php login script error

**Jochen Daum** · Jul 17 '05, 04:55 AM

Re: php login script error

Hi,

looks great. Does it fulfill any requirements, ie. any error messages
not showing up ;-)

HTH, Jochen

P.S.: What is the error message?

On 21 Apr 2004 19:16:33 -0700, kmfa18@hotmail. com (koolyio) wrote:
[color=blue]
>Hey, could you please tell me what is wrong with my login script. I
>just started learning php.
>CODE:
>
>login.php
>
><?
>session_start( );
>header("Cach e-Control: private");
>?>
>
><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>
><html>
><head>
><title>Pleas e Login</title>
></head>
><body>
><form action="script. php" method="get">
><table summary="Login Table">
><tr>
><td>username :</td>
><td><input type="text" name="login"></td>
></tr>
><tr>
><td>password :</td>
><td><input type="password" name="pass"></td>
></tr>
><tr>
><td><input type="submit" value="login"></td>
></tr>
></table>
>
></body>
></html>
>
>script.php
>
><?
>session_start( ); //start session
>header("Cach e-Control: private");
>if (!$_GET["login"] || !$_GET["login"])
>{
>print<<<END
>I'm sorry, but your not logged in or there was an error logging you
>in. Please<br>
><a href="login.php ">go here</a> to try again. Sorry for any
>inconvieninc e.
>END;
>}
>else
>{
>//register session variable: 'login' and 'pass'
>$_SESSION["login"] = $_GET["login"];
>$_SESSION["pass"] = $_GET["pass"];
>if ($_SESSION["login"] == "Koolyio" && $_SESSION["pass"] == "wow")
>//if credentials are true
>{
>$_SESSION["access"] = true;
>}
>else
>{
>$_SESSION["access"] = false;
>}
>}
>if ($_SESSION["access"] == true)
>{
>print<<<END
><html>
><script language="JavaS cript" type="text/javascript">
>
></script>
><noscript>Sorr y, but your browser doesn't support JavaScript, ergo you
>cannot
>login</noscript></html>
>END;
>}
>else
>{
>print<<<END;
>I'm sorry, but one or more of the credentials you supplied were
>incorrect. Please
>try to login again <a href="login.php ">here</a>.
>END;
>?>
>
>
>logout.php
>
><?
>session_start( ); //start session
>header("Cach e-Control: private");
>if ($_SESSION["access"] == true)
>{
>$_SESSION = array();
>session_destro y();
>print("<a href=/"login.php/">log in</a>
>}
>?>
>
>
>main.php
>
><?
>session_start( ); //start session
>header("Cach e-Control: private");
>if ($_SESSION["access"] == true)
>{
>print<<<END
>
><html>
><head>
><title>Membe rs Only</title>
></head>
><body>
>You have succesfully logged in. You can now <a href="logout.ph p">log
>out</a>
></body>
></html>
>END;
>}
>else
>{
>print<<<END
>Sorry, You have not logged in correctly. Please try again <a
>href="login.ph p">here</a>.
>END;
>}
>?>[/color]

--
Jochen Daum - Cabletalk Group Ltd.
PHP DB Edit Toolkit -- PHP scripts for building
database editing interfaces.

PHP DB Edit Toolkit

http://sourceforge.net/projects/phpdbedittk/

Download PHP DB Edit Toolkit for free. PHP DB Edit Toolkit is a set of PHP classes makes the generation of database edit interfaces easier and faster. The main class builds tabular and form views based on a data dictionary and takes over handling of insert/update/delete and user input.

