PHP login form issues

Trying to fix an issue with $_SESSIONS

Page 1 of 1

3 Replies - 4927 Views - Last Post: 26 June 2008 - 10:29 PM Rate Topic: -----

#1 livelonger87  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 45
  • Joined: 27-May 08

PHP login form issues

Posted 26 June 2008 - 07:59 PM

This is my current page...
<?php
session_start();
require("connect.php");
$check_ban = array();
?>
<html>
 <head>
<style type="text/css">
.body {
	background-color: gray;
	border: 2px solid orange;
}
#header {
	width: 1024px;
	height: 150px;
	background-image: url("/images/header.gif");
	background-repeat: no-repeat;
	border: 2px dotted orange;
	text-align: left;
	font-family: verdana;
	
}
#content {
	width: 1024px;
	height: 800px;
	background-color: white;
	border: 1px dotted black;
}
#navigation {
	width: 42px;
	height: 700px;
	background-color: #E6E6E6;
	float: left;
	border: 1px dotted black;
}
#login {
	width: 240px;
	height: 150px;
	background-image: url("/images/login.gif");
	border: 2px solid black;
	float: right;
	overflow: auto;
}

#signup {
	position: relative;
	top: 50px;
	left: 90px;
	width: 450px;
	height: 550px;
	background-color: #E6E6E6;
	border: 2px solid orange;
	float: left;
	overflow: auto;
	
}
#banned {
	width: 1024px;
	height: 768px;
	border: 2px solid black;
	font-family: verdana;
	font-size: 12px;
	padding: 10px;
	background-image: url("/images/Banned.gif");
}
</style>

	
 
 </head>

<body>
<?php
$login_user = stripslashes($_POST['username']);
$login_pass = stripslashes($_POST['password']);
$q = "SELECT * FROM `Registered_users` WHERE `Username`='$login_user'";
$result = mysql_query($q);
$array = mysql_fetch_array($result);
if($array['Banned'] == 'Yes')
{
	?>
<div id="banned">
You have been banned! 
</div>
<?php
}
else 
{
?>

<div id="header">
<?php
if($_SESSION['loggedin'] == false)
 {
?>
<div id="login">
<?php
if($_POST['login_this_user'])
{
	if($login_user == NULL || $login_pass == NULL)
	{
		print "You must enter a username and/or password before logging in. <br><br>";
	}
	else
	{
		print "Logging in as <b>$login_user</b>... <br><br>";
		
		$q = "SELECT * FROM `Registered_users` WHERE `Username`='$login_user' AND `Password`='$login_pass'";
		$result = mysql_query($q);
		if(!$result)
		{
			print "Error: <br>";
		}
		else
		{
		$check = 0;

		while($line = mysql_fetch_assoc($result)) {
 		 $check++;
		} 
		if($check == 1) 
		{
		$_SESSION['loggedin'] == '1';
		setcookie("randomusername", "$login_user", time()+3600);
		header("location: index.php?login=1&user=username&id=user");
		} 
		else 
		{
		$_SESSION['loggedin'] == false;
		header("Location: index.php");
		}
		}
	}
}
?>
<br>
Please login...
<br>
<br>
<form action='<?php echo $_SEVER['PHP_SELF']; ?>' name='login_user' id='login_user' method='post'>
<table>
<tr>
Username: 
<center><input type='text' name='username' id='username'></center>
</tr>
<tr>
Password: 
<center><input type='password' name='password' id='password'></center>
</tr>
<tr>
<center><input type='submit' value='login' name='login_this_user' id='login_this_user'></center>
</tr>
</table>
</form>
</div>
<?php
};
if($_SESSION['loggedin'] == '1')
{
?>
<div id="login">
<?php 
if($login_user == "Dave")
{
	print "Welcome <b>Admin</b><br>";
}
else
{
	print "Welcome <b>$login_user</b><br>";
}
?>
</div>
<?php
};
?>


