Advertisement

06.09.2008 at 07:39PM PDT, ID: 23471121 | Points: 500
[x]
Attachment Details

Why isn't my login system working?

Asked by Abyssmal in Web Languages/Standards, PHP Scripting Language, PHP and Databases

Tags: PHP

For whatever reason, i can't get my login system to work.  i figure it has something to do with cookies or whatnot. yes i know that this code leaves me open to injection attacks & my password isn't hashed, but this is just for testing it at the moment (and i've got no idea how to protect against injections)

in any case, this is my code

if(isset($_COOKIE['ID_my_site']))
{
      if ('ID_my_site')
      //if there is, it logs you in and directes you to the members page
      {
            $username = $_COOKIE['ID_my_site'];
            $pass = $_COOKIE['Key_my_site'];
            
            $check = mysql_query("SELECT * FROM users WHERE username = '$username'");
                        
            while($info = mysql_fetch_array( $check ))
            {
                  if ($pass != $info['password'])
                  {
                        echo("wrong password");
                  }
            }
      }
}
//IF FORM HAS BEEN SUBMITTED
if (isset($_POST['submit']))
{
      if(!$_POST['username'] | !$_POST['pass'])
      {
            //die('You did not fill in a required field.');
      }

      $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

      $check2 = mysql_num_rows($check);
      if ($check2 == 0)
      {
            die('check2 is zero!!!<a href=index.php><br> Try again</a>');
      }

      while($info = mysql_fetch_array( $check ))
      {
            $_POST['pass'] = stripslashes($_POST['pass']);
            $info['password'] = stripslashes($info['password']);            
            $_POST['pass'] = ($_POST['pass']);
            
            //gives error if the password is wrong
            if ($_POST['pass'] != $info['password'])
            {
                  //die('Incorrect password, please try again.');
                  die('password wrong 2!!!<a href=index.php><br>Try again</a>');
            }
      
            else
            {
                  // if login is ok then we add a cookie
                  ob_start();
                  $username = stripslashes($_POST['username']);
                  $pass = stripslashes($_POST['pass']);
                  $hour = time() + 3600;
                  setcookie('ID_my_site', $username, $hour,"/db/","www.prospect-select.com",false);
                  setcookie('Key_my_site', $pass, $hour,"/db/","www.prospect-select.com",false);
                  header("Location: index.php");
                  ob_end_flush();                  
      }
            

      }
}
//IF USER HASN'T SUBMITTED FORM
else
{
      //just displays a login form, which when submitted runs through the checking at the top of the code snippet
}

this is the login check placed on every page

ob_start();
include ("config.php");

if(isset($_COOKIE['ID_my_site']))
{
      $username = $_COOKIE['ID_my_site'];
      $pass = $_COOKIE['Key_my_site'];
      $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
      while($info = mysql_fetch_array( $check ))
      {
            if ($pass != $info['password'])
            {
                  header("Location: login.php");
            }
      }
}

else
{
      header("Location: login.php");
}

ob_end_clean();

problem here is that i'll login using a valid password, and it won't log me in, i'm 99% sure theres a problem setting cookies

thanks in advanceStart Free Trial
 
Keywords: Why isn't my login system working?
Title
1 Stripslashes Syntax
2 If isset..
3 Error in mysql_fetch_assoc() in lin…
4 isset function just like in php
5 PHP MySQL Login
6 can't see any errors when I run the c…
 
Loading Advertisement...
 
[+][-]06.09.2008 at 08:21PM PDT, ID: 21748252

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.09.2008 at 08:30PM PDT, ID: 21748288

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.09.2008 at 10:22PM PDT, ID: 21748647

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.10.2008 at 12:04AM PDT, ID: 21749020

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]06.10.2008 at 02:32PM PDT, ID: 21755283

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.10.2008 at 03:49PM PDT, ID: 21755707

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628