TO GO TO AFTER LOGIN";
  $MM_redirectLoginFailed = "PAGE WHERE YOU WANT USER TO GO IF LOGIN FAILS";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_Users, $Users);

  $LoginRS__query=sprintf("SELECT user_id, password, level FROM table name  WHERE user_id=%s AND password=%s",
  GetSQLValueString($loginUsername, "int"), GetSQLValueString($password, "text")); 

  $LoginRS = mysql_query($LoginRS__query, $Users) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {

$loginStrGroup  = mysql_result($LoginRS,0,'level');

if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;	      

if (isset($_SESSION['PrevUrl']) && false) {
  $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
}
header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

And the form You can format it any way you like just keep the base code intact

<form name="login" form action="<?php echo $loginFormAction; ?>" method="POST">
   <p>
     <label>
       <input name="myusername" type="text" value="Username" size="20" maxlength="40" />
     </label>
   </p>
   <p>
     <label>
       <input name="mypassword" type="password" value="Password" size="20" maxlength="20" />
     </label>
   </p>
   <p>
     <input type="submit" name="submit" id="submit" value="Submit" />
   </p>
</form>