TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   Absolute Beginners (http://www.talkphp.com/absolute-beginners/)
-   -   Admin Login? (http://www.talkphp.com/absolute-beginners/4427-admin-login.html)

Randy 05-24-2009 06:16 AM
Admin Login?
 
Alright so working on a new project since i finished my other one and im trying some new concepts with this one. but it seems to not be working.

for some reason It wont read my database and log me in.

PHP Code:
<?php

/**
* @version        1.0
* @package        RemixCMS
* @copyright    Copyright (C) 2009 RemixCMS. All rights reserved.
* @license        GNU/GPL, see LICENSE.php
* RemixCMS is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*/

    require('../inc/configuration.php');
    
    //start the session
session_start();
 
//log user in ---------------------------------------------------
function login($user$pass){
 
   //get data from form  
   $user trim($_POST['user']);
   $pass trim($_POST['pass']);
 
   //strip all tags from variable   
   $user strip_tags($user);
   $pass strip_tags($pass);
 
   // escape all data in variables to prevent mysql injection   
  $user mysql_real_escape_string($user);
  $pass mysql_real_escape_string($pass);
 
  $pass md5($pass);
 
   // check if the user id and password combination exist in database
   $sql "SELECT username FROM user WHERE username = '$user' AND password = '$pass'";
   $result mysql_query($sql) or die('Query failed. ' mysql_error());
 
   if (mysql_num_rows($result) == 1) {
      // the username and password match,
      // set the session      
 
       //get the memberID from database
      $getid mysql_query("SELECT * FROM user WHERE username = '$user'");
      while($row mysql_fetch_object($getid)){
 
      //assign memberID to a variable
      $memberID $row->ID;      
 
      //set the session     
      $_SESSION['isloggedin'] = $memberID;
      }
 
      // reload the page
     header('Location: '.$_SERVER['HTTP_REFERER']);
      exit;
   } else {
   //make error message avalible outside of function
    global  $errorMessage;
 
    // define an error message
    $errorMessage 'Uh Oh! It appears your username and/or password was incorrect.';
   }
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title>RemixCMS - Administrator Login</title>
    <link href="css/login.css" rel="stylesheet" type="text/css" />
</head>
<body>

<div id="wrapper">

    <div id="logo"><span>RemixCMS Administrative Login</span></div>

<?php
if (!isset($_SESSION['isloggedin'])){
?>
    
    <div id="login">
        <div id="login_banner"><span>Administrative Login</span></div>
    
         <form action="#" method="POST" id="login_form" name="login">
            <label>Username:
            <input class="login_info" type="text" name="username" id="username" type="text" />
            </label>
            <label>Password:
            <input class="login_info" type="password" name="password" id="password" type="text" />
            </label>
            <span id="forgot"><a href="#">forgot password?</a></span>
            <input id="login_button" type="submit" name="slogin" value="" />
        </form>
    
        <div id="lock"><span>Secured</span></div>
        
    </div>
    
    <div id="footer">
        <div id="copyright">
            Copyright 2009 <a href="#">RemixCMS</a>.
        </div>
    </div>
    
    
<?php
}
if (isset($_POST['slogin'])){
login($user$pass);
}
 
//if login failed
if (isset($errorMessage)) { 
        echo "<div class=\"warning\"><img src='images/noaccess.png' class='xicon' /><span class='warningtext'>$errorMessage</span></div>\n";
        }
?>
</div>

</body>
</html>
it keeps giving my error message.

allworknoplay 05-24-2009 02:50 PM
You could try putting the MD5 within the query itself, I don't know if that will help. It might be worth a try. If you do try that, make sure you comment out the line earlier where you use MD5 on the password variable.
PHP Code:
$sql "SELECT username FROM user WHERE username = '$user' AND password = MD5($pass)"
Also, you don't have to make 2 calls to the DB when checking a user's existence and their user_id.

In your original query, just add the user ID column to your SELECT statement. That way, when it is valid you can just get the ID. You don't need that WHILE loop in there...

Randy 05-24-2009 07:01 PM
aha! i got it :D was a simple mistake:

the code was calling to post user and pass from the form, where the actual form i called them username and password.

Also i will look into doing what you suggested.


All times are GMT. The time now is 01:26 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0