/    Sign up×
Community /Pin to ProfileBookmark

Password verification issues

Copy linkTweet thisAlerts:
Jun 04.2007

I have a small form for member login on the front page of my website I am creating and for some reason the login page redirect is not working. Hre is the code for the redirect.php that is called for from teh form:

When I put in my username and password it goes to errorlogin.html page.

Any clues?

[CODE]<?

//prevents caching
header(“Expires: Sat, 01 Jan 2000 00:00:00 GMT”);
header(“Last-Modified: “.gmdate(“D, d M Y H:i:s”).” GMT”);
header(“Cache-Control: post-check=0, pre-check=0”,false);
session_cache_limiter();

session_start();

//clear session variables
session_unset();

//require the functions file
require (“config.php”);
require (“functions.php”);

//check to see if cookies are already set, remember me
if ((!$lr_user) || (!$lr_pass))
{

$username = $_POST[username];
$password = $_POST[password];

}else{

$username = $lr_user;
$password = $lr_pass;

}

//if username or password is blank, send to errorlogin.html
if ((!$username) || (!$password))
{

header(“Location:$base_dir/errorlogin.html”);
exit;
}

//sets cookies to remember this computer if the user asks to
if ($_POST[remember] == “Yes”)
{
setcookie(“lr_user”, $username, $duration, “/”, $domain);
setcookie(“lr_pass”, $password, $duration, “/”, $domain);
}

if ($_POST[activate] == “Yes”)
{
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());

//build and issue the query
$sql =”UPDATE $table_name SET verified = ‘1’ WHERE username = ‘$_POST[username]'”;
$result = @mysql_query($sql,$connection) or die(mysql_error());
}

//sets session variables
sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password);

//check to see if the user has to change their password
if ($_SESSION[pchange] == “1”)
{
$_SESSION[redirect] = “$base_dir/pass_change.html”;
}

//check to see if the user has activated the account
if ($_SESSION[verified] == “0”)
{
$_SESSION[redirect] = “$base_dir/not_activated.html”;
}

//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());

//build and issue the query
$sql =”SELECT * FROM banned”;
$result = @mysql_query($sql,$connection) or die(mysql_error());

while ($sql = mysql_fetch_object($result))
{
$banned = $sql -> no_access;
if ($username == $banned || $REMOTE_ADDR == $banned)
{
include (‘banned.html’);
exit;
}
}

$last_log = last_login();

//updates table with last log as now
$sql = “UPDATE $table_name SET last_login = ‘$last_log’ WHERE username = ‘$_SESSION[user_name]'”;
$result = @mysql_query($sql,$connection) or die(mysql_error());

if (($_SESSION[redirect] != “$base_dir/errorlogin.html”) && ($log_login == “1”))
{
include(‘loglogin.php’);
}

//redirects the user
header(“Location:$_SESSION[redirect]”);

?>

<head><title>Redirect</title></head>[/CODE]

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@SheldonJun 04.2007 — Lets try some debugging.

Where ever there is a header("Location"); comment it out and echo out the $username and $password variables.

and see where we are getting up to

also i would use isset or !empty on your if's
[code=php]if ((!isset($lr_user)) || (!isset($lr_pass))) { /* good*/ }[/code]

EDIT: I wouldnt store the users password as a cookie for security reasons.
Copy linkTweet thisAlerts:
@gavenpauthorJun 04.2007 — Sorry to be a tool about this but where should I be replacing the code you sent me. I am only fairly new to PHP so I am still a little unsure.


Can you fix the code i have up there and send it back to me with the comments listed besude where you changed.

This way i can see what you did and learn from it.

Thanks
Copy linkTweet thisAlerts:
@gavenpauthorJun 04.2007 — What I did was replace two lines of code with yours.

I replaced

//check to see if cookies are already set, remember me

if ((!$lr_user) || (!$lr_pass))

with

if ((!isset($lr_user)) || (!isset($lr_pass))) { /* good*/ } and replaced

//if username or password is blank, send to errorlogin.html

if ((!$username) || (!$password)) with

if ((!isset($lr_user)) || (!isset($lr_pass))) { /* good*/ }

I think I figured it out but now all it does is take me to a blank page.
×

Success!

Help @gavenp spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.4,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...