Jump to content

Successful login variable not working


billperrotta

Recommended Posts

My login.php is pasted below. so I never get you are now logged in, even when i successfully register with register.php.

using this tut http://www.youtube.com/watch?v=qs7ekhdQ1Co&feature=related

 

 

<?php

 

session_start();

 

include ('mysql.php');

 

if (isset ($_POST['submit'])) {

$username = mysql_escape_string($_POST['username']);

$password = mysql_escape_string(sha1 ($_POST['password']));

 

if (!empty ($username) && !empty ($password)) {

$sql = mysql_query ("SELECT * FROM users

WHERE username ='" . $username . "' AND

user_password='" . $password . "' LIMIT 1");

 

if (mysql_num_rows ($sql) > 0)

{

$_SESSION['loggedin'] = true;

$_SESSION['username'] = $username;

echo 'you are now logged in!';

}

else

{

echo 'your username and/or password is incorrect!';

}

}

}

else

{

echo '<form action="login.php" method="post">

Username: <input type ="text" name="username" /><br />

Password: <input type="password" name="password" /><br />

<input type="submit" name="submit" value="login" />

</form>';

}

 

?>

Link to comment
Share on other sites

Check these to rule out some common mistakes:

 

when you register a user do you save the password encrypted using the sha1 encryption?

Is the mysql column where you are storing your encrypted password of the correct length, sha1 means that anything is encrypted to a 40 char long key. So if you have let say a column only storing 25 chars at a time you will be comparing a 40 char vs 25 char which will never become true.

 

Other than that I cannot see any other mistakes one could make.

Link to comment
Share on other sites

Check these to rule out some common mistakes:

 

when you register a user do you save the password encrypted using the sha1 encryption?

Is the mysql column where you are storing your encrypted password of the correct length, sha1 means that anything is encrypted to a 40 char long key. So if you have let say a column only storing 25 chars at a time you will be comparing a 40 char vs 25 char which will never become true.

 

Other than that I cannot see any other mistakes one could make.

 

I believe it is using sha1. Here is the tutorial i created it with http://www.youtube.com/watch?v=Kl6XcfkKle4&NR=1 How do I figure that out? I created the varchar fields as close to the tut as possible.

I could edit the column if I can figure out which one. My goal is to get this working so that I can create login functionality that I can reuse. Then go on to create a report uploading functionality for registered users.

Link to comment
Share on other sites

  • 2 weeks later...

I believe it is using sha1. Here is the tutorial i created it with http://www.youtube.com/watch?v=Kl6XcfkKle4&NR=1 How do I figure that out? I created the varchar fields as close to the tut as possible.

I could edit the column if I can figure out which one. My goal is to get this working so that I can create login functionality that I can reuse. Then go on to create a report uploading functionality for registered users.

 

Can you please clarify. I do not understand. I am new to this. I know I created a varchar field with the above tutorial.http://www.youtube.com/watch?v=Kl6XcfkKle4&NR=1

 

Can you see an error in the field size, Can you Explain how to correct it?

 

I just checked. the varchar length for the password is 40. Really need help I tried to follow tut to t. but still falling short.

 

Thanks. More specifically user id is auto increment, username is 30, user password is 40, user regdate int 11.

Link to comment
Share on other sites

Sounds like the field sizes are all correct.

 

So what is happening at the moment? You visit the page, enter your login details, click submit and...? The page refreshes and nothing happens? You get a "your username and/or password is incorrect" message?

 

If you are getting a "your username and/or password is incorrect" message, what is the password you are putting into the password field? And what value does the password column in your database hold? (no, they shouldn't match up, but the password in the database should match with the plain text password run through the sha1() function:

 

password in database = sha1(password entered in for)

 

And you have a row in your database with your user information, right? I haven't watched the video you are working with, but I'd imagine it should include values for username, password, etc.

Link to comment
Share on other sites

Sounds like the field sizes are all correct.

 

So what is happening at the moment? You visit the page, enter your login details, click submit and...? The page refreshes and nothing happens? You get a "your username and/or password is incorrect" message?

