Back To Programming / Scripting / Coding Forum

[solved] - Thanks Everyone - login php script problem

  • Carnix
  • Guru
  • Guru
  • User avatar
  • Joined: Apr 28, 2004
  • Posts: 1099
  • Status: Offline

Post June 29th, 2004, 8:49 am

Nem wrote:
1) How can not the form be right? It is being posted towards the php file right?


Yeah, except the HTML isn't inside a PHP script delimiter ( <? PHP HERE ?> ). I doubt that's the problem, since the php stuff was only in the ID attribute, so unless you're using some sort of JS, it wouldn't cause a problem. The NAME attribute is the important one when it comes to HTTP.

Nem wrote:
2) here is what you need to know:
http://www.69kilobytes.co.uk/cp/admin_login.php


That tells me the username isn't being passed properly. In other words, the $user variable is empty, which would definatly cause your error.

Can you post the contents of connect.php (you can, and should, omit the database login lines... better not to post real passwords in plain text, =])

.c
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post June 29th, 2004, 8:49 am

  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 8:51 am

PHP Code: [ Select ]
 
<?php
 
 
 
$username = "";
 
$password = "";
 
$host = "localhost";
 
$database = "69kilobytes_co_uk_portal";
 
mysql_connect($host,$username,$password) or die("Cannot connect to the database.<br>" . mysql_error());
 
mysql_select_db($database) or die("Cannot select the database.<br>" . mysql_error());
 
 
 
?>
  1.  
  2. <?php
  3.  
  4.  
  5.  
  6. $username = "";
  7.  
  8. $password = "";
  9.  
  10. $host = "localhost";
  11.  
  12. $database = "69kilobytes_co_uk_portal";
  13.  
  14. mysql_connect($host,$username,$password) or die("Cannot connect to the database.<br>" . mysql_error());
  15.  
  16. mysql_select_db($database) or die("Cannot select the database.<br>" . mysql_error());
  17.  
  18.  
  19.  
  20. ?>


the admin table is in the correct database.
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Joined: Apr 28, 2004
  • Posts: 1099
  • Status: Offline

Post June 29th, 2004, 8:53 am

Wait... the $pass isn't being passed either. The md5 encryption is invalid, it's either the encryption for NULL, undefiend or "" or FALSE, or something like that... whatever the default value PHP is assigning it.

Please post the connect.php, or whatever the part of your script is that's parsing the HTTP request.

thanks
.c
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 8:55 am

i will show you all the contents i am using for this login....

please hold on for a sec so i can put it all on to one post
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Joined: Apr 28, 2004
  • Posts: 1099
  • Status: Offline

Post June 29th, 2004, 8:56 am

got it.

Ok, there is something missing still.

I don't see any script that parsed the HTTP request.... Is there anything anywhere that does looks for something like $_POST? If so, post that snippet. Are there any other include files in admin_login.php?


.c

**EDIT: heh, we're getting out of sync on our posts... I'll wait to post anything more until you've posted the content of the file. =]
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 8:58 am

login form
PHP Code: [ Select ]
 
<? include('http://www.69kilobytes.co.uk/header.php'); ?>
 
<?
 
echo "<form name=admin_login method=post action=admin_login.php>
 
<input type=text name=username id=user>
 
<input type=password name=password id=MD5('$pass')>
 
 <input type=submit value=submit name=submit>
 
</form>"
 
?>
 
<? include('http://www.69kilobytes.co.uk/footer.php'); ?>
 
 
  1.  
  2. <? include('http://www.69kilobytes.co.uk/header.php'); ?>
  3.  
  4. <?
  5.  
  6. echo "<form name=admin_login method=post action=admin_login.php>
  7.  
  8. <input type=text name=username id=user>
  9.  
  10. <input type=password name=password id=MD5('$pass')>
  11.  
  12.  <input type=submit value=submit name=submit>
  13.  
  14. </form>"
  15.  
  16. ?>
  17.  
  18. <? include('http://www.69kilobytes.co.uk/footer.php'); ?>
  19.  
  20.  