</div>

<div id="content">

<div id="navigation">

<a href="index.php">
<img src="/images/Home.gif">
</a>
<a href="logout.php">
<img src="/images/Logout.gif">
</a>
<a href="createtopic.php">
<img src="/images/Msg.gif">
</a>
<a href="admin.php">
<img src="/images/Admin.gif">
</a>
<a href="memberlist.php">
<img src="/images/Memberlist.gif">
</a>
</div>
<?php


if($_SESSION['loggedin'] == false)
{
?>
<div id="signup">
<?php
if($_POST['signup_this_user'])
{
	function forbidden_chars($age_chars)
	{
		$a = array();
		$a[] = "a";
		$a[] = "b";
		$a[] = "c";
		$a[] = "d";
		$a[] = "e";
		$a[] = "f";
		$a[] = "g";
		$a[] = "h";
		$a[] = "i";
		$a[] = "j";
		$a[] = "k";
		$a[] = "l";
		$a[] = "m";
		$a[] = "n";
		$a[] = "m";
		$a[] = "o";
		$a[] = "p";
		$a[] = "q";
		$a[] = "r";
		$a[] = "s";
		$a[] = "t";
		$a[] = "u";
		$a[] = "v";
		$a[] = "w";
		$a[] = "x";
		$a[] = "y";
		$a[] = "z";
		$a[] = "A";
		$a[] = "B";
		$a[] = "C";
		$a[] = "D";
		$a[] = "E";
		$a[] = "F";
		$a[] = "G";
		$a[] = "H";
		$a[] = "I";
		$a[] = "J";
		$a[] = "K";
		$a[] = "L";
		$a[] = "M";
		$a[] = "N";
		$a[] = "O";
		$a[] = "P";
		$a[] = "Q";
		$a[] = "R";
		$a[] = "S";
		$a[] = "T";
		$a[] = "U";
		$a[] = "V";
		$a[] = "W";
		$a[] = "X";
		$a[] = "Y";
		$a[] = "Z";
		$replace = "Age must be an integre, not a character. <br>";
		return str_replace($a, $replace, $age_chars);
	}
	
	$check_username = array();
	
	$username = mysql_real_escape_string(stripslashes($_POST['signup_username']));
	$password = mysql_real_escape_string(stripslashes($_POST['signup_password']));
	$pass_conf = mysql_real_escape_string(stripslashes($_POST['pass_conf']));
	
	$email = mysql_real_escape_string(stripslashes($_POST['signup_email']));
	$email_conf = mysql_real_escape_string(stripslashes($_POST['email_conf']));
	
	$age = $_POST['age'];
	$interests = mysql_real_escape_string(stripslashes($_POST['interests']));
	$about = mysql_real_escape_string(stripslashes($_POST['about_you']));
	
	$uname_length = strlen($username);
	$pword_length = strlen($password);
	
	$inter_length = strlen($interests);
	$a_length = strlen($about);
	
	$age_length = strlen($age);
	
	if($username == NULL || $password == NULL || $pass_conf == NULL || $email == NULL || $email_conf == NULL || $age == NULL || $interests == NULL || $about == NULL)
	{
		print "You must fill in the required fields in order to signup. <br>";
	}
	else if($password != $pass_conf)
	{
		print "You must enter corresponding passwords. <br>";
	}
	else if($email != $email_conf)
	{
		print "You must enter corresponding emails. <br>";
	}
	else if(in_array(forbidden_chars, $age))
	{
		print "Age must be an int, not a char. <br>";
	}
	else if($uname_length > 10)
	{
		print "Username must be less than 10 characters. <br>";
	}
	else if($p_length > 10)
	{
		print "Password must be less than 10 characters. <br>";
	}
	else if($age_length > 3)
	{
		print "You cannot possibly be up to a 1000 years of age can you?<br>";
	}
	else if($a_length > 200)
	{
		print "You must shorten your 'about you' length to a character length below 200. <br>";
	}
	else if($inter_length > 200)
	{
		print "You must shorten your 'interests' length to a character length below 200. <br>";
	}
	else
	{
		$insert_user = mysql_query("INSERT INTO Registered_users (Username, Age, Password, Email, About, Interests) VALUES ('$username', '$age', '$password', '$email', '$about', '$interests')");
	}
	if(!$insert_user)
	{
		print "Error 1015: Cannot transmit queries to database the selected table <br>";
	}
	else
	{
		print "Thank you <b>$username</b> for signing up to GTD!<br> Have fun posting!<br>";
	}
}
?>
<form action="index.php" id="signup_user" method="post">
Please signup if you haven't.  Benefits include; the ability to view posts, topics; the ability to gain access to downloads, downloads include; music, games, films, software and more; the ability to also post discussions and replies to current dicussions, as well as images and videos.  You can also contribute to the community by adding website links to the web archive located within the archive section.  
<br>
<br>
<center>
<table>
<tr>Username: <input type="text" name="signup_username" id="signup_username"></tr>
<tr>Password: <input type="text" name="signup_password" id="signup_password"></tr>
<tr>Password confirmation: <input type="text" name="pass_conf" id="pass_conf"></tr>
<tr>Email: <input type="text" name="signup_email" id="signup_email"></tr>
<tr>Email confirmation: <input type="text" name="email_conf" id="email_conf"></tr>
<tr>Age: <input type="text" name="age" id="age"></tr>
<tr>Interests: <input type="text" name="interests" id="interests"></tr>
<tr>About you: <input type="text" name="about_you" id="about_you"></tr>
<tr><input type="submit" value="Signup" name="signup_this_user" id="signup_this_user"></tr>
</table>
</center>
</form>
</div>
<?php
};
?>
<?php
if($_SESSION['loggedin'] == '1')
{
	?>
	<div id="signup">
	Welcome <b><?php print "$login_user"; ?></b><br>
	</div>
	<?php
};
?>
</div>
<?php
}
?>
</body>