 

If you are getting a "your username and/or password is incorrect" message, what is the password you are putting into the password field? And what value does the password column in your database hold? (no, they shouldn't match up, but the password in the database should match with the plain text password run through the sha1() function:

 

password in database = sha1(password entered in for)

 

And you have a row in your database with your user information, right? I haven't watched the video you are working with, but I'd imagine it should include values for username, password, etc.

was usising hal0mods. will try a dictionary word see if that works. No good same difference. could a zero throw it off? yes username/password incorrect message. here is my login.php below

 

<?php

 

session_start();

 

include ('mysql.php');

 

if (isset ($_POST['submit'])) {

$username = mysql_escape_string($_POST['username']);

$password = mysql_escape_string(sha1 ($_POST['password']));

 

if (!empty ($username) && !empty ($password)) {

$sql = mysql_query ("SELECT * FROM users

WHERE username ='" . $username . "' AND

user_password='" . $password . "' LIMIT 1");

 

if (mysql_num_rows ($sql) > 0)

{

$_SESSION['loggedin'] = true;

$_SESSION['username'] = $username;

echo 'you are now logged in!';

}

else

{

echo 'your username and/or password is incorrect!';

}

}

}

else

{

echo '<form action="login.php" method="post">

Username: <input type ="text" name="username" /><br />

Password: <input type="password" name="password" /><br />

<input type="submit" name="submit" value="login" />

</form>';

}

 

?>

Link to comment
Share on other sites

OK, if you are using "hal0mods" as your password, it should show up as "b27aef71192824a3529075e4d7152f2c7d2a5faf" in the database.

 

According to the query,

 

SELECT * FROM users WHERE username ='" . $username . "' AND user_password='" . $password . "' LIMIT 1

 

It's checking the database for a record in the "users" table where the username is whatever is put in the username field, and the password is "b27aef71192824a3529075e4d7152f2c7d2a5faf" (the password "hal0mods" run through the sha1() function).

 

Have you double checked the database? Do you have a record in the "users" table that includes your username (the same as the one you are entering in the form) and the "b27aef71192824a3529075e4d7152f2c7d2a5faf" password?

 

The code you are using looks fine. If you are getting a user not found error, that's because the record for that particular user/password isn't found in the database.

Link to comment
Share on other sites

" I have no idea how to view the username through the sha1 function. All I know is that I can view the database through php myadmin on oneandone's website.

It is a username not correct error. I also have no idea how to view usernames that have been added to the database" Suggestions are appreciated. I also have no idea how to view it from the linux command line either" :huh:

 

The Database is in Mysql

Link to comment
Share on other sites

OK, here's a quick screencast that may help (3 minutes - quicktime file): http://www.falkencre...forum/login.mov

 

I briefly cover how to check your database to see if there are users present / how to find the user password, and how to figure out what your password will be when run through the sha1() function.

 

here's the code from the video for that for that:

 

<?php
echo sha1("anothertest");
?> 

 

I also have no idea how to view it from the linux command line either

Shouldn't be any need for that if you can view it through your host's website. It can be done, you'd just need to do some research to figure it out, it's not something I haven't done in a while and I'm not sure of the exact commands.

 

If you have any questions let me know. Hopefully it will help you figure out the issue.

 

One other point... Stefan has a couple videos covering PHPMyAdmin that you might want to look at: http://killerphp.com/mysql/videos/

Link to comment
Share on other sites

OK, here's a quick screencast that may help (3 minutes - quicktime file): http://www.falkencre...forum/login.mov

 

I briefly cover how to check your database to see if there are users present / how to find the user password, and how to figure out what your password will be when run through the sha1() function.

 

here's the code from the video for that for that:

 

<?php
echo sha1("anothertest");
?> 

 

 

Shouldn't be any need for that if you can view it through your host's website. It can be done, you'd just need to do some research to figure it out, it's not something I haven't done in a while and I'm not sure of the exact commands.

 

If you have any questions let me know. Hopefully it will help you figure out the issue.

 

One other point... Stefan has a couple videos covering PHPMyAdmin that you might want to look at: http://killerphp.com/mysql/videos/

 

the users names are not showing up see image no%20usernames.jpeg The server name database name then table name.

 

What should I check next? :(

Link to comment
Share on other sites

If you have no users in your database, your login won't work. Perhaps your register functionality isn't working -- according to your screenshot it seems like records aren't getting inserted properly. I'll post back later tonight when I have more time -- I have to run at the moment.

 

Can you post the code you are using for your register page?

Link to comment
Share on other sites

On second thought, the screenshot you posted doesn't actually show if you have/don't have records in that table... it's just showing the details for the username column in the table.

 

Look, this is taking way longer than is necessary. We could do this, passing posts back and forth and trying to get to the bottom of things, or if you PM me your login details for PHPMyAdmin I can take a look directly. It will probably be way faster for me to look directly, and I can put together a very quick screenscast for you showing what I am doing so you know for future reference.