-i just edited the code, hopefully it is correct now. Within the footer and the header are both html tags. Any php code in there will start with <? and end with ?> but is saved altogether as a php document.

connect.php
PHP Code: [ Select ]
 
<?php
 
 
 
$username = "";
 
$password = "";
 
$host = "localhost";
 
$database = "69kilobytes_co_uk_portal";
 
mysql_connect($host,$username,$password) or die("Cannot connect to the database.<br>" . mysql_error());
 
mysql_select_db($database) or die("Cannot select the database.<br>" . mysql_error());
 
 
 
?>
 
 
  1.  
  2. <?php
  3.  
  4.  
  5.  
  6. $username = "";
  7.  
  8. $password = "";
  9.  
  10. $host = "localhost";
  11.  
  12. $database = "69kilobytes_co_uk_portal";
  13.  
  14. mysql_connect($host,$username,$password) or die("Cannot connect to the database.<br>" . mysql_error());
  15.  
  16. mysql_select_db($database) or die("Cannot select the database.<br>" . mysql_error());
  17.  
  18.  
  19.  
  20. ?>
  21.  
  22.  

-was sent before

now finally the login php code
PHP Code: [ Select ]
 
<?PHP
 
 
 
include('connect.php');
 
print "<p>Username: " . $user . " :: Password: " .  $pass .  "(" . MD5('$pass') . ")</p>";
 
$user_data = mysql_fetch_array(mysql_query("SELECT username password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
 
 
 
if ($user_data = false);
 
{
 
echo "couldnt get informtion";
 
}
 
 
 
if ($username == "$user" && $password == "MD5('$pass')")
 
{
 
 
 
Setcookie("admin", $userid, Time()+3600);
 
 
 
echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
 
}  else  {
 
 
 
echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
 
}
 
?>
 
 
  1.  
  2. <?PHP
  3.  
  4.  
  5.  
  6. include('connect.php');
  7.  
  8. print "<p>Username: " . $user . " :: Password: " .  $pass .  "(" . MD5('$pass') . ")</p>";
  9.  
  10. $user_data = mysql_fetch_array(mysql_query("SELECT username password FROM admin WHERE username='$user' and password='MD5('$pass')'"));
  11.  
  12.  
  13.  
  14. if ($user_data = false);
  15.  
  16. {
  17.  
  18. echo "couldnt get informtion";
  19.  
  20. }
  21.  
  22.  
  23.  
  24. if ($username == "$user" && $password == "MD5('$pass')")
  25.  
  26. {
  27.  
  28.  
  29.  
  30. Setcookie("admin", $userid, Time()+3600);
  31.  
  32.  
  33.  
  34. echo "Welcome Admin - You have Admin Access <a href=admin.php>click here to continue</a>";
  35.  
  36. }  else  {
  37.  
  38.  
  39.  
  40. echo "You do not have permission to access this area, sorry <a href=login.php>click here to go back</a>";
  41.  
  42. }
  43.  
  44. ?>
  45.  
  46.  

-this i made and im a total newb at this and learning.

on top of every page i protect i add:

PHP Code: [ Select ]
if(isset($_COOKIE["admin"])) { echo 'welcome'; } else { echo 'You need to login to view this area of the site';}?>
 
 
  1. if(isset($_COOKIE["admin"])) { echo 'welcome'; } else { echo 'You need to login to view this area of the site';}?>
  2.  
  3.  



hope this helps
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 9:08 am

hey, i be back at 5.30GMT. If you reply then thanks, and i am not ignoring you taking away any answers you have.

Regards
Nem

Ps. thank you for giving me help towards this annoying bit of code.
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Joined: Apr 28, 2004
  • Posts: 1099
  • Status: Offline

Post June 29th, 2004, 9:10 am

It does. It tells me there is nothing actually looking to figure out what was entered into the form. Add this above the include call, at the top of the page:

PHP Code: [ Select ]
 
 
if($_POST){
 
   foreach ($_POST as $key => $value) {
 
      if($key == "username"){ $user = $value); }
 
      if($key == "password"){ $pass = $value); }
 
  }
 
}
 
 
  1.  
  2.  
  3. if($_POST){
  4.  
  5.    foreach ($_POST as $key => $value) {
  6.  
  7.       if($key == "username"){ $user = $value); }
  8.  
  9.       if($key == "password"){ $pass = $value); }
  10.  
  11.   }
  12.  
  13. }
  14.  
  15.  


You'll notices that the string in the if statements match the NAME attributes in your form elements. You can use the same structure for $_GET for QueryString variables (values passed in the URL, for example: file.php?this=that&key=value) and $_COOKIE for cookie values.

I usually create a global include file that is added to EVERY page on the site, (I call it common.php, but you can call it whatever you want). This lets me include functions and variables that I might want access to across the board, like sessions, or forms...

