PHP Login

Jack Franklin · #1 Oct 7th, 2007, 13:54

Hey all. Following this tutorial:
http://www.phpeasystep.com/workshopview.php?id=6

1. Am I using PHP 4 or PHP 5? How can I find out?
2. Try going here: http://www.jackfranklin.co.uk/PHP%20...main_login.php
and use the username john and the password 1234.

I get lots of errors! The code for the check_login.php is:

PHP: Select all


<?php
$host="localhost"; // Host name 
$username="jackfran_admin"; // Mysql username 
$password="<my password>"; // Mysql password 
$db_name="jackfran_webdatabase"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

And the page with the form looks like this:

Code: Select all

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

Any help welcome

Thanks

Jack

alexgeek · #2 Oct 7th, 2007, 15:51

What are the errors mate? They can help a lot in the debugging process.

c010depunkk · #3 Oct 7th, 2007, 16:03

There are no errors in the PHP script. HTML is also OK. Check the SQL login data....

Otherwise I can't see any problems.

Jack Franklin · #4 Oct 7th, 2007, 16:26

The warnings I get are:

Warning: session_register() [function.session-register]: Cannot send session cookie - headers already sent by (output started at /home/jackfran/public_html/PHP Stuff/PHPLogin/checklogin.php:9) in /home/jackfran/public_html/PHP Stuff/PHPLogin/checklogin.php on line 35

Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at /home/jackfran/public_html/PHP Stuff/PHPLogin/checklogin.php:9) in /home/jackfran/public_html/PHP Stuff/PHPLogin/checklogin.php on line 35

Warning: Cannot modify header information - headers already sent by (output started at /home/jackfran/public_html/PHP Stuff/PHPLogin/checklogin.php:9) in /home/jackfran/public_html/PHP Stuff/PHPLogin/checklogin.php on line 37

Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

alexgeek · #5 Oct 7th, 2007, 16:27

I'd just like to suggest filtering the input, otherwise this script is vulnerable to SQL Injection i think changing the post part to the following should work:

PHP: Select all


 $myusername=addlashes(htmlentities($_POST['myusername']));  $mypassword=addlashes(htmlentities($_POST['mypassword']));

c010depunkk · #6 Oct 7th, 2007, 18:24

OK, I got it:

Your problem is here:

PHP: Select all


session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");

You can't output anything before you try to set header information or start a session.

simonb · #7 Oct 8th, 2007, 06:33

Would it next

PHP: Select all


 session_start()

At the Top

Jack Franklin · #8 Oct 8th, 2007, 16:14

Thanks for the help guys. What can I do to correct it? simon- I dont quite understand what you are saying?

Cheers
Jack

simonb · #9 Oct 8th, 2007, 16:27

Thats how you start a session

Marc · #10 Oct 8th, 2007, 16:34

I think Simon means put this in:

PHP: Select all


session_start();
session_register("myusername");
session_register("mypassword"); 
header("location:login_success.php");

c010depunkk · #11 Oct 8th, 2007, 17:50

OK, Let me explain in what I hope is "normal person" english:

The headers of a HTML page get sent before ANY of the content. So, if you want to set any information in the header using PHP (ex: using the header() function or the session_*() functions), you have to do it before you output anything to the page (using echo() or print() or normal HTML output). So, when you try to start a session and change the header, PHP throws an error, because the header has already been sent to the client and the server can't make any more changes.

Hope that makes at least a bit of sense, feel free to throw down some more ?'s....

Jack Franklin · #12 Oct 8th, 2007, 18:51

I think I get it. So would I put the code Marc posted at the very very top of my page, before any other code? or would I move all the code before the <html....?

Thanks for the help!

Jack

c010depunkk · #13 Oct 8th, 2007, 19:48

that's it! you catch on fast...

Jack Franklin · #14 Oct 8th, 2007, 20:16

Great Thanks, I'll try it when I get the chance and report back...

alexgeek · #15 Oct 8th, 2007, 21:18

Might I just say, it would be a lot easier to put Marc's code in file and "include()" it in every page.
That way, if you need to add or change something, you simply change one file.

simonb · #16 Oct 8th, 2007, 21:20

All the php on my sites is include

		Webforumz.com > Main Forums > Program Your Website > PHP Forum
PHP Login