Solved

Login Page Problem. Only submits entered info when incorrect.

Posted on 2004-10-16
4
199 Views
Last Modified: 2008-02-26
Hi,

The problem is:
When I try to login with the correct username and password it displays the login form and says that the username and password wasn't received. (it should start a session and redirect me to another page (set using GET))

But if I try to login in with the correct username and incorrect password it says that it received the username and password then tells me that the password is incorrect. (this is what it should do).

<?php
require('header.php');
$Page_Title = "BCS Admin Login";

if (isset($_GET['page'])) {
      $page = $_GET['page'];
} else {
      $page = "admintools";
}

if (isset($_POST['Uname'])) {
      $Uname = $_POST['Uname'];
      echo "username received by post<br />";
} else {
      $Uname = "";
      echo "username not received<br />";
}

if (isset($_POST['passw'])) {
      $passw1 = $_POST['passw'];
      echo "password received by post<br />";
} else {
      $passw1 = "";
      echo "password not received<br />";
}

//Database Connection Settings (hidden for question)
$Host = "****";
$DBUser = "****";
$DBPass = "****";
$DBName = "****";
$UserTable = "****";
$ToolsTable = "****";
$Link = mysql_connect($Host, $DBUser, $DBPass) or die("<center><b><font color='#ff0000'>Sorry there was a connecting to the database.</font></b></center>");

//Receive info about the page wanted
if ($page <> "admintools") {
      $ToolsQuery = "SELECT * FROM $ToolsTable WHERE(loginmode = '$page')";
      $ToolsResult = mysql_db_query($DBName, $ToolsQuery, $Link) or die("<center><font color='#ff0000'>Sorry there was a problem receiving the links from the database.</font></center><br />Problem:<br />" . mysql_error());
      while ($ToolRow = mysql_fetch_array($ToolsResult)) {
            $alloweduser = $ToolRow['allowed_user'];
            $link = $ToolRow['link'];
      }
} else {
      $link = "admin.php";
}

//Check Login is correct & redirect or display login form or error message
if (($Uname > "") AND ($passw1 > "")) {
      $epassw1 = md5($passw1);
      $UserQuery = "SELECT * FROM $UserTable WHERE(user = '$Uname')";
      $UserResult = mysql_db_query($DBName, $UserQuery, $Link) or die("<center><font color='#ff0000'>Invalid Username.</font><br /><a href='login.php?page=$page'>Try Again</a>");
      while ($Row = mysql_fetch_array($UserResult) or die(mysql_error())) {
            if (($Row['usertype'] == $alloweduser) OR ($Row['usertype'] == "admin")) {
                  $passw2 = $Row['pass'];
                  if ($passw2 == $epassw1) {
                        session_start();
                        $_SESSION["usern"] = $Uname;
                        header("Location:$link") or die(header_error());
                        die;
                  } else {
                        $badatt = $Row['bad_attempts'];
                        $badatt_Query = "UPDATE $UserTable SET bad_attempts = '$badatt' WHERE(id = '$Row[id]')";
                        echo "<center><font color='#ff0000'>Invalid Password.<br />This attempt has been logged!</font><br /><a href='login.php?page=$page'>Try Again</a>";
                  }
            } else {
                  echo "<center><font color='#ff0000'>Sorry you do not have permission to use this page.<br />Contact your system administrator or the head of BCS School Intranet for more help.</font></center>";
            }
      }
} else {
      if (($Uname == "") AND ($passw1 > "")) {
            echo "<form name='adminlogin' method='post' action='login.php?page=$page'><table border='0'><tr><th colspan='2'>Admin Login</th></tr><tr><td colspan='2'><font color='#ff0000'>You must enter your username.</font></td></tr><tr><td>Username:</td><td><input type='text' name='Uname'></td></tr><tr><td>Password:</td><td><input type='password' name='passw'></td></tr><tr><td colspan='2'><input type='submit' name='submit' value='Login'></td></tr></table></form>";
      } elseif (($Uname > "") AND ($passw1 == "")) {
            echo "<form name='adminlogin' method='post' action='login.php?page=$page'><table border='0'><tr><th colspan='2'>Admin Login</th></tr><tr><td colspan='2'><font color='#ff0000'>You must enter your password.</font></td></tr><tr><td>Username:</td><td><input type='text' name='Uname'></td></tr><tr><td>Password:</td><td><input type='password' name='passw'></td></tr><tr><td colspan='2'><input type='submit' name='submit' value='Login'></td></tr></table></form>";
      } else {
            echo "<form name='adminlogin' method='post' action='login.php?page=$page'><table border='0'><tr><th colspan='2'>Admin Login</th></tr><tr><td colspan='2'>&nbsp;</td></tr><tr><td>Username:</td><td><input type='text' name='Uname'></td></tr><tr><td>Password:</td><td><input type='password' name='passw'></td></tr><tr><td colspan='2'><input type='submit' name='submit' value='Login'></td></tr></table></form>";
      }
}
require('footer.php');
?>

Thanks In Advance
mms_master
0
Comment
Question by:mms_master
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 12

Expert Comment

by:minichicken
ID: 12328702
Can you post the array value of $_POST and $_GET using

print_r ($_POST);
print_r ($_GET);

in your page. thanks.....
0
 
LVL 12

Accepted Solution

by:
minichicken earned 50 total points
ID: 12328734
Use print_r ($_POST); and print_r ($_GET); to see if your form values are passed correctly from your HTML login form.....
What form method are you using? How do you manage to use both POST and GET?

Did you use something like this as your HTML form?

<form name = "form1" method ="POST" action = "login.php?page=my_page.php">

If you submit a form like this you will get both POST and GET vars.
0
 
LVL 5

Author Comment

by:mms_master
ID: 12328809
Sorry, I just managed to figure out what was wrong, and it turns out that it is submitting the information. Infact the whole thing works lol.

The problem I had is that this site is being made by a team of friends. The login system was just updated from a single user login to a multi user login (thats why I made this login script). I thought that another team member had allready updated the secure pages to work with the multi user login but it turns out that he hasn't. So when I thought that it wasn't sending the information it turns out that it all worked, sent me to a secure page then that page sent me back thinking that I hadn't logged in. Because I was sent back to login it then said that no information had been submitted. I was redirected so fast that I didn't notcie.

sorry for wasting your time.
Because you tried to help, I will give you the points anyway.

Thanks
mms_master
0
 
LVL 12

Expert Comment

by:minichicken
ID: 12328924
lol
Thanks :)
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question