Login Script not working. Please Help. All info given.

Beginners - Learning PHP
#1
<?php session_start() ?> <?php require("includes/connection.php"); ?> <?php require("includes/functions.php"); ?> <?php require("includes/header.php"); ?> <?php include_once("includes/form_functions.php"); if (isset($_POST['submit'])) { $username = trim(mysql_prep($_POST['username'])); $password = trim(mysql_prep($_POST['password'])); $hashed_password = sha1($password); if(empty($username) || empty($password)){ echo "You did not enter the required fields."; redirect_to("login-error.php"); if($username == 0 || $password == 0 ){ echo "You entered an invalid array of characters."; redirect_to("login-error.php"); if(strlen($username) > 16 || strlen($password) > 14) { echo "You must enter a username less than 16 characters or enter a password less than 14 characters."; } } } $query = "SELECT * FROM users WHERE username = '{$username}' AND hashed_password = '{$hashed_password})'"; $result = mysql_query($query, $db_connect); if($result) { if(mysql_num_rows($result) == 1){ session_regenerate_id(); $_SESSION['user_id'] = md5($_POST['id']); $_SESSION['username'] = $username; session_write_close(); redirect_to("index.php"); } } else { die("Login failed." . mysql_error() //if there is a mysql error ); } }//end submit ?> <?php require("includes/footer.php"); ?> 
                   functions.php

function mysql_prep($value) {
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists( “mysql_real_escape_string” );
if($new_enough_php){
if( $magic_quotes_active) { $value = stripslashes( $value ); }
$value = mysql_real_escape_string( $value );
} else {
if (!$magic_quotes_active) {$value = addslashes ( $value ); }
}
return $value;
} //this is the function that is used with “trim(mysql_prep($_POST[‘username’])”

function redirect_to ( $location ){
if($location != NULL) {
header(“Location: {$location}”);
exit;
}
}

          Versions

MYSQL: 5.5.16
PHP: 5.3.8
APACHE: 2.2.21

          Comments

I used the header.php and footer.php for holding html of the page for css design and the footer closes the database connection (if it is set), as connection.php, opens it. Its not that this script is not logging me in, its failing to redirect me to “index.php”, through my “redirect_to($location)” function which has worked for me, which is an indication that the login was successful. It does create a PHPSESSID im just wondering if this is a good login script. I’ve been researching login scripts and picked functions from each that I thought would work well for me and also I have put into use strlen to make sure that the $username or $password isnt > than the value set. Am I doing everything right, using these functions right? Seems like it to me but I need to know from all the experts or professionals out there or if you have any input about improvements I can make as well. I thank you and thank you all for this forum and the help that you give us. If you are confused I am wondering if anything looks like it won’t work the way it is intended? I have made 3 versions of a login script and it is just working funny like not redirecting me to “index.php”.

Thank you all for your time and this helpful php community.

#2

Why are you using <?php for every line at the start? u could simply do:

<?php 
session_start() 
require("includes/connection.php"); 
require("includes/functions.php"); 
require("includes/header.php");
#3

Thank you for the reply, it was just a choice, but I’ve figured it out. I used a $query that returned an array then used mysql_fetch_array() and used:

if($array[‘username’] == $username && $array[‘hashed_password’] == $hashed_password){
//login user
}

I was making the mistake of using a assignment operator “=” instead of a comparison operator “==” to validate the username and password.

---->If anyone has any other tips, please give them to me. Thank you very much.

#4

Common mistake. I’ve fallen for it plenty of times.

Sponsor our Newsletter | Privacy Policy | Terms of Service