Zymic Webmaster Forums > Login Trouble

Zymic Webmaster Forums > Web Design & Development > Server Side Scripting > PHP

jackosticks

Oct 17 2009, 12:22 PM

Hello, I am in the process of coding a user login, and have run into a bump. I have everything nearly working, but an undefined variable of $username fucks things up :S. So, I ask of you, to analyse my code (I will go into very explicit detail) and help me define the root of this problem, and smooth this crease out (Thanks in advance ^^,)
OK, here are my codes:

config.php

CODE

<?php
$server = "localhost";    // server to connect to.
$database = "mydatabasename";    // the name of the database.
$db_user = "myusername";    // mysql username to access the database with.
$db_pass = "mypassword";    // mysql password to access the database with.
?>

index.php

CODE

<?php if (!isset($_COOKIE['loggedin'])) die("You are not logged in!
log in <a href='log.php'>here</a> or, <a href='signup.php'>sign-up</a>");
$mysite_username = $HTTP_COOKIE_VARS["mysite_username"];
echo "you are logged in as $mysite_username.";
?>

log.php

CODE

<form action="login.php" method="post">
Username: <input type="text" name="username" size="20"><br>
Password: <input type="password" name="password" size="20"><br>
<input type="submit" value="Log In">
</form>
OR <a href=signup.php>Sign-up</a>

CODE

<?php

include("config.php");

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

$match = "select id from $table where username = '".$_POST['username']."'
and password = '".$_POST['password']."';";

$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);

if ($num_rows <= 0) {
echo "Sorry, there is no username with the specified password.<br>";
echo "<a href=log.php>Try again</a>";
echo "OR <a href=signup.php>Sign-up</a>";
exit;
} else {

setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "$username");
echo "You are now logged in!<br>";
echo "Continue to the <a href=members.php>members</a> section.";
}
?>

signup.php

CODE

<form action="register.php" method="post">
Desired username: <input type="text" name="username" size="20"><br>
Desired password: <input type="password" name="password" size="20"><br>
<input type="submit" value="Sign Up">
</form>

CODE

<?php

include("config.php");

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

// check if the username is taken
$check = "select id from $table where username = '".$_POST['username']."';";
$qry = mysql_query($check) or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);
if ($num_rows != 0) {
echo "Sorry, there the username is already taken.<br>";
echo "<a href=register.html>Try again</a>";
exit;
} else {

// insert the data
$insert = mysql_query("insert into $table values ('NULL', '".$_POST['username']."',
'".$_POST['password']."')")
or die("Could not insert data because ".mysql_error());

// print a success message
echo "Your user account has been created!<br>";
echo "Now you can <a href=log.php>log in</a>";
}

?>

Click to view attachment
index.php

The home page

Click to view attachment
signup.php

signing up

Click to view attachment
register.php

account creation works, and is succesful

Click to view attachment
Proof that account creation works

Click to view attachment
log.php

Attemting login...

Click to view attachment
login.php

This is where the issues start happening

Click to view attachment
index.php

homepage, where it does not correctly show that i have logged in

ERROR MESSAGES (in text, from image 6, login.php):Warning: Cannot modify header information - headers already sent by (output started at /www/zxq.net/j/a/c/jacksonbradshaw/htdocs/login.php:12) in /www/zxq.net/j/a/c/jacksonbradshaw/htdocs/login.php on line 39

Notice: Undefined variable: username in /www/zxq.net/j/a/c/jacksonbradshaw/htdocs/login.php on line 40

Warning: Cannot modify header information - headers already sent by (output started at /www/zxq.net/j/a/c/jacksonbradshaw/htdocs/login.php:12) in /www/zxq.net/j/a/c/jacksonbradshaw/htdocs/login.php on line 40

Zone

Oct 17 2009, 09:03 PM

looks like you didn't set $username = $_POST['username'] before setting the cookie value in login.php .....

QUOTE(jackosticks @ Oct 17 2009, 12:22 PM)

CODE

index.php

CODE

log.php

CODE

<?php
include("config.php");

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

$match = "select id from $table where username = '".$_POST['username']."'
and password = '".$_POST['password']."';";

$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);

if ($num_rows <= 0) {
echo "Sorry, there is no username with the specified password.<br>";
echo "<a href=log.php>Try again</a>";
echo "OR <a href=signup.php>Sign-up</a>";
exit;
} else {

setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "$username");
echo "You are now logged in!<br>";
echo "Continue to the <a href=members.php>members</a> section.";
}
?>

signup.php

CODE

<?php

include("config.php");

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());

// check if the username is taken
$check = "select id from $table where username = '".$_POST['username']."';";
$qry = mysql_query($check) or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);
if ($num_rows != 0) {
echo "Sorry, there the username is already taken.<br>";
echo "<a href=register.html>Try again</a>";
exit;
} else {

// insert the data
$insert = mysql_query("insert into $table values ('NULL', '".$_POST['username']."',
'".$_POST['password']."')")
or die("Could not insert data because ".mysql_error());

// print a success message
echo "Your user account has been created!<br>";
echo "Now you can <a href=log.php>log in</a>";
}

?>

Click to view attachment
index.php

The home page

Click to view attachment
signup.php

signing up

Click to view attachment
register.php

account creation works, and is succesful

Click to view attachment
Proof that account creation works

Click to view attachment
log.php

Attemting login...

Click to view attachment
login.php

This is where the issues start happening

Click to view attachment
index.php

homepage, where it does not correctly show that i have logged in
ERROR MESSAGES (in text, from image 6, login.php):Warning: Cannot modify header information - headers already sent by (output started at /www/zxq.net/j/a/c/jacksonbradshaw/htdocs/login.php:12) in /www/zxq.net/j/a/c/jacksonbradshaw/htdocs/login.php on line 39

Notice: Undefined variable: username in /www/zxq.net/j/a/c/jacksonbradshaw/htdocs/login.php on line 40

Warning: Cannot modify header information - headers already sent by (output started at /www/zxq.net/j/a/c/jacksonbradshaw/htdocs/login.php:12) in /www/zxq.net/j/a/c/jacksonbradshaw/htdocs/login.php on line 40

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.