Jump to content
Larry Ullman's Book Forums

Recommended Posts

I built a login page from the model in this book, and for some reason, sometimes when I login it redirects me back to index.php and it doesn't log me in. Other times it logs me in just fine. Any idea what could be causing this? Here is my login page code.

 

<?php
$page_title = 'Login to your account';
include ('includes/header.html');
include ('includes/config.inc.php');
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
require (MYSQL);
$trimmed = array_map('trim', $_POST);
if (!empty($trimmed['Email']) && filter_var($trimmed['Email'], FILTER_VALIDATE_EMAIL)){
$e = mysqli_real_escape_string($dbc, $trimmed['Email']);
} else {
$e = FALSE;
echo '<p class="error">You forgot to enter your email address, or the email you entered is invalid.</p>';
}
if (!empty($trimmed['Pass'])){
$p = mysqli_real_escape_string($dbc, $trimmed['Pass']);
} else {
$p = FALSE;
echo '<p class="error">You forgot to enter your password, or the password you entered is invalid.</p>';
}
if ($e && $p){
$q = "SELECT UserID, Fname FROM users WHERE (Email='$e' AND Pass=SHA1('$p')) AND Active IS NULL";
$r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br /> Mysql Error:" . mysqli_error($dbc));
if (@mysqli_num_rows($r) == 1){
$_SESSION = mysqli_fetch_array($r, MYSQLI_ASSOC);
mysqli_free_result($r);
mysqli_close($dbc);
$url = BASE_URL . 'index.php';
ob_end_clean();
header("Location: $url");
exit();
} else {
echo '<p class="error">Either the username and password you entered do not match those we have on file, or you have not yet activated your account.</p>';
}
} else {
echo '<p class="error">Please Try Again</p>';
}
mysqli_close($dbc);
}
 
?>
<div class="text">
<h1>Login</h1>
<p>Your browser must allow cookies in order to log in.</p>
<form action="login.php" method="post">
<fieldset>
<p><b>Email: <input type="text" name="Email" /></b></p>
<p><b>Password: <input type="password" name="Pass" /></b></p>
<input type="submit" name="submit" value="Login!" />
</fieldset>
</form>
</div>
<? include ('includes/footer.html'); ?>

Share this post


Link to post
Share on other sites

I imagine that success versus failure is a result of the DB query.

Try running an email/password combo that works directly on the DB, and then run a combo that doesn't work directly on the DB, and see what happens.

Share this post


Link to post
Share on other sites

I am not exactly sure what mean, do I login with a known username and password combination that I know is in the database, and then try and login with a username password combo that doesn't exist in the db. I just tried that and it gave an error. when I login with a good username and password that exists sometimes it logs me in, and when it doesn't it doesn't give an error, it just redirects me back to the index page. 

Share this post


Link to post
Share on other sites

I mean, using the command line, phpMyAdmin, or whatever means you have for accessing the DB, do so, and then execute two different queries on the DB directly, checking the difference between the one that works and the one that doesn't.

Share this post


Link to post
Share on other sites

I tried the mysql query I am using in my login.php page and it works fine, it returns the data it should. It is SELECT UserID, Fname FROM users WHERE (Email='$e' AND Pass=SHA1('$p')) AND Active IS NULL

So I am guessing the problem isn't there. So where could the problem be.

Like I said I don't get an error message, it just redirects me back to index.php. Sometimes it takes 2 or 3 login attempts before it works.

Share this post


Link to post
Share on other sites

I would go through that process--print out query being executed, run it using phpMyAdmin--a few times just to confirm that it reliably always returns the right value. 

 

Next, I'd add echo lines to your code (from the handling login section on) to see what lines do get executed and what ones don't.

Share this post


Link to post
Share on other sites

Hi, exactly where do I put echo lines, on my login.php page? if it is on login.php, where on the page do I put them? And what do I echo out, would it be $_SESSION['UserID']

 

I just put an echo $_SESSION['UserID'] on my index.php page and tried to login. It gave me an error message saying UserID undefined index. So it looks like my session variable isn't getting set, the first time I try to login, it always takes about 2 or 3 attempts before I login successfully. What can I do to correct this. 

 

I checked on all my pages and the session_start() is at the top of every page except for the $page_title variable before it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...