php mysql authentication problem! help

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • dalsoth
    New Member
    • Jul 2006
    • 1
    #1

    php mysql authentication problem! help

    Hi Guys

    I have created a website and to makes things easier i decided to use dreamweaver to do the secure login section and access levels for the pages.

    When testing locally on wamp my website works perfectly. On internet though, the pages that don't require a user to log in i can search my job database perfectly and see the results so the connection to the database is fine.

    When i try to log in though i just get a user is unauthorised error because for some reason its not getting the info from the right database or the right table on the database or the connection is not right im not sure. I have emailed my support and they say they can't see an error with the connection dbusername dbpass dbname and suggest its a problem with my code somewhere.

    It works perfectly on my local machine though arghhh!! Below is some of the code from the wizard.php page that was created in the /connections folder by dreamweaver. It all looks correct to me.

    $[PHP] hostname_Wizard = "mysqlservernam e";

    $database_Wizar d = "mydatabasename ";

    $username_Wizar d = "mysqlusername" ;

    $password_Wizar d = "mysqlpassword" ;

    $Wizard = mysql_pconnect( $hostname_Wizar d, $username_Wizar d, $password_Wizar d) or trigger_error(m ysql_error(),E_ USER_ERROR);

    Below is code from the page where the user will log in located above the head tag.

    <?php require_once('C onnections/Wizard.php'); ?>

    <?php

    //initialize the session

    session_start() ;



    // ** Logout the current user. **

    $logoutAction = $ SERVER['PHP_SELF']."?doLogout=tru e";

    if ((isset( $ SERVER['QUERY_STRING'])) && ( $ SERVER['QUERY_STRING'] != "")){

    $logoutAction .="&". htmlentities( $ SERVER['QUERY_STRING']);

    }



    if ((isset( $ GET['doLogout'])) &&( $ GET['doLogout']=="true")){

    //to fully log out a visitor we need to clear the session varialbles

    session_unregis ter('MM_Usernam e');

    session_unregis ter('MM_UserGro up');



    $logoutGoTo = "stafflogin.php ";

    if ($logoutGoTo) {

    header("Locatio n: $logoutGoTo");

    exit;

    }

    }

    ?>

    <?php

    // *** Validate request to login to this site.

    if (!isset( $ SESSION)) {

    session_start() ;

    }



    $loginFormActio n = $ SERVER['PHP_SELF'];

    if (isset( $ GET['accesscheck'])) {

    $ SESSION['PrevUrl'] = $ GET['accesscheck'];

    }



    if (isset( $ POST['username2'])) {

    $loginUsername= $ POST['username2'];

    $password= $ POST['password2'];

    $MM_fldUserAuth orization = "accessleve l";

    $MM_redirectLog inSuccess = "securestaff.ph p";

    $MM_redirectLog inFailed = "unauthorised.p hp";

    $MM_redirecttoR eferrer = true;

    mysql_select_db ($database_Wiza rd, $Wizard);



    $LoginRS__query =sprintf("SELEC T name, pass, accesslevel FROM staff WHERE name='%s' AND pass='%s'",

    get_magic_quote s_gpc() ? $loginUsername : addslashes($log inUsername), get_magic_quote s_gpc() ? $password : addslashes($pas sword));



    $LoginRS = mysql_query($Lo ginRS__query, $Wizard) or die(mysql_error ());

    $loginFoundUser = mysql_num_rows( $LoginRS);

    if ($loginFoundUse r) {



    $loginStrGroup = mysql_result($L oginRS,0,'acces slevel');



    //declare two session variables and assign them

    $ SESSION['MM_Username'] = $loginUsername;

    $ SESSION['MM_UserGroup'] = $loginStrGroup;



    if (isset( $ SESSION['PrevUrl']) && true) {

    $MM_redirectLog inSuccess = $ SESSION['PrevUrl'];

    }

    header("Locatio n: " . $MM_redirectLog inSuccess );

    }

    else {

    header("Locatio n: ". $MM_redirectLog inFailed );

    }

    }

    ?>

    [/PHP]

    Below is code from the body of the page at the login boxes.



    [HTML] <form action="<?php echo $loginFormActio n; ?>" method="POST">

    <table width="271" border="0" cellspacing="2" cellpadding="1" >

    <tr>

    <td width="96" bgcolor="#EAEAE A"><label>Usern ame:</label></td>

    <td width="120"><in put type="text" name="username2 " size="20" /></td>

    <td width="41">&nbs p;</td>

    </tr>

    <tr>

    <td bgcolor="#EAEAE A"><label>Passw ord: </label></td>

    <td><input type="password" name="password2 " size="20" /></td>

    <td>&nbsp;</td>

    </tr>

    <tr>

    <td bgcolor="#EAEAE A">Log In:</td>

    <td><input type="submit" value=" Log In " /></td>

    <td>&nbsp;</td>

    </tr>

    </table>

    </form>

    [/HTML]

    Below is some code from the page that works it all out.



