Login Keeps Looping?

knight0fkh0nshu · February 19, 2013, 2:33am

I’m completely new to php/MySQL. I’ve been reading Learning PHP, MySQL, JavaScript, & CSS By Robin Nixion (O’Reilly publication) and I’ve been following the examples and all has been going well up until now. For those with the book I’m stuck on Example 12-4.

My problem is that when I type in the username and password and hit ‘login’ it takes me right back to the ‘login’ screen again. I’ve went over the code and checked for any errors and have found none (to my knowledge). I’m using the most recent version of Zend Server if that helps at all? On the server error reports it keeps pointing to line 3.

[php]<?php //authenticate.php
require_once ‘login.php’;
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to MySQL : " . mysql_error());
mysql_select_db($db_database)
or die("Unable to select database: " . mysql_error());

if (isset($_SERVER['PHP_AUTH_USER']) &&
    isset($_SERVER['PHP_AUTH_PW']))

{
$un_temp = mysql_entities_fix_string($_SERVER[‘PHP_AUTH_USER’]);
$pw_temp = mysql_entities_fix_string($_SERVER[‘PHP_AUTH_PW’]);

$query = "SELECT * FROM users WHERE username='$un_temp'";
$result = mysql_query($query);
if (!$result) die("Database access failed: " . mysql_error());
elseif (mysql_num_rows($result))
{
	$row = mysql_fetch_row($result);
	$salt1 = "qm&h*";
	$salt2 = "pg!@";
	$token = md5("$salt$pw_temp$salt2");
	
	if ($token == $row[3])
	{
		session_start();
		$_SESSION['username'] = $un_temp;
		$_SESSION['password'] = $pw_temp;
		$_SESSION['forename'] = $row[0];
		$_SESSION['surname']  = $row[1];
		echo "$row[0] $row[1] : Hi $row[0],
			you are now logged in as '$row[2]'";
		die ("<p><a href=continue.php>Click here to continue</a></p>");
		}
		else die("Invalid username/password combination");
		
	}
	else die("Invalid username/password combination");

}
else
{
header(‘WWW-Authenticate: Basic realm=“Restricted Section”’);
header(‘HTTP/1.0 401 Unauthorized’);
die (“Please enter your username and password”);
}

function mysql_entities_fix_string($string)
{
	return htmlentities(mysql_fix_string($string));
}

function mysql_fix_string($string)
{
	if (get_magic_quotes_gpc()) $string = striplashes($string);
	return mysql_real_escape_string($string);
}

?>[/php]

richei · February 19, 2013, 5:32am

Why did they tell you to use $_SERVER[‘PHP_AUTH_USER’]? i don’t see any user input being used.

knight0fkh0nshu · February 20, 2013, 1:13am

Like I said, I’m new at this…so I’m kinda just following what the book tells me to do. From what I can tell, it’s trying to show me how to get users to properly login for a session in (through ‘login.php’ I assume). I hope this helps?

m11 · February 20, 2013, 1:46am

What is in login.php?

knight0fkh0nshu · February 20, 2013, 1:52am

[php]<?php // login.php
$db_hostname = ‘localhost’;
$db_database = ‘publications’;
$db_username = ‘joshua’;
$db_password = ‘password’;
?>[/php]

But what the script is trying to do is to get me logged in as one of two identities from my Publications database on table “users”.

This is the script it had me use to make the users:

[php]<?php // setupusers.php
require_once ‘login.php’;
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to MySQL: " . mysql_error());
mysql_select_db($db_database)
or die("Unable to select database: " . mysql_error());

$query = “CREATE TABLE users (
forename VARCHAR(32) NOT NULL,
surname VARCHAR(32) NOT NULL,
username VARCHAR(32) NOT NULL UNIQUE,
password VARCHAR(32) NOT NULL
)”;

$result = mysql_query($query);
if (!$result) die ("Database access failed: " . mysql_error());

$salt1 = “qm&h*”;
$salt2 = “pg!@”;

$forename = ‘Bill’;
$surname = ‘Smith’;
$username = ‘bsmith’;
$password = ‘mysecret’;
$token = md5("$salt1$password$salt2");
add_user($forename, $surname, $username, $token);

$forename = ‘Pauline’;
$surname = ‘Jones’;
$username = ‘pjones’;
$password = ‘acrobat’;
$token = md5("$salt1$password$salt2");
add_user($forename, $surname, $username, $token);

function add_user($fn, $sn, $un, $pw)
{
$query = “INSERT INTO users VALUES(’$fn’, ‘$sn’, ‘$un’, ‘$pw’)”;
$result = mysql_query($query);
if (!$result) die ("Database access failed: " . mysql_error());
}
?>[/php]

m11 · February 20, 2013, 2:12am

Well I don’t see where you are checking the session?

On successful login the session data is set here:

[php]
$_SESSION[‘username’] = $un_temp;
$_SESSION[‘password’] = $pw_temp;
$_SESSION[‘forename’] = $row[0];
$_SESSION[‘surname’] = $row[1];
[/php]

Storing this data is unnecessary but the point is that you never check to see if the session values exist before doing the login. That’s why it loops.

For example:

[php]
session_start(); // session_start should always be at the top

if (isset($_SESSION[‘username’])) {
// user is already logged in
}
else {
// do login
}
[/php]

knight0fkh0nshu · February 20, 2013, 2:54am

I tried inserting that into my file and it still didn’t work. Oh well, lol. Thanks for responding though!

m11 · February 20, 2013, 2:59am

How did you insert it? This is just a logic example it’s not intended to do anything.

[php]

<?php //authenticate.php session_start(); // session_start should always be at the top if (isset($_SESSION['username'])) { echo "Logged In."; } // do login else { require_once 'login.php'; $db_server = mysql_connect($db_hostname, $db_username, $db_password); if (!$db_server) die("Unable to connect to MySQL : " . mysql_error()); mysql_select_db($db_database) or die("Unable to select database: " . mysql_error()); if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { $un_temp = mysql_entities_fix_string($_SERVER['PHP_AUTH_USER']); $pw_temp = mysql_entities_fix_string($_SERVER['PHP_AUTH_PW']); $query = "SELECT * FROM users WHERE username='$un_temp'"; $result = mysql_query($query); if (!$result) die("Database access failed: " . mysql_error()); elseif (mysql_num_rows($result)) { $row = mysql_fetch_row($result); $salt1 = "qm&h*"; $salt2 = "pg!@"; $token = md5("$salt$pw_temp$salt2"); if ($token == $row[3]) { //session_start(); $_SESSION['username'] = $un_temp; $_SESSION['password'] = $pw_temp; $_SESSION['forename'] = $row[0]; $_SESSION['surname'] = $row[1]; echo "$row[0] $row[1] : Hi $row[0], you are now logged in as '$row[2]'"; die ("

Click here to continue

"); } else die("Invalid username/password combination"); } else die("Invalid username/password combination"); } else { header('WWW-Authenticate: Basic realm="Restricted Section"'); header('HTTP/1.0 401 Unauthorized'); die ("Please enter your username and password"); } function mysql_entities_fix_string($string) { return htmlentities(mysql_fix_string($string)); } function mysql_fix_string($string) { if (get_magic_quotes_gpc()) $string = striplashes($string); return mysql_real_escape_string($string); } } ?>

[/php]