login issue

Butch · May 3, 2012, 12:19pm

How do I find where the code dies and returns a no good message on sign in?

[php]<?php
if ($_POST[‘email’]) {

//Connect to the database through our include 
include_once "connect_to_mysql.php";
$email = $_POST['email'];

$pass = $_POST[‘pass’];
$remember = $_POST[‘remember’]; // Added for the remember me feature
$email = strip_tags($email);
$pass = strip_tags($pass);
$email = mysql_real_escape_string($email);
$pass = mysql_real_escape_string($pass);

$pass = md5($password);
// Make query 

$sql = mysql_query("SELECT * FROM memberFiles WHERE email='$email' AND password='$pass' AND email_activated='1'");

$login_check = mysql_num_rows($sql);

if($login_check > 0){

while($row = mysql_fetch_array($sql)){ 

    $id = $row["id"];   
    session_register('id'); 
    $_SESSION['id'] = $id;
   
    $firstname = $row["firstname"];   
    session_register('firstname'); 
    $_SESSION['firstname'] = $username;
   
    $email = $row["email"];   
    session_register('email'); 
    $_SESSION['email'] = $email;
     
    mysql_query("UPDATE memberFiles SET last_log_date=now() WHERE id='$id'"); 
      
} // close while

// Remember Me Section Addition... if member has chosen to be remembered in the system
if($remember == "yes"){
  setcookie("idCookie", $id, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
  setcookie("firstnameCookie", $firstname, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
  setcookie("emailCookie", $email, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
  setcookie("passCookie", $pass, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
}	
$my_msg = "all_good";
print "return_msg=$my_msg&id=$id&firstname=$firstname";

} else {
$my_msg = “no_good”;
print “return_msg=$my_msg”;
exit();
}

}// close if post
?>[/php]

Any suggestions would be appreciated.

benanamen · May 3, 2012, 5:41pm

Assuming your code works just change the following

[php]$my_msg = “no_good”;
print “return_msg=$my_msg”;
[/php]

TO

[php]
echo “no_good”;
[/php]

ErnieAlex · May 3, 2012, 6:42pm

Butch, this code is similar to the other we are working with. (Or, the same.)
Depending on what you want to do, usually you would not say anything in this code, but, instead,
send the user to another page. If they succeed logging in, they would be sent to your live site.
And, maybe you might display near the top a “Welcome back, username!” type of message.
If they fail logging in there are a couple of ways to handle it. I like to use a new page that says
something like “Your user name and password did not match our database. Here are some hints
to try again…” and, give them a few pointers about capitals and caps-lock, etc. And, a second
copy of the login page. Another way would be to just display a message as is currently in your code
and supply a link back to the first log-in page. For that, something like this would be good:
Instead of this:
}
$my_msg = “all_good”;
print “return_msg=$my_msg&id=$id&firstname=$firstname”;
} else {
$my_msg = “no_good”;
print “return_msg=$my_msg”;
exit();
}
use more details like this:
[php]
}
// User is logged in, now switch to the live site…
header(“Location: home.php”); // This would be the next page, I used home.php as sample
} else {
echo “

”; //just to make it easier to read…
echo “Your email address or password did not match our records!”;
echo “If you wish to try again click on the link below:”;
echo “

Press here to return to login!”;
}
[/php]
So, with that code, when it succeeds, it just goes to the home page (whatever name you used.) and if it fails, they get a message that says try again with a link back to the login… I think that would work nice!
So, hopefully that is what you were asking… Good luck. If you get it to work, let us know…

Dee · May 3, 2012, 7:00pm

I’m not sure yet. I copied and pasted

[php]}

$my_msg = “all_good”;
print “return_msg=$my_msg&id=$id&firstname=$firstname”;
} else {
$my_msg = “no_good”;
print “return_msg=$my_msg”;
exit();
}

[/php] with this:[php]
}
// User is logged in, now switch to the live site…
header(“Location: home.php”); // This would be the next page, I used home.php as sample
} else {
echo “

”; //just to make it easier to read…
echo “Your email address or password did not match our records!”;
echo “If you wish to try again click on the link below:”;
echo “

Press here to return to login!”;
}
[/php]Dreamweaver says I have a syntax error in;

echo “

Press here to return to login!”;

But i’m not sure what the error is.

ErnieAlex · May 3, 2012, 7:05pm

I’m so sorry, helping too many people and typing from memory quickly always gets me in trouble!

I will explain the error so you know for the future… When you echo/print something, the outside of the
text is usually single or double quotes. Inside the text if you want something quoted, you must use the
opposite of the ones you use on the outside or you have to use the escape character “/”.
So, this is the correct line. Sorry again…
[php]
echo ‘

Press here to return to login!’;
[/php]
Either change the outside quotes or the ones inside… And, don’t forget to change login.php to your page.
The login.php and home.php were just my samples…

Dee · May 3, 2012, 7:12pm

We’re making progress! Now it tells me my username or password is incorrect and sends me back to the login. They’re in the database so I’m confused again.

benanamen · May 3, 2012, 7:17pm

Ernie, the escape is a backslash () not a forward slash as you have stated. Also, using single quotes will not allow you to use the newline character which will make for some sloppy/hard reading of html when you view a page source. It will also not allow you to parse any variables if you are using them in the string.

ErnieAlex · May 3, 2012, 7:28pm

Well, do you want help debugging it? Basically there are two ways. Just echo stuff and compare the data manually. The other is to add error checking code to each section of your log in code to check for each part and display the correct error for each.

But, my quick guess is that it is the MD5 encoding of the password. That is a likely place to start.
You can echo the user name, password and MD5 version of the password and then compare them manually
to the real values in the database. One must be wrong! If not, we can look further at your code for an error.

Oh, so, is Dee and Butch the same person? Just curious why two names are posting on the code… LOL…

Dee · May 3, 2012, 7:32pm

Yes please help me debug it and yes it is the same person. I’m feeling lost and didn’t know if I could get help from more people by posting that way. (I know you’re busy as all get out!) So if I understand what you’re saying, use error checking to see if it’s the md5 hash pass?

ErnieAlex · May 3, 2012, 8:16pm

Yes, double-posting if frowned upon… LOL… But, since we are here…

Well, error-checking and debugging are two different things!

Debugging is just adding a bunch of echo’s in your code to show you what the data is that you are using.
It can be done anywhere as needed. For your project, I posted how to do this below…

Error checking is actually placing code inside your routines to give better error checking, tracking and of
course reporting. This would alter your code wherever you test for items. First, you would have to change
your code so that if your user/password query fails, it does more queries to locate which part fails.
So, let’s say, if the user/password failed to validate, you would query to see if the user id is valid. If not,
you would report so to the user and ask them if they spelled it correctly. Or perhaps ask them a secret
question or validate their email address, whatever… If the user id is valid, then a second query would
handle the password and allow resetting it thru an email to the user. As you see this is more work and it
changes your code. (Perhaps for the better!)

So, for now, lets just DEBUG it! If you add some lines right after this line in your code:

while($row = mysql_fetch_array($sql)){

And, add these lines, it will display all of the important parts of the query. Then, you can review them
and you will know what is not working… Try it and let us know what happens…

[php]

echo “In database: email=***” . $row[‘email’] . “***
”;
echo “In database: password=***” . $row[‘password’] . “***
”;
echo “In database: email_activated=***” . $row[‘email_activated’] . “***

”;

echo “User typed email(before edits)=***” . $_POST[‘email’] . “***
”;
echo “User typed email=***” . $email . “***
”;
echo “User typed password(before MD5)=***” . $_POST[‘pass’] . “***
”;
die “User typed password=***” . $pass . “***”;

[/php]
So, that is step one. You will see the email and pass that you typed in AND after editting. And, you will see what is saved in the database. Note that I added stars on each side of each. This is so you can see if any spaces exist in the fields. Spaces and CAPS are VERY important! Then, look at each pair including the before/after editting or MD5 and see what is going on. Then, you will understand where the error lies!