You could put these loops into a function, and pass the the string as an argument, for example:

PHP Code: [ Select ]
 
 
 
 
//THIS IS IN THE COMMON INCLUDE FILE:
 
function get_post($form_element){
 
  foreach ($_POST as $key => $value) {
 
    if($key == $form_element){return $value); }
 
  }
 
  return "";
 
}
 
 
 
 
 
//THIS IS ON WHATEVER PAGE:
 
$some_variable = get_post("form_element_name");
 
 
 
 
  1.  
  2.  
  3.  
  4.  
  5. //THIS IS IN THE COMMON INCLUDE FILE:
  6.  
  7. function get_post($form_element){
  8.  
  9.   foreach ($_POST as $key => $value) {
  10.  
  11.     if($key == $form_element){return $value); }
  12.  
  13.   }
  14.  
  15.   return "";
  16.  
  17. }
  18.  
  19.  
  20.  
  21.  
  22.  
  23. //THIS IS ON WHATEVER PAGE:
  24.  
  25. $some_variable = get_post("form_element_name");
  26.  
  27.  
  28.  
  29.  



I'd stick the the more hardcoded version to start until you have more grasp of PHP though.

.c


**EDIT: no problem, glad to help.
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 9:45 am

Could you explain what page i should put them in?
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 9:47 am

I have to also admit, you kind of lost me within what you tryied to explain "common"?

I am very new to this..
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 9:49 am

here is my final "form" page

PHP Code: [ Select ]
 
<? if($_POST){
 
    foreach ($_POST as $key => $value) {
 
        if($key == "username"){ $user = $value); }
 
        if($key == "password"){ $pass = $value); }
 
  }
 
}
 
include('http://www.69kilobytes.co.uk/header.php');
 
?>
 
<?
 
echo "<form name=admin_login method=post action=admin_login.php>
 
<input type=text name=username id=user>
 
<input type=password name=password id=MD5('$pass')>
 
 <input type=submit value=submit name=submit>
 
</form>"
 
?>
 
<? include('http://www.69kilobytes.co.uk/footer.php'); ?>
 
 
  1.  
  2. <? if($_POST){
  3.  
  4.     foreach ($_POST as $key => $value) {
  5.  
  6.         if($key == "username"){ $user = $value); }
  7.  
  8.         if($key == "password"){ $pass = $value); }
  9.  
  10.   }
  11.  
  12. }
  13.  
  14. include('http://www.69kilobytes.co.uk/header.php');
  15.  
  16. ?>
  17.  
  18. <?
  19.  
  20. echo "<form name=admin_login method=post action=admin_login.php>
  21.  
  22. <input type=text name=username id=user>
  23.  
  24. <input type=password name=password id=MD5('$pass')>
  25.  
  26.  <input type=submit value=submit name=submit>
  27.  
  28. </form>"
  29.  
  30. ?>
  31.  
  32. <? include('http://www.69kilobytes.co.uk/footer.php'); ?>
  33.  
  34.  


im getting a parse error on line 3
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Joined: May 22, 2004
  • Posts: 3415
  • Loc: Richland, WA
  • Status: Offline

Post June 29th, 2004, 10:12 am

PHP Code: [ Select ]
<? if($_POST){
 
    foreach ($_POST as $key => $value) {
 
        if($key == "username"){ $user = $value; }
 
        if($key == "password"){ $pass = $value; }
 
  }
 
}
 
 
  1. <? if($_POST){
  2.  
  3.     foreach ($_POST as $key => $value) {
  4.  
  5.         if($key == "username"){ $user = $value; }
  6.  
  7.         if($key == "password"){ $pass = $value; }
  8.  
  9.   }
  10.  
  11. }
  12.  
  13.  


no ) after your values
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 10:15 am

ok the error is out of the way:

now the dummy username and password i just inputted in to the dbase and md5'd is "lol" and "lol" both username and password.

here is the form

http://www.69kilobytes.co.uk/cp/login.php

to you, what is the problem? The codes are half way up this page
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Carnix
  • Guru
  • Guru
  • User avatar
  • Joined: Apr 28, 2004
  • Posts: 1099
  • Status: Offline

Post June 29th, 2004, 10:54 am

ok... that's weird.
Let me do some tooling around and see if I can make it work on my server here...

.c
  • Nem
  • Guru
  • Guru
  • No Avatar
  • Joined: Feb 13, 2004
  • Posts: 1243
  • Loc: UK
  • Status: Offline

Post June 29th, 2004, 10:57 am

THANKS!
GSDomains.com -Click here - Packages starting from £3.69 a month. 1.5GB Space & 10GB Bandwidth.
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post June 29th, 2004, 10:57 am

1, 2, 3, 4

Post Information

  • Total Posts in this topic: 51 posts
  • Users browsing this forum: No registered users and 106 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 2011 Unmelted, LLC. Ozzu® is a registered trademark of Unmelted, LLC.