Login In script quesitons

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have a log in script that is not working.  It is taken from a lesson book 
that I read about a year or so ago so the lessons are not fresh in my mind.

My questions are.

1. Why is this not working?
2. Does is look secure?
3. In researching the issue, I was reading some older threads that it was a 
better idea to use some commercial ready made scripts.  Are there any 
recommendations?

Here is the code to the script I am trying to get to work.  I get no error 
message, however if it will not log me in with a correct un/pw or if I leave 
it blank, I get the same message and it allows the next page to be viewed 
(which I do not want).  DB is set up with data in it.

Login Page:

<?php

  // Start the session
  session_start();
  ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>xxx- Log In</title>
  <link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
  <h3>xxx- Log In</h3>

<?php
  // If the session var is empty, show any error message and the log-in 
form; otherwise confirm the log-in
  if (empty($_SESSION['username'])) {
    echo '<p class="error">' . $error_msg . '</p>';
?>

  <form method="post" action="story.php">
    <fieldset>
      <legend>Log In</legend>
      <label for="username">Username:</label>
      <input type="text" name="username" value="<?php if (!empty($username)) 
echo $username; ?>" /><br />
      <label for="password">Password:</label>
      <input type="password" name="password" />
    </fieldset>
    <input type="submit" value="Log In" name="submit" />
  </form>

<?php
  }
  else {
    // Confirm the successful log-in
    echo('<p class="login">You are logged in as ' . $_SESSION['username'] . 
'.</p>');
  }
?>

</body>
</html>

Processing page:

<?php


  // Start the session
  session_start();

  // Clear the error message
 $error_msg = "";

  // If the user isn't logged in, try to log them in
  if (!isset($_SESSION['username'])) {
    if (isset($_POST['submit'])) {
      // Connect to the database
      $dbc = mysqli_connect(host, 'un', 'pw', 'db')//sanitized for board
or die('Error connecting with MySQL Database');

      // Grab the user-entered log-in data
      $username = mysqli_real_escape_string($dbc, trim($_POST['username']));
      $password = mysqli_real_escape_string($dbc, trim($_POST['password']));

      if (!empty($username) && !empty($password)) {
        // Look up the username and password in the database
        $query = "SELECT username, password FROM family WHERE username = 
'$username' AND password = SHA('password')";
        $data = mysqli_query($dbc, $query)or die(mysqli_error($dbc));

        if (mysqli_num_rows($data) == 1) {
          // The log-in is OK so set the user ID and username session vars 
(and cookies), and redirect to the home page
          $row = mysqli_fetch_array($data);

          $_SESSION['username'] = $row['username'];

          setcookie('username', $row['username'], time() + (60 * 60 * 24 * 
30));  // expires in 30 days
          $home_url = 'http://' . $_SERVER['HTTP_HOST'] . 
dirname($_SERVER['PHP_SELF']) . '/index.php';
          header('Location: ' . $home_url);
        }
        else {
          // The username/password are incorrect so set an error message
          $error_msg = 'Sorry, you must enter a valid username and password 
to log in.';
        }
      }
      else {
        // The username/password weren't entered so set an error message
        $error_msg = 'Sorry, you must enter your username and password to 
log in.';
      }
    }
  }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";><!-- InstanceBegin 
template="/Templates/blindowl.dwt.php" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<!-- InstanceBeginEditable name="doctitle" -->
<title>xxx</title>
<!-- InstanceEndEditable -->
<style type="text/css">

</style>
<link href="p7pmm/p7PMMh03.css" rel="stylesheet" type="text/css" media="all" 
/>
<script type="text/javascript" src="p7pmm/p7PMMscripts.js"></script>
<script src="Scripts/AC_RunActiveContent.js" 
type="text/javascript"></script>
<link href="xxx.css" rel="stylesheet" type="text/css" />
<!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable -->
</head>

<body>
<div id="wrap">

<div id="header">
<div id="headercontent"></div>
</div>
<div id="menu">
  <?php include('includes/menu.inc.php');?>
</div>


<div id="mainwrap"><!-- InstanceBeginEditable name="main" -->


<?php
  // If the session var is empty, show any error message and the log-in 
form; otherwise confirm the log-in
  if (empty($_SESSION['username'])) {
    echo '<p class="error">' . $error_msg . '</p>';
?>

<?php
  }
  else {
    // Confirm the successful log-in
    echo('<p class="login">You are logged in as ' . $_SESSION['username'] . 
'.</p>');
  }
?>
Story//text to let me know if the page opened
<!-- InstanceEndEditable --></div>
<div id="footer"><?php include('includes/footer.inc.php');?></div>
</div>


</body>
<!-- InstanceEnd --></html>



__________ Information from ESET Smart Security, version of virus signature database 5265 (20100709) __________

The message was checked by ESET Smart Security.

http://www.eset.com





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux