el-sid
5th August 2008, 19:38
Hi,
i have been trying to implement a simple login script in php. The problem is
it does not seem to execute the query and always reverts back to the login function
even when the parameters passed are accurate
<?php
// This script manages the login process.
// It should only be called when the user is not logged in.
// If the user is logged in, it will redirect back to the calling page.
// If the user is not logged in, it will show a login <form>
include 'include.inc';
set_error_handler("errorHandler");
function check_login($loginUsername, $loginPassword, $level)
{
global $username;
global $password;
global $hostName;
global $databaseName;
global $message;
// Get the two character salt from the
// user-name collected from the challenge
$salt = substr($loginUsername, 0, 2);
// Encrypt the loginPassword collected from
// the challenge
$crypted_password = crypt($loginPassword, $salt);
// Formulate the SQL find the user
$query = "SELECT password FROM login
WHERE username = '$loginUsername'
AND password = '$crypted_password'";
// Open a connection to the DBMS
if (!($connection = @ mysql_pconnect($hostName,
$username,
$password)))
showerror();
if (!mysql_select_db($databaseName, $connection))
showerror();
// Execute the query
if (!($result = @ mysql_query($query, $connection)))
showerror();
// exactly one row? then we have found the user
if (isset($result))
{
// Register the loginUsername to show the user is logged in
session_register("loginUsername");
$_SESSION["loginUsername"] = $loginUsername;
// Clear any other session variables
if (session_is_registered("errors"))
// Delete the form errors session variable
session_unregister("errors");
if (session_is_registered("formVars"))
// Delete the formVars session variable
session_unregister("formVars");
if (strcmp($level,"Manager") == 0)
{
header("Location:manager.mainform.php");
exit;
}
elseif (strcmp($level,"Line Manager") == 0)
{
header("Location:linemanager.mainform.php");
exit;
}
elseif (strcmp($level,"Salesman") == 0)
{
header("Location:salesman.mainform.php");
exit;
}
}
else
{
// Ensure loginUsername is not registered, so the user
// is not logged in
if (session_is_registered("loginUsername"))
session_unregister("loginUsername");
// Register an error message
session_register("message");
$_SESSION["message"] = "Username or password incorrect. Login failed.";
// Show the login page
// so the user can have another go!
login_page();
exit;
}
}
// Function that shows the HTML <form> that is
// used to collect the user-name and password
function login_page()
{
?>
<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd" >
<html>
<head>
<title>Login Page</title>
</head>
<body bgcolor="white">
<?php
// Show login status (should be logged out!)
showLogin();
?>
<h3>Login Page</h3>
<form method="POST" action="login.php">
<?php
// Show messages
showMessage();
// Generate the login <form> layout
?>
<table>
<tr>
<td>Username:</td>
<td><input type="text" size=30
maxlength=30
name="loginUsername"></td>
</tr>
<tr><td>Password:</td>
<td><input type="password" size=20
maxlength=30
name="loginPassword"></td>
</tr>
<tr><td>Department:</td>
<td><select name="level">
<option selected = "">
<option>Manager</option>
<option>Line Manager</option>
<option>Salesman</option>
</select></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Log in"></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
// ------------------
// Initialise the session
session_start();
if (isset($_POST["loginUsername"]))
$loginUsername = clean($_POST["loginUsername"], 20);
if (isset($_POST["loginPassword"]))
$loginPassword = clean($_POST["loginPassword"], 32);
if (isset($_POST["level"]))
$loginPassword = clean($_POST["level"], 50);
// Check if the user is already logged in
if (session_is_registered("loginUsername"))
{
// If they are, then just bounce them back where
// they came from
if (session_is_registered("referer"))
{
session_unregister("referer");
header("Location: $referer");
exit;
}
else
{
header("Location: salesinfo.html");
exit;
}
}
if ((empty($loginUsername) && !empty($loginPassword)) ||
(!empty($loginUsername) && empty($loginPassword)))
{
// Register an error message
session_register("message");
$_SESSION["message"] = "Both a username and password must be supplied.";
}
// Have they not provided a username/password, or was there an error?
if (!isset($loginUsername) ||
!isset($loginPassword) ||
session_is_registered("message"))
login_page();
else
// They have provided a login. Is it valid?
check_login($loginUsername, $loginPassword, $level);
?>
am still a little new to php and this code has been giving me quite a headache
there are no syntax errors and no indication of sql errors.:confused:
any ideas?
i have been trying to implement a simple login script in php. The problem is
it does not seem to execute the query and always reverts back to the login function
even when the parameters passed are accurate
<?php
// This script manages the login process.
