dnabbrocks Posted January 25, 2012 Share Posted January 25, 2012 Hello. I've been over this a million times but can't figure out what the problem is. I've been trying to get this to work but every time I try to login it tells me the username and password don't match those on file. However, I know that they are in because I've created a register script that works and they are in my database. Any help would be GREATLY appreciated. Thanks in advance. Login: <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Need two helper files: require ('includes/login_functions.php'); require ('../mysql_connect.php'); //Select Database: mysql_select_db(UDB_NAME, $dbc) OR die("Could not select the database: " . UDB_NAME . " " . mysql_error() ); // Check the login: list ($check, $data) = check_login($dbc, $_POST['email_address'], $_POST['user_password']); if ($check) { // OK! // Set the session data: session_start(); $_SESSION['user_id'] = $data['user_id']; $_SESSION['first_name'] = $data['first_name']; // Store the HTTP_USER_AGENT: $_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']); // Redirect: $url = absolute_url ('loggedin.php'); header("Location: $url"); } else { // Unsuccessful! // Assign $data to $errors for login_page.inc.php: $errors = $data; } mysql_close($dbc); // Close the database connection. } // End of the main submit conditional. // Create the page: include ('includes/login_page.php'); ?> Loggedin <?php # Script 12.13 - loggedin.php #3 // The user is redirected here from login.php. session_start(); // Start the session. // If no session value is present, redirect the user: // Also validate the HTTP_USER_AGENT! if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT']) )) { // Need the functions: require ('includes/login_functions.php'); redirect_user(); } // Set the page title and include the HTML header: $page_title = 'Logged In!'; include ('includes/header.php'); // Print a customized message: echo "<h1>Logged In!</h1> <p>You are now logged in, {$_SESSION['first_name']}!</p> <p><a href=\"logout.php\">Logout</a></p>"; include ('includes/footer.php'); ?> Login_functions <?php function redirect_user ($page = 'index.php') { $url = 'http://' . $_SERVER['HTTP_localhost'] . dirname($_SERVER['PHP_SELF']); // Remove any trailing slashes: $url = rtrim($url, '/\\'); // Add the page: $url .= '/' . $page; // Redirect the user: header("Location: $url"); exit(); // Quit the script. } // End of redirect_user() function. function check_login($dbc, $email_address = ' ', $user_password = ' ') { $errors = array(); // Initialize error array. // Validate the email address: if (empty($email_address)) { $errors[] = 'You forgot to enter your username.'; } else { $em = mysql_real_escape_string($dbc, trim($email_address)); } // Validate the password: if (empty($user_password)) { $errors[] = 'You forgot to enter your password.'; } else { $p = mysql_real_escape_string($dbc, trim($user_password)); } if (empty($errors)) { // If everything's OK. // Retrieve the user_id and first_name for that email/password combination: $q = "SELECT user_id, first_name FROM users WHERE email_address='$em' AND user_password=SHA1('$p')"; $r = @mysql_query ($dbc, $q); // Run the query. // Check the result: if (mysql_num_rows($r) == 1) { // Fetch the record: $row = mysql_fetch_array ($r, MYSQL_ASSOC); // Return true and the record: return array(true, $row); } else { // Not a match! $errors[] = 'The username and password entered do not match those on file.'; } } // End of empty($errors) IF. // Return false and the errors: return array(false, $errors); } // End of check_login() function. Login_page <?php # Script 12.1 - login_page.inc.php // This page prints any errors associated with logging in // and it creates the entire login page, including the form. // Include the header: $page_title = 'Login'; // Print any error messages, if they exist: if (isset($errors) && !empty($errors)) { echo '<h1>Error!</h1> <p class="error">The following error(s) occurred:<br />'; foreach ($errors as $msg) { echo " - $msg<br />\n"; } echo '</p><p>Please try again.</p>'; } // Display the form: ?> <h1>Login</h1> <form action="login.php" method="post"> <p>Email Address: <input type="text" name="email_address" size="20" maxlength="60" /> </p> <p>Password: <input type="password" name="user_password" size="20" maxlength="20" /></p> <p><input type="submit" name="submit" value="Login" /></p> <input type="hidden" name="submitted" value="TRUE"> </form> <?php include ('includes/footer.php'); ?> Link to comment Share on other sites More sharing options...
Larry Posted January 25, 2012 Share Posted January 25, 2012 Have you applied the standard PHP-MySQL debugging technique (printing out the login query and running it using another interface)? Link to comment Share on other sites More sharing options...
dnabbrocks Posted January 26, 2012 Author Share Posted January 26, 2012 I've tried this in mysql client and I get an empty result: SELECT user_id, first_name FROM users WHERE email_address='$em' AND user_password=SHA1('$p') Link to comment Share on other sites More sharing options...
Larry Posted January 26, 2012 Share Posted January 26, 2012 Yeah, that wouldn't work at all. What you need to do, as I just suggested and as the book clearly explains, is print the actual, complete query being executed in PHP. This would be the query with the values of the variables inserted. Then take that query and run it using another interface. 1 Link to comment Share on other sites More sharing options...
dnabbrocks Posted January 26, 2012 Author Share Posted January 26, 2012 After typing this, i realize nothing will be returned, because no info was in submitted. Which query would I run in mysql if nothing is submitted? Link to comment Share on other sites More sharing options...
dnabbrocks Posted January 26, 2012 Author Share Posted January 26, 2012 Okay. Will do. Thanks Link to comment Share on other sites More sharing options...
dnabbrocks Posted January 26, 2012 Author Share Posted January 26, 2012 Okay. I've done what the appendix says, but there is no php.ini file in my server's directory. If I download and insert it, where should it go? Thanks for the help. Link to comment Share on other sites More sharing options...
Larry Posted January 27, 2012 Share Posted January 27, 2012 I have no idea what you're talking about or what this has to do with debugging this login query. Link to comment Share on other sites More sharing options...
Recommended Posts