 

If you're not comfortable with that, no worries, I'll try to help you out as best I can here.

Link to comment
Share on other sites

Also here is my register.php below

 

 

<?php

 

include ('mysql.php');

 

if (isset ($_POST['submit'])) {

$username = mysql_escape_string($_POST['username']);

$password = mysql_escape_string(sha1($_POST['password']));

 

if (!empty ($username) && !empty ($password)) {

$sql = mysql_query("INSERT INTO users (user_id, username, user_regdate)

 

Values (0,$username,$password,time()");

 

 

echo 'you are now registered!';

}else{

echo 'you must enter a username and a password!';

}

}else{

echo '<form action="register.php" method="post">

Username: <input type="text" name="username" /><br />

Password: <input type="password" name="password" /><br />

<input type="submit" name="submit" value="Register" />

</form>';

 

}

 

?>

Link to comment
Share on other sites

Based on your code above, I think your sql query to insert new users into the database is wrong:

 

$sql = mysql_query("INSERT INTO users (user_id, username, user_regdate) Values (0,$username,$password,time()");

 

Notice that the first part of the insert inserts three items (user_id, username, user_regdate) while the last part inserts four items (0,$username,$password,time()). My educated guess is that there is an error there. It probably needs to be something like:

 

$sql = mysql_query("INSERT INTO users (username, user_password, user_regdate) Values ($username,$password,time()");

 

You don't have to include user_id, since that will auto-increment automatically for you, but you do need to make sure you are inserting the password in the correct field. I would go back to whatever video you are using to help you make this, and double check what code they are using. I can just about guarantee that their code and your code won't match up.

 

If you have no data in your users table, or data in wrong columns, this will prevent you from logging in, since the database query you use to check if the username/password fields are in the database will always return 0 results, preventing you from logging in.

 

To double check this... If you can't access the browse tab (why, I'm not sure -- seems like a pretty important piece of functionality for the host to disable) try using this script instead:

 

Create a new .php file, copy the below code into it, update the database connection database with your own details (db username, password, correct db table etc -- I imagine you have these details in your mysql.php file) and then upload to the server and view the file. This file will display all of your data in the database table that you specify in $table, or if there is nothing there, a "nothing in table!" message.

 

My guess is that it will display "nothing in table!", or possibly data that is in the wrong location (password data in the user_regdate field?)

 

<?php

// Database Variables
$server = 'localhost';
$user = 'root';
$pass = 'root';
$db = 'databasetest';
$table = 'users';

// Connect to Database
$connection = mysql_connect($server, $user, $pass) or die ("Could not connect to server ... \n" . mysql_error ());
mysql_select_db($db) or die ("Could not connect to database ... \n" . mysql_error ());

?>

<style type="text/css">
td { border:1px solid #000; padding: 10px; }
table { border-collapse: collapse; }
</style>

<?php
$result = mysql_query("SELECT * from $table");

if (mysql_num_rows($result) > 0)
{
// display data in table
echo "<table>";
while ($field=mysql_fetch_field($result)) 
{
	echo "<th style='text-align:left'>";
	echo "$field->name";
	echo "</th>";
}
echo "</tr>";

while ($row = mysql_fetch_row($result)) 
{
	echo "<tr>";
	for ($i=0; $i<mysql_num_fields($result); $i++) 
	{
		echo "<td>";
		echo "$row[$i]";
		echo "</td>";
	}
	echo "</tr>\n";
}
echo "</table>";
}
else
{
echo "nothing in table!";
}

?>

Link to comment
Share on other sites

When i paste your php test file.

getting this " Could not connect to server ... Unknown MySQL server host 'db319013537' (1)"

 

Here is the file you told me to create pasted below, copied straight from an ssh session. maybe I'm doing something wrong

see below.