I hope this makes sense to you and hope it shows up your error! Good luck!

Dee · May 3, 2012, 10:00pm

Please accept my apology EA, you’re the only one I’ve run into so far and I meant no harm. Well, while I was waiting, I ran the script with the error checking and discovered this:

Notice: Undefined index: pass in /home/content/53/8957353/html/login.php on line 11

Notice: Undefined index: remember in /home/content/53/8957353/html/login.php on line 12

Notice: Undefined variable: password in /home/content/53/8957353/html/login.php on line 18

I haven’t run your fix just yet because I wasn’t at what point it should go. I do wonder though, does this mean the script can’t access the variables from the database? They’re all there.

ErnieAlex · May 3, 2012, 10:15pm

Well, it is saying that it is NOT seeing those fields in the table. So, If you want to repost that login-page so that we can count the lines and see the ones you showed errors for, we can help easier.

I do know you had that part working at one point. But, something could have changed. The only way we can see the error is to see the code. Sorry, didn’t mean to sound grouchy. I just mean, I do not know which lines are 11, 12, and 18… Normally when you post a list of errors, please show those lines.

As far as the error, it says in the DATABASE you opened and the TABLE you connected to, those fields are not found. So, the first two say the “index” is bad, so those are not found in the TABLE. The 3rd says the variable was not set up previously.

Best is to repost that page. ( login.php ) And, if your connection info is in it, do not post your userid or pass, just *** them out…

Dee · May 3, 2012, 10:32pm

Don’t worry about sounding or being grouchy, I used to umpire Little League. They have ATTITUDE! As far as the page goes, let’s start with what I did. After you helped me the other night, I still had errors I couldn’t figure out so I did what any idiot does, I started over! I went back to a source file and copied and pasted and all that jazz, I even went back to the tutorial (Adam Khoury, Web Intersect, yadda yadda yadda) I originally learned this part from. That’s when I discovered how dumb I am; Adam did this tutorial in Flash with Action Script 3.0, NOT php. He switched out that part in the source files but never did a follow up on what the differences and changes were. Plus the tuts are more than two years old so I have no way to know what’s deprecated or any of that. Because he started the tutorials that way, I’m still filling in the gaps. But I feel good for less than 90 days.

This is the code for the login.php. page.
[php]<?php

if ($_POST[‘email’]) {

  ini_set('display_errors',1);

error_reporting(E_ALL);

//Connect to the database through our include 
include_once "connect_to_mysql.php";
$email = $_POST['email'];

$pass = $_POST[‘pass’];
$remember = $_POST[‘remember’]; // Added for the remember me feature

$email = strip_tags($email);
$pass = strip_tags($pass);
$email = mysql_real_escape_string($email);
$pass = mysql_real_escape_string($pass);

$pass = md5($password);
// Make query 

$sql = mysql_query("SELECT * FROM memberFiles WHERE email='$email' AND password='$pass' AND email_activated='1'");

$login_check = mysql_num_rows($sql);

if($login_check > 0){

while($row = mysql_fetch_array($sql)){ 

    $id = $row["id"];   
    session_register('id'); 
    $_SESSION['id'] = $id;
   
    $username = $row["username"];   
    session_register('username'); 
    $_SESSION['username'] = $username;
   
    $email = $row["email"];   
    session_register('email'); 
    $_SESSION['email'] = $email;
     
    mysql_query("UPDATE memberFiles SET last_log_date=now() WHERE id='$id'"); 
      