    [PHP] <?php

    //initialize the session

    session_start() ;



    // ** Logout the current user. **

    $logoutAction = $ SERVER['PHP_SELF']."?doLogout=tru e";

    if ((isset( $ SERVER['QUERY_STRING'])) && ( $ SERVER['QUERY_STRING'] != "")){

    $logoutAction .="&". htmlentities( $ SERVER['QUERY_STRING']);

    }



    if ((isset( $ GET['doLogout'])) &&( $ GET['doLogout']=="true")){

    //to fully log out a visitor we need to clear the session varialbles

    session_unregis ter('MM_Usernam e');

    session_unregis ter('MM_UserGro up');



    $logoutGoTo = "index.php" ;

    if ($logoutGoTo) {

    header("Locatio n: $logoutGoTo");

    exit;

    }

    }

    ?>

    <?php

    session_start() ;

    $MM_authorizedU sers = "administrator" ;

    $MM_donotChecka ccess = "true";



    // *** Restrict Access To Page: Grant or deny access to this page

    function isAuthorized($s trUsers, $strGroups, $UserName, $UserGroup) {

    // For security, start by assuming the visitor is NOT authorized.

    $isValid = False;



    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.

    // Therefore, we know that a user is NOT logged in if that Session variable is blank.

    if (!empty($UserNa me)) {

    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.

    // Parse the strings into arrays.

    $arrUsers = Explode(",", $strUsers);

    $arrGroups = Explode(",", $strGroups);

    if (in_array($User Name, $arrUsers)) {

    $isValid = true;

    }

    // Or, you may restrict access to only certain users based on their username.

    if (in_array($User Group, $arrGroups)) {

    $isValid = true;

    }

    if (($strUsers == "") && true) {

    $isValid = true;

    }

    }

    return $isValid;

    }



    $MM_restrictGoT o = "unauthorised.p hp";

    if (!((isset( $ SESSION['MM_Username'])) && (isAuthorized(" ",$MM_authorize dUsers, $ SESSION['MM_Username'], $ SESSION['MM_UserGroup'])))) {

    $MM_qsChar = "?";

    $MM_referrer = $ SERVER['PHP_SELF'];

    if (strpos($MM_res trictGoTo, "?")) $MM_qsChar = "&";

    if (isset($QUERY_S TRING) && strlen($QUERY_S TRING) > 0)

    $MM_referrer .= "?" . $QUERY_STRING;

    $MM_restrictGoT o = $MM_restrictGoT o. $MM_qsChar . "accesschec k=" . urlencode($MM_r eferrer);

    header("Locatio n: ". $MM_restrictGoT o);

    exit;

    }

    ?>

    [/PHP] I know its a big ask but i would really appreciate some php gurus help here as im stuck because it all works perfectly on my local wampserver but not on the net.



    Regards



    Joseph
    Last edited by Niheel; Jul 2 '06, 02:36 PM.
    Tags: None
    • ronverdonk
      Recognized Expert Specialist
      • Jul 2006
      • 4259
      #2
      Before going through this bunch of code, have you ever traced the content of the important variables during processing, such as $LoginRS__query (contains the actual query with username and password) and the results from that query.

      That must at least give you an answer to your hunch that the query is wrong or that the incorrect data base is used.

      Ronald :cool:

        Comment

        • bevort
          New Member
          • Jul 2006
          • 53
          #3
          I ran into a same kind of problem when having to reinstall my local developing machine. The code that worked before and still works on the net does noet work anymore. I found my solution in checking the PHP.INI file (working on a windows server) and the Apache server. Check your settings on your local machine and set them to your net server then you have the same area to develop in as your online site.

          Major differances can be found in PHP.ini when using registor_global s are set on or off. the same goes for the session.save_pa th.

          Changing your local setting may force you to rebuild parts of your code but you will be certain that the code will work on both servers now.

          I also see 2 session_start() statements in your last page. This will generate 2 sessioncookies on the server. The code will work with the last and store variables in this one but the server will work with the 1st one. So going to another page and using session_start your browser will point to an empty session witn no login information.

          Another this is to keep things together. Keep only those part thah have to do with ligon in its own script and the logout parts in another. Afterwords put duplicate code into includefiles. This makes your files readable and maintainable even after several years.

          Vincent

            Comment

            Previous template Next
            Working...