User authentication problems

[karinne]

OK so maybe it's because it's getting or the fact that I work all day in .NET and come home PHP so I've got my languages mixed up but I cannot for the life of me figure out the problem here.

Here's my HTML log in form in index.php:

Code: Select all

<form method="post" action="/myadmin/validate.php">
        <p><label for="username">Username:</label><br />
        <input type="text" name="username" /></p>
        <p><label for="password">Password:</label><br />
        <input type="password" name="password" /></p>
        <div class="fleft"><input type="image" src="/myadmin/i/login/input-submit.jpg" name="login" class="login" /></div>
        <div class="fright" style="margin-top: 25px;"><a href="">Forgot your password?</a></div>
    </form>

and here's my validate.php

PHP: Select all

<?
session_start();

$conn = mysql_connect("localhost", "username", "password");
mysql_select_db("mytable");

$auth = false; // Assume user is not authenticated

if (isset($_POST['username']) && isset($_POST['password'])) {
    $userid = $_POST['username'];
    $password = $_POST['password'];
        
    $login = mysql_query ("select * from admin where userid='$userid' and password='$password'");
    $num = mysql_num_rows($login);
        
    if ($num != 0) {
        $auth = true;
        $_SESSION['loggedin'] = 1;
        $_SESSION['user'] = $userid;
    }
    echo 'yes';
} else {
    echo 'Please try again!';
}
    
if ($auth = false) {
    // TODO: Create a better page for this
    echo 'Authorization Required.';
    exit;
} else {
    //header( 'Location: /myadmin/home.php' );
    echo 'alrighty then';
}
echo 'oh yeah right!';

?>

1. If I click on the login but from my form without entering anything, it acts like everything is fine.

2. I can't get my header() to work because of the session_start() that I have at the top so how can I send people to the next page if it validates?!

3. Am I doing this properly? I never really understood sessions and kinda grabbed code as I went.

Thanks!

[Blake121]

Ok I played about with it for a bit and I found this code works for me....

Code: Select all

<?
session_start();

$conn = mysql_connect("localhost", "username", "password) or die("cant connect");
mysql_select_db("DB") or die("no DB found");

$auth = false; // Assume user is not authenticated

if (isset($_POST['username']) && isset($_POST['password'])) {
    $username =  mysql_real_escape_string($_POST['username']);
    $password =  mysql_real_escape_string($_POST['password']);
       
    $login = "SELECT * FROM test WHERE username = '$username' AND password = '$password'";
    $query = mysql_query($login) or die(mysql_error());
    $num = mysql_num_rows($query);
    $row = mysql_fetch_assoc($query);

    if(isset($num)) {
            if ($num != 0) {
            $auth = true;
            $user_id = $row['user_id'];
            $_SESSION['loggedin'] = 1;
            $_SESSION['user'] = $user_id;
        }
        } else {
            echo 'Please try again!';
        }

        if (!$auth) {
            // TODO: Create a better page for this
            echo 'Authorization Required.';
            exit;
        } else {
         header( 'Location: test3.php' );
            //echo 'alrighty then';
        }
    } else {
        echo '$num not set';
    }

?>

Hope it works for you as well

BTW on your form page there should be an ID in your inputs to match them with they're labels lol.

Blake

[karinne]

Quote:

Originally Posted by Blake121

BTW on your form page there should be an ID in your inputs to match them with they're labels lol.

What?

Ok ... the code works but I get but I get the

Code: Select all

Warning:  session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /myadmin/validate.php:38) in /myadmin/validate.php on line 1

Warning:  session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /myadmin/validate.php:38) in /myadmin/validate.php on line 1

Warning: Cannot modify header information - headers already sent by (output started at /myadmin/validate.php:38) in /myadmin/validate.php on line 34

errors

[Blake121]

Well I didn't get any of those errors...

It sounds like something is getting sent at line 1. Make sure there are no spaces before the <? tag and no spaces in between that and the session_start() command.

If there are no spaces it may be your text editor putting in invisible characters at the start of the document (happens on macs I think), if that's the case switch to another text editor and press backspace a few times at the very first line. Although dreamweaver shouldn't do this.

Another thing you could do is write this "ob_start()" on the very next line following session_start() without spaces. This will stop the headers getting sent until the script has processed. You should try the other ones first though.

If this works it will re-direct you to the new page as well.

And that ID thing should be this...

Code: Select all

<p><label for="username">Username:</label><br />
        <input type="text" name="username" id="username" /></p>

or the "for" element is kinda useless lol.

Hope this helps,
Blake

[karinne]

Ok ... I got it working. I had

Code: Select all

<?
session_start();

so I did

Code: Select all

<? session_start();

and it works ... Ah... I didn't think that would make a difference.

Oh yeah ... I forgot the ID

Thanks for all you help!