 

<?php

 

// Database Variables

$server = 'xx';

$user = 'xx';

$pass = 'xx';

$db = 'xx';

$table = 'users';

 

// Connect to Database

$connection = mysql_connect($db, $user, $pass) or die ("Could not connect to server ... \n" . mysql_error ());

mysql_select_db($db) or die ("Could not connect to database ... \n" . mysql_error ());

 

?>

 

<style type="text/css">

td { border:1px solid #000; padding: 10px; }

table { border-collapse: collapse; }

</style>

 

<?php

$result = mysql_query("SELECT * from $table");

 

if (mysql_num_rows($result) > 0)

{

// display data in table

echo "<table>";

while ($field=mysql_fetch_field($result))

{

echo "<th style='text-align:left'>";

echo "$field->name";

echo "</th>";

}

echo "</tr>";

 

while ($row = mysql_fetch_row($result))

{

echo "<tr>";

for ($i=0; $i<mysql_num_fields($result); $i++)

{

echo "<td>";

echo "$row[$i]";

echo "</td>";

}

echo "</tr>\n";

}

echo "</tr>\n";

}

echo "</table>";

}

else

{

echo "nothing in table!";

}

 

?>

Edited by falkencreative
Link to comment
Share on other sites

I deleted your database details above -- you don't want that information being available to anyone who comes along and views this forum.

 

I'm not sure how/why this changed, but you'll notice that my connection string includes the $server variable, but your code includes the $db server.

 

Mine:

// Connect to Database

$connection = mysql_connect($server, $user, $pass) or die ("Could not connect to server ... \n" . mysql_error ());

 

Yours:

// Connect to Database

$connection = mysql_connect($db, $user, $pass) or die ("Could not connect to server ... \n" . mysql_error ());

 

Your error message is telling you that exact thing -- that there's an unknown server host, which means that either your connection string is wrong or you are inputting the wrong database/server details.

Link to comment
Share on other sites

Maybe I should change the server name to gotabeef2.com instead of the server name that the database is giving me?

No, that won't work.

 

If you are still getting errors saying "Access denied for user 'xxxxx'@'xxxxxx'" that means that your database username or password is incorrect. How are you connecting to your database in your mysql.php script? You should be able to use the exact same details?

Link to comment
Share on other sites

OK, that means that your login isn't working because you don't have any users in your users table -- meaning that your registration page has an error. Take a look at the change I suggested for the register PHP page (specifically the lines of code where you add the new user to the database), and see if that fixes things.

 

Once you are no longer getting "nothing in table", and your register PHP page is working, then try out the login functionality again.

Link to comment
Share on other sites

 

No good. Here is the error "Parse error: syntax error, unexpected T_STRING, expecting T_VARIABLE or '$' in /homepages/21/d176117763/htdocs/register.php on line 8"

 

new register.php pasted below

 

 

<?php

 

include ('mysql.php');

 

if (isset ($_POST['submit'])) {

$username = mysql_escape_string($_POST['username']);

$

password = mysql_escape_string(sha1($_POST['password']));

 

if (!empty ($username) && !empty ($password)) {

$sql = mysql_query("INSERT INTO users (username, user_password, user_regdate)

 

Values ($username,$password,time()");

 

 

echo 'you are now registered!';

}else{

echo 'you must enter a username and a password!';

}

}else{

echo '<form action="register.php" method="post">

Username: <input type="text" name="username" /><br />

Password: <input type="password" name="password" /><br />

<input type="submit" name="submit" value="Register" />

</form>';

 

}

 

?>

Link to comment
Share on other sites

You've added an unnecessary line between "{:content:}quot; and "password".

 

$
password = mysql_escape_string(sha1($_POST['password']));

 

When you hit an error like this, usually the error message is pretty good at describing the issue, and it specifies the line number so it's easier to track things down. Line 8 was the start of "password = ..." so that is the first place to look for an error.

 

You might want to take a look at the link I posted in the PHP forum: http://www.killersit...-debugging-php/

Link to comment
Share on other sites

I corrected it moved the dollar sign down to line 8.

The register.php appears again, but login.php still says username is incorrect all the time.

The test file still says no users in database.

 

here is login.php pasted below.

 

<?php

 

session_start();

 

include ('mysql.php');

 

if (isset ($_POST['submit'])) {

$username = mysql_escape_string($_POST['username']);

$password = mysql_escape_string(sha1 ($_POST['password']));

 

if (!empty ($username) && !empty ($password)) {

$sql = mysql_query ("SELECT * FROM users

WHERE username ='" . $username . "' AND

user_password='" . $password . "' LIMIT 1");

 

if (mysql_num_rows ($sql) > 0)

{

$_SESSION['loggedin'] = true;

$_SESSION['username'] = $username;

echo 'you are now logged in!';

}

else

{

echo 'your username and/or password is incorrect!';

}

}

}

else

{

echo '<form action="login.php" method="post">

Username: <input type ="text" name="username" /><br />

Password: <input type="password" name="password" /><br />

<input type="submit" name="submit" value="login" />

</form>';

}

 

?>

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...