**Geoff Berrow** · Jul 17 '05, 04:55 AM

Re: php login script error

I noticed that Message-ID:
<5929c25b.04042 11816.72b2e5a@p osting.google.c om> from koolyio contained
the following:
[color=blue]
>if (!$_GET["login"] || !$_GET["login"])[/color]
if (!$_GET["login"] || !$_GET["pass"])
[color=blue]
>{
>print<<<END
>I'm sorry, but your not logged in or there was an error logging you[/color]
you're
[color=blue]
>in. Please<br>
><a href="login.php ">go here</a> to try again. Sorry for any
>inconvieninc e.[/color]
inconvenience

Got fed up after this because I don't know what I'm looking for.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

**Garp** · Jul 17 '05, 04:56 AM

Re: php login script error

"koolyio" <kmfa18@hotmail .com> wrote in message
news:5929c25b.0 404211816.72b2e 5a@posting.goog le.com...[color=blue]
> Hey, could you please tell me what is wrong with my login script. I
> just started learning php.
> CODE:
>
> login.php
>
> <?
> session_start() ;
> header("Cache-Control: private");
> ?>
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>
> <html>
> <head>
> <title>Please Login</title>
> </head>
> <body>
> <form action="script. php" method="get">
> <table summary="Login Table">
> <tr>
> <td>username: </td>
> <td><input type="text" name="login"></td>
> </tr>
> <tr>
> <td>password: </td>
> <td><input type="password" name="pass"></td>
> </tr>
> <tr>
> <td><input type="submit" value="login"></td>
> </tr>
> </table>
>
> </body>
> </html>
>
> script.php
>
> <?
> session_start() ; //start session
> header("Cache-Control: private");
> if (!$_GET["login"] || !$_GET["login"])
> {
> print<<<END
> I'm sorry, but your not logged in or there was an error logging you[/color]

"you're".
[color=blue]
> in. Please<br>
> <a href="login.php ">go here</a> to try again. Sorry for any
> inconvienince.
> END;
> }
> else
> {
> //register session variable: 'login' and 'pass'
> $_SESSION["login"] = $_GET["login"];
> $_SESSION["pass"] = $_GET["pass"];
> if ($_SESSION["login"] == "Koolyio" && $_SESSION["pass"] == "wow")[/color]

I'm hoping that, one day, this goes to a database or something with md5()'d
passwords. 8)
[color=blue]
> //if credentials are true
> {
> $_SESSION["access"] = true;
> }
> else
> {
> $_SESSION["access"] = false;
> }
> }
> if ($_SESSION["access"] == true)
> {
> print<<<END
> <html>
> <script language="JavaS cript" type="text/javascript">
> 
> </script>
> <noscript>Sorry , but your browser doesn't support JavaScript, ergo you
> cannot
> login</noscript></html>
> END;
> }
> else
> {
> print<<<END;[/color]

Semicolon is wrong here - heredoc not only doesn't require them, it breaks
it. But you know that, because you got it right elsewhere.
[color=blue]
> I'm sorry, but one or more of the credentials you supplied were
> incorrect. Please
> try to login again <a href="login.php ">here</a>.
> END;[/color]

Missing } here.
[color=blue]
> ?>
>
>
> logout.php
>
> <?
> session_start() ; //start session
> header("Cache-Control: private");
> if ($_SESSION["access"] == true)
> {
> $_SESSION = array();
> session_destroy ();
> print("<a href=/"login.php/">log in</a>[/color]

Aside from the lack of a closing quote, bracket and semi-colon, /" is wrong,
use \" to escape double quotes. Better still, put your quoted string in
single quotes and use the unescaped version (since you don't have any
variable substitution in there).
[color=blue]
> }
> ?>
>
>
> main.php
>
> <?
> session_start() ; //start session
> header("Cache-Control: private");
> if ($_SESSION["access"] == true)
> {
> print<<<END
>
> <html>
> <head>
> <title>Member s Only</title>
> </head>
> <body>
> You have succesfully logged in. You can now <a href="logout.ph p">log
> out</a>
> </body>
> </html>
> END;
> }
> else
> {
> print<<<END
> Sorry, You have not logged in correctly. Please try again <a
> href="login.php ">here</a>.
> END;
> }
> ?>[/color]

See embedded comments. I'm sure there's more than I found, but I got it
working at least.

For forms, use method="POST" unless you want your username and password of
your failed attempts appearing in your browser's address history. Then use
$_POST instead of $_GET (or better yet, $_REQUEST).

Otherwise, nice first attempt, and I'm pleased you produced a simple example
(no functions or classes, globals that aren't superglobals, databases, etc)
to reduce the problem set.

Garp

php login script error

php login script error

Comment

Comment

Comment