</html>


It logs me in because the address bar displays the hyperlink I requested for a successful login session. However, it still displays the login and signup forms when it should be displaying welcome messages. I'm not sure about where I've gone wrong here :confused:

Is This A Good Question/Topic? 0
  • +

Replies To: PHP login form issues

#2 no2pencil  Icon User is offline

  • Admiral Fancy Pants
  • member icon

Reputation: 5364
  • View blog
  • Posts: 27,325
  • Joined: 10-May 07

Re: PHP login form issues

Posted 26 June 2008 - 08:04 PM

Can you print your session variables & assure that $_SESSION['loggedin'] is getting set before you do your conditional testing on it?

<?php
session_start();
Print_r ($_SESSION);
.... html code ...
if($_SESSION['loggedin'] == false)
{ ... }
?>


Was This Post Helpful? 0
  • +
  • -

#3 JBrace1990  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 110
  • View blog
  • Posts: 760
  • Joined: 09-March 08

Re: PHP login form issues

Posted 26 June 2008 - 09:43 PM

ok, I found the problem.... it's in this section of code, and i'll explain it to you:
if($_POST['login_this_user'])
{
    if($login_user == NULL || $login_pass == NULL)
    {
        print "You must enter a username and/or password before logging in. <br><br>";
    }
    else
    {
        print "Logging in as <b>$login_user</b>... <br><br>";
        
        $q = "SELECT * FROM `Registered_users` WHERE `Username`='$login_user' AND `Password`='$login_pass'";
        $result = mysql_query($q);
        if(!$result)
        {
            print "Error: <br>";
        }
        else
        {
        $check = 0;

        while($line = mysql_fetch_assoc($result)) {
         $check++;
        }
        if($check == 1)
        {
        $_SESSION['loggedin'] == '1';
        setcookie("randomusername", "$login_user", time()+3600);
        header("location: index.php?login=1&user=username&id=user");
        }
        else
        {
        $_SESSION['loggedin'] == false;
        header("Location: index.php");
        }
        }
    }
}
?>
<br>
Please login...
<br>
<br>
<form action='<?php echo $_SEVER['PHP_SELF']; ?>' name='login_user' id='login_user' method='post'>
<table>
<tr>
Username:
<center><input type='text' name='username' id='username'></center>
</tr>
<tr>
Password:
<center><input type='password' name='password' id='password'></center>
</tr>
<tr>
<center><input type='submit' value='login' name='login_this_user' id='login_this_user'></center>
</tr>
</table>
</form>
</div>
<?php
};


now, your login form is outside the if, but it's not in an else... by keeping it there, as long as ($_SESSION['loggedin'] == false), it will display the table with the form... to fix it, just add an else statement going around the form =)
Was This Post Helpful? 0
  • +
  • -

#4 Martyr2  Icon User is offline

  • Programming Theoretician
  • member icon

Reputation: 4361
  • View blog
  • Posts: 12,180
  • Joined: 18-April 07

Re: PHP login form issues

Posted 26 June 2008 - 10:29 PM

Another note to add is that you are attempting to assign a value to a session variable using a double equal sign like $_SESSION['loggedin'] == '1'; Remember that double equal sign is a relational operator. As in, it is used for comparing. So your statement there is saying does the session variable "loggedin" equal 1. It will return true or false, not assign 1 to the session variable.

You do this for $_SESSION['loggedin'] == false; as well. Again you are comparing here, not assigning the value.

If you are confused, read up on the double equal sign relational operator versus the single assignment operator.

:)
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1