Rob_On_LU_Forum Posted February 10, 2013 Share Posted February 10, 2013 Good evening, Thank you in advance for reviewing my question regarding Part Two: Selling Virtual Products. I have completed Chapter 1 through 4 and my local site appears to be working correctly except for an important portion of these exercises, logging and logging out. I am able to create new users using the register.php page, and I can verify the new user is added by using phpmyadmin. All the links and the css style is being applied correctly to pages and the navigation links work correctly. However I can enter any characters in the Email Address and Password fields from the login side bar form, and after clicking submit I receive no error reports and the page is redirected to index.php, which is correct. But it does not appear there is actually a logged in user. So I am searching for what I have missed and thought perhaps Chapter 5 or beyond would introduce additional code that "enables" the validation for logging in registered users. But after starting Chapter 5, I believe I am missing something. If this question is too opened ended, I completely understand. I was thinking that this might be an issue with function redirect_invalid_user so I manually changed a user to Admin using myphpadmin, and added the session_regenerate_id code that Larry comments on at the end of Chapter 4. But for some reason it does not matter what characters are entered in the Email Address and Password fields as none of the expected text and pages are generated when these bogus entries are made. I will continue to search for my solution. I am enjoying the book and I am finding that it is a very effect learning tool. Thanks again, Rob Link to comment Share on other sites More sharing options...
Jaepee Posted February 10, 2013 Share Posted February 10, 2013 Hello Rob! Do you have any code that we can see? So we can give it a look see! jp Link to comment Share on other sites More sharing options...
Antonio Conte Posted February 10, 2013 Share Posted February 10, 2013 Generally, your code needs to go through these steps for a sucessful login: 1. Submitting a username and password. - Make sure you are actually getting these values into your script. Apply simple debugging like using echo on the variables. 2. Encryption of password. - This can be done in both PHP and within the database query. Make sure your password is getting encrypted correctly. 3. Validation against records in the Database - Make sure your find a user with this method. Also debug the query by printing it out, and check if it works manually yourself in phpMyAdmin or similar. Make sure the values you add into the query (username and encrypted password) looks correct. 4. Sessions - Make sure you have started a session on all pages that depends on sessions values. 5. Check logic for session validation - Make sure your checks for sessions values are correct. Does it store the correct values you need? Are your checks written properly. Simply trying to echo this info to screen, and checking logic routing (what kind of if/else the logic follows) will take you a long way. These are general suggestions that should make you able to solve your problem. If it's not enough, we need to see some of your code. 1 Link to comment Share on other sites More sharing options...
Rob_On_LU_Forum Posted February 10, 2013 Author Share Posted February 10, 2013 Thanks you guys. I will go through Antonio's suggestions and find the root cause. Once I find my issue, I will update this post. Thanks again, Rob Link to comment Share on other sites More sharing options...
costaM Posted September 27, 2013 Share Posted September 27, 2013 Dear, I have almost the same issue for loggin and redirecting user login to personalized page like welcom.php. I had a problem with sh256 algorithm, but since I put sh1 it works. My issue is to redirect a user to welcom.php page and protect the page to allow only logged user. The following are the code: <?php require ('./includes/config.inc.php'); //This is the registration page for the site.Require the configuration before any PHP code as the configuration controls error reporting: $page_title = 'Connect au Cop.com'; //Registration title name include ('./includes/headreg.html'); // Include the header file: require (MYSQL); // Require the database connection require ('./includes/form_functions.inc.php'); // Require function to handle the form input boxes $login_errors = array(); // Check for a login form submission: if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $em= mysqli_real_escape_string ($dbc, $_POST['email']); } else { $login_errors['email'] = '<font color="red">Tape un email valide!</font>'; } //Check first if the password is empty before querying db if (!empty($_POST['pass']) ) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $login_errors['email'] = '<font color="red">Tape un mot de passe!