PDA

View Full Version : PHP Login Script


cdavenport4
04-13-2007, 02:23 PM
First of all I just wanted to say I love the site!!! It the most helpful site I've been to. Keep up the great work. But I do have a little dilemma...

Does this look ok? I've tried and tried to get this to continue to my welcome screen but it keeps kicking me back to the login page.

Any Ideas?
---------------------------
Security
---------------------------

<?php

session_start();

if (! isset($_SESSION['id'])) {

header("location: ProfileLogin.php");
exit;

}

?>

---------------------
Login
---------------------
<?php
require_once("connection.php"); // database connection

session_start();

//catch field data
$userid = $_POST['userid'];
$password = $_POST['password'];
$submitted = $_POST['submitted'];

if ($userid && $password) {
//////////////////////////////////////////////////////////////
$query = sprintf("SELECT * FROM users WHERE user_name = '$userid' AND user_password = '$password'");
$result = mysql_query($query);
$rowAccount = mysql_fetch_array($result);
//////////////////////////////////////////////////////////////
}

if ($rowAccount >0) {

$_SESSION['id'] = $rowAccount['user_id'];

header("location:Welcome.php");
exit;

} elseif($submitted) {

echo "<h1><center>You dont exist in the system!</center></h1>";
echo "<h2><center>Please Call or email the Administrator for support!</center></h2>";

}

?>


-------------------
Welcome
-------------------

<?php
require_once("connection.php"); // database connection
include("Security.php");

session_start();

$id = $_SESSION['id'];

//////////////////////////////////////////////////////////////
$query = sprintf("SELECT * FROM users WHERE user_id='$id' ");
$result = mysql_query($query);
$rowAccount = mysql_fetch_array($result);
//////////////////////////////////////////////////////////////

?>

davidj
04-13-2007, 02:36 PM
best thng to do would be to comment out your header(location) stuff

then try echo-ing the $_SESSION to see if its set

example

echo $_SESSION['id']."test";

i added the test string so you can see something return if the session is not set

cdavenport4
04-13-2007, 02:56 PM
I got a return of - 1test

davidj
04-13-2007, 03:05 PM
ok so the session is set

try popping your session_start() above the security include on the welcome page

davidj
04-13-2007, 03:13 PM
example...

<?php
require_once("connection.php"); // database connection

session_start();

include("Security.php");



$id = $_SESSION['id'];

//////////////////////////////////////////////////////////////
$query = sprintf("SELECT * FROM users WHERE user_id='$id' ");
$result = mysql_query($query);
$rowAccount = mysql_fetch_array($result);
//////////////////////////////////////////////////////////////

?>

cdavenport4
04-13-2007, 04:13 PM
I'm still having the same issue. It keeps redirecting me to the login page.

Oh, Thank you for your help.

cdavenport4
04-13-2007, 07:26 PM
Does anyone have any other suggestions?

davidj
04-13-2007, 07:30 PM
remove/comment out the security include from the welcome page

then test with correct and incorrect login details

does this work correctly?

cdavenport4
04-13-2007, 09:41 PM
I've tried login in correctly<Doesn't work> and incorrectly<Works>. Just a quesiton why would comment cause a problem? (I'm not being smart). Here's the website. www.cdavenport4.com/ProfileLogin.php Username: test Password: test

davidj
04-13-2007, 09:49 PM
when you comment out a piece of code you are basically switching it off

a soft delete if you like

ok

where you have ...


($rowAccount >0)


change this to...


($rowAccount)


then test again