} // close while

// Remember Me Section Addition... if member has chosen to be remembered in the system
if($remember == "yes"){
  setcookie("idCookie", $id, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
  setcookie("usernameCookie", $username, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
  setcookie("emailCookie", $email, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
  setcookie("passCookie", $pass, time()+60*24*60*60, "/"); // 60 days; 24 hours; 60 mins; 60secs
    }
// User is logged in, now switch to the live site...
header("Location: home.php");   // This would be the next page, I used home.php as sample

} else {
echo “

”; //just to make it easier to read…
echo “Your email address or password did not match our records!”;
echo “If you wish to try again click on the link below:”;

echo ‘

Press here to return to login!’;

}

}// close if post
?>

Login to your profile

Log in to your account here

Email Address:
Password:

[/php]

ErnieAlex · May 3, 2012, 10:52pm

Okay, i am looking at your code now. But, just for your own knowledge, here are two very very helpful sites that talk about connecting to a database, error checking, etc. The first one is general knowledge and has instructions on ALL PHP subjects one the left side. The second is a tutorial on creating a login page and handling the results. I am just giving your these for additional ideas to help your project.
http://www.w3schools.com/php/php_mysql_connect.asp
http://www.phpeasystep.com/phptu/6.html

Now, on to those errors…

Ignore the error on 18, that one is due to the error on 11…

So, 11 and 12 are looking for your information that you passed to this page from the HTML FORM page that is calling the login.php file. I am guessing that you are attempting to run the login.php file from itself and not calling it from your index.html file or whatever page is calling the login.php file.

Normally, when a user types in your site, such as, www.dee.com, it starts in the index.html file. This file is usually just a simple HTML file that contains a for which has fields such as userid and password. It also has a tag that contains action clause. Such as …some fields such as text fields for userid and password…a submit button…… Just in general. Then, once the user press the submit button they are sent to the login.php file. In this file the PHP code pulls the values of the userid and password and does it’s thing with them… Validating them in the database…

Soooooo, your PHP code inside of login.php is not being called from the “FORM” in the HTML page…
Just means these are false errors and you just forgot to call this page from a form. Did you get all that?

Hope that makes sense and good luck …

Dee · May 3, 2012, 11:21pm

Questions, questions…does that mean echo or print the register.php page and is that directly after the md5 hash pass?

ErnieAlex · May 3, 2012, 11:27pm

Did you read my last post?

Your errors are saying that the page could not find the fields in the html form.

Did you call this page from a form or did you just type in it directly in the browser address bar?

Dee · May 3, 2012, 11:58pm

See this is where it all gets confusing. The entire sight, including random members, about, index and register page use html and php. When I filled out my html form on the register page, the information went into the database. I’m trying to understand exactly where I am supposed to echo or print the html form information from since it went into the database. From my understanding of the code, this sounds like the problem is in the register.php file.

Dee · May 4, 2012, 12:04am

P.S. I tried calling this from the login page itself and from the login link in the header.

ErnieAlex · May 4, 2012, 1:03am

Dee,
So, you have a website. www.yourdomain.com …

When a user goes there, you have a page that comes up, usually called index.html …

In this page, there is an option that says login or register …

Next, if they select register, then it goes to your register.php and handles that.
If they select login, it goes to login.php which is what we have been dealing with.

So, when inside the index.html and the user has typed in his email and password, they are fields inside of a form and they are passed to the login.php when the user presses the submit button. Inside the login.php,
the email and password is pulled using $_POST[‘name-of-field’] …

And, if you go directly to www.yourdomain.com/login.php , then you will not have any fields filled in and
the code will bomb out.

So, the last is what I think is happening. Correct?

Dee · May 4, 2012, 1:55am

While it does have html, the index is a php file.

When you go to the index.php page there are links in the header to either register or login. You’re right, if you want to register it takes you to the register.php page.

If you press the log in link, it will take you to the login.php page which is a form to enter your email address and password. When I type my information into the login form, that’s when the errors start.

So it sounds like you’re saying the login.php page is not pulling and posting the variables to log me in. How do I check that?