// It should only be called when the user is not logged in.
// If the user is logged in, it will redirect back to the calling page.
// If the user is not logged in, it will show a login <form>
include 'include.inc';
set_error_handler("errorHandler");
function check_login($loginUsername, $loginPassword, $level)
{
global $username;
global $password;
global $hostName;
global $databaseName;
global $message;
// Get the two character salt from the
// user-name collected from the challenge
$salt = substr($loginUsername, 0, 2);
// Encrypt the loginPassword collected from
// the challenge
$crypted_password = crypt($loginPassword, $salt);
// Formulate the SQL find the user
$query = "SELECT password FROM login
WHERE username = '$loginUsername'
AND password = '$crypted_password'";
// Open a connection to the DBMS
if (!($connection = @ mysql_pconnect($hostName,
$username,
$password)))
showerror();
if (!mysql_select_db($databaseName, $connection))
showerror();
// Execute the query
if (!($result = @ mysql_query($query, $connection)))
showerror();
// exactly one row? then we have found the user
if (isset($result))
{
// Register the loginUsername to show the user is logged in
session_register("loginUsername");
$_SESSION["loginUsername"] = $loginUsername;
// Clear any other session variables
if (session_is_registered("errors"))
// Delete the form errors session variable
session_unregister("errors");
if (session_is_registered("formVars"))
// Delete the formVars session variable
session_unregister("formVars");
if (strcmp($level,"Manager") == 0)
{
header("Location:manager.mainform.php");
exit;
}
elseif (strcmp($level,"Line Manager") == 0)
{
header("Location:linemanager.mainform.php");
exit;
}
elseif (strcmp($level,"Salesman") == 0)
{
header("Location:salesman.mainform.php");
exit;
}
}
else
{
// Ensure loginUsername is not registered, so the user
// is not logged in
if (session_is_registered("loginUsername"))
session_unregister("loginUsername");
// Register an error message
session_register("message");
$_SESSION["message"] = "Username or password incorrect. Login failed.";
// Show the login page
// so the user can have another go!
login_page();
exit;
}
}
// Function that shows the HTML <form> that is
// used to collect the user-name and password
function login_page()
{
?>
<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd" >
<html>
<head>
<title>Login Page</title>
</head>
<body bgcolor="white">
<?php
// Show login status (should be logged out!)
showLogin();
?>
<h3>Login Page</h3>
<form method="POST" action="login.php">
<?php
// Show messages
showMessage();
// Generate the login <form> layout
?>
<table>
<tr>
<td>Username:</td>
<td><input type="text" size=30
maxlength=30
name="loginUsername"></td>
</tr>
<tr><td>Password:</td>
<td><input type="password" size=20
maxlength=30
name="loginPassword"></td>
</tr>
<tr><td>Department:</td>
<td><select name="level">
<option selected = "">
<option>Manager</option>
<option>Line Manager</option>
<option>Salesman</option>
</select></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Log in"></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
// ------------------
// Initialise the session
session_start();
if (isset($_POST["loginUsername"]))
$loginUsername = clean($_POST["loginUsername"], 20);
if (isset($_POST["loginPassword"]))
$loginPassword = clean($_POST["loginPassword"], 32);
if (isset($_POST["level"]))
$loginPassword = clean($_POST["level"], 50);
// Check if the user is already logged in
if (session_is_registered("loginUsername"))
{
// If they are, then just bounce them back where
// they came from
if (session_is_registered("referer"))
{
session_unregister("referer");
header("Location: $referer");
exit;
}
else
{
header("Location: salesinfo.html");
exit;
}
}
if ((empty($loginUsername) && !empty($loginPassword)) ||
(!empty($loginUsername) && empty($loginPassword)))
{
// Register an error message
session_register("message");
$_SESSION["message"] = "Both a username and password must be supplied.";
}
// Have they not provided a username/password, or was there an error?
if (!isset($loginUsername) ||
!isset($loginPassword) ||
session_is_registered("message"))
login_page();
else
// They have provided a login. Is it valid?
check_login($loginUsername, $loginPassword, $level);
?>
am still a little new to php and this code has been giving me quite a headache
there are no syntax errors and no indication of sql errors.:confused:
any ideas?