</font>'; } if (empty($login_errors)){ //No errors, then query the db // Make sure the email address is available: $q = "SELECT Id, fname FROM customer WHERE (email = '$em' AND password='" .get_password_hash($p). "')"; // Get the number of rows returned: $r = mysqli_query($dbc, $q); if(mysqli_num_rows($r)== 1 ) { $row = mysqli_fetch_array($r, MYSQLI_NUM); $_SESSION['user_id'] = $row[0]; $_SESSION['Fname'] = $row[1]; THe issue is here: HOW TO REDIRECT THE USER to welcom.php and keep it from unloggin user? See what I did, but I am not satisfied with it. include('./includes/welcom.php'); //include('./includes/footreg.html'); exit(); } else { // IF no rows, data don not match, send a error message and don not reveal what is wrong $login_errors = 'Adresse email ou mot de passe incorrect. Veuillez refaire.'; } } } ?> <div class="logoimg1"><img src="./products/cophma1.jpg" width="115" height="44" alt="cophma log" /></div> <div class="logoimg2"><img src="./products/com.gif" width="66" height="20" alt="cophma log1" /></div> <div class="logoimg3"><img src="./products/pharm.gif" width="155" height="23" alt="cophma log2" /></div> </div> <!-- Help on registration and login pages --> <div class='regist_form_help'><a href='regist.php'>Nouveau!</a> | <a href='forgot.php'>Mot de passe oublie</a> | <a href='index.php'>Accueil</a></div> <div class="errorDiv"></div><!-- login form page --><div class="login_form"> <form action ="login.php" method="post" accept-charset="utf-8"> <fieldset> <legend><font color='#000' size='4.2px'>Connexion au Cophma.com!</font></legend> <!-- Display a errors message on top of the form if value not found in db--> <p><?php if(array_key_exists('login', $login_errors)) { echo '<span class="error">'.$login_errors['login'].'</span><br />'; } ?> <label for="email"><strong>Mon addresse Email est:</strong></label><br /> <?php create_form_input('email', 'text', $login_errors); ?><br /> <label for="pass"><strong>Mon mot de passe est:</strong></label><br /> <?php create_form_input('pass', 'password', $login_errors); ?> <a href="forgot.php" align="right">Oublié le mot de passe?</a><br /><br /><br /> <input type="submit" value="Connexion au Cophma" /> </p> </fieldset> </form></div> Help! Link to comment Share on other sites More sharing options...
costaM Posted September 27, 2013 Share Posted September 27, 2013 In Logging In sub subject, there is a reference of login.php on index.php page, this is the one: If ($_SERVER['REQUEST_METHOD']) == 'POST') { include ('includes/login.php'); } I don't see this page developed in Chapiter 4. Is it developed in the following Chapiters? or is the bad reference? Yours; Link to comment Share on other sites More sharing options...
Larry Posted September 27, 2013 Share Posted September 27, 2013 You can't redirect where you are because you've already included the header. You can either move the header include later in the script or use output buffering. In Chapter 4, you create login.inc.php, which does the login procedure. Link to comment Share on other sites More sharing options...
Antonio Conte Posted September 27, 2013 Share Posted September 27, 2013 A good technique you can pick up from the MVC pattern is how you should structure your code. When I program procedurally, I generally never include HTML before the end of the document. That way, you can keep logic and the rending of HTML separate. You can try to make your program follow these steps: 1. Include/require all the libraries, files with functions, etc you need. 2. Call functions and save their results to variables 3. Determine what "view" (i.e login error view or successful user dashboard) 4. Include (render) the views for the page. <?php // 1. Require needed files require ('./includes/config.inc.php'); require (MYSQL); require ('./includes/form_functions.inc.php'); // (1.1) Include the SQL login logic as a "Model function" instead of placing logic here require './models/authenticate.php'; // 2. Make function instead of walls of code (Notice the $dbc database variable) $login_errors = performAuthentification($dbc, $_POST['email'], $_POST['password']); // 3. Set data prior to rendering views $page_title = 'Connect au Cop.com'; //Registration title name // 4. Check which view to render $load_view = ( empty ($login_errors) ) ? 'views/user/dashboard.php' : 'views/errors/login_failed.php'; // 5. Render view files: include './includes/header.php'; include $load_view; include './includes/footer.php'; Link to comment Share on other sites More sharing options...
costaM Posted September 29, 2013 Share Posted September 29, 2013 Thank you. I will follow the instructions and send to you a feedback. Link to comment Share on other sites More sharing options...
Recommended Posts