PHP login script isnt working, passes variables back to page then does nothing

Question

I'm learning PHP and am having issues getting the following code to work properly. Basically the login page displays correctly, and without errors and the variables appear to be assigned correctly, but upon page reload I just get the same login form, it appears the data has either not been passed and is therefore not being acted upon.

I've looked at the code over and over again and even tried a different method (produced same result!) so it'd be lovely if someone helpful could spend a minute and point me in the right direction.

One thing that might be an issue is my server is running 5.3.9 and the book I'm working from is PHP5 so maybe some of the function I'm calling have been deprecated. Which would be a pain...

    <?php 
include_once "common_db.inc";
$register_script = "register.php";

if (!isset ($userid)) {
    login_form();
    exit;
} else {
    session_start();
    session_register ("userid", "userpassword");
    $username = auth_user ($_POST['userid'], $_POST['userpassword']);

    if (!$username) {
        $PHP_SELF = $_SERVER['PHP_SELF'];
        session_unregister ("userid");
        session_unregister ("userpassword");
        echo "Failed to authorize. " .
                "Enter a valid DX number and password." . 
                "Click the link below to try again.<br>\n";
        echo "<a href=\"$PHP_SELF\">login</a><br>";
        echo "Click the following link to register<br>\n";
        echo "<a href=\"$register_script\">Register</a>";
        exit;
    } else {
        echo "Welcome, $username!";
    }
}

function login_form() 
    {
        global $PHP_SELF;
?>

<form method="post" action="<?php echo "$PHP_SELF"; ?>">
    <div align="center"><center>
        <h3>Please login to use the page you requested</h3>
        <table width="200" cellpadding="5">
            <tr>
            <th width="18%" align="right" nowrap>id</th>
            <td width="82%" nowrap>
                <input type="text" name="userid" />
            </td>
            </tr>
            <tr>
            <th width="18%" align="right" nowrap>password</th>
            <td width="82%" nowrap>
                <input type="password" name="userpassword" />
            </td>
            </tr>
            <tr>
            <td colspan="2" width="100%" nowrap>
                <input type="submit" value="login" name="Submit" />
            </td>
            </tr>
            </table>
            </center>
            </div>
</form>

<?php
    }
    function auth_user($userid, $userpassword)
    {
        global $dbname, $user_tablename;
        $link_id = db_connect($dbname);
        $query = "SELECT DXNumber FROM $user_tablename WHERE DXNumber = '$userid'
                                  AND userpassword = password ('$userpassword')";
        $result = mysql_query ($query);

        if (!mysql_num_rows($result)){
            return 0;
        }else{
            $query_data = mysql_fetch_row($results);
            return $query_data[0];
        }
    }
?>

If the function was not present you'd get an error, so it won't be that. — diggersworld, Jan 14 '13 at 18:12
Shouldn't session_start go at the very beginning of the script? — Alfabravo, Jan 14 '13 at 18:14
where are you declaring `$userid`? shouldn't it be `if (!isset ($_POST['userid']))`? — Matanya, Jan 14 '13 at 18:16

score 0 · Answer 1 · answered Jan 14 '13 at 18:12

0

try

if (!isset $_POST['userid']) {

and see if that helps. It looks like $userid is not being set before you branch.

(edited because of stupid spelling checker.)

answered Jan 14 '13 at 18:12

Jerry

3,391
1
19
28

Wow! that was quick :D This was helpful, but threw up a syntax error so I changed it to: `codeif (!isset ($_POST['userid'])) {` The script now returns the register link when data is entered with the following warning: Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\Zend\Apache2\htdocs\fileaway\loginTest.php on line 77 – Funk247 Jan 14 '13 at 18:21

score 0 · Accepted Answer · edited May 23 '17 at 11:48

0

You're not defining $userid or checking if the form has been submitted. Try:

if (!isset($_POST['userid'])) {

Your query in your auth_user function needs to look like this:

$query = "SELECT DXNumber FROM $user_tablename WHERE DXNumber = '$userid' AND userpassword ='" . $userpassword."'";

Also, you're open to sql injection. You should look into using PDO and prevent it.

edited May 23 '17 at 11:48

Community

1
1

answered Jan 14 '13 at 18:20

SeanWM

16,789
7
51
83

Hi, I thought my query might have been a bit wrong, thanks for the assist! I need to look into replacing the session_register and session_unregister globals as well. Not too worried about sql injection atm, just want to get my head round the code syntax :) – Funk247 Jan 14 '13 at 18:39
its giving me a warning:mysql_num_rows() expects parameter 1 to be resource, boolean given which I'm researching atm, and also notice of session_register and session_unregister being deprecated functions, which is a lot more than it was doing. I'm very grateful to you for your help. The other issues im experiencing will be seperate questions so if needs be I'll create new ones. Thanks Sean. – Funk247 Jan 14 '13 at 19:29

PHP login script isnt working, passes variables back to page then does nothing

2 Answers2