[kaceykeleher]

I've managed to create a problem for myself while writing a PHP login script. Hopefully someone can manage to help me out! The problem is that whenever I attempt to login, it just refreshes my login page. I used to use this script a few years back, and I'm just getting back into building sites again, and figured I'd use this since I still have it.

The basic layout is this:

index.php
login.php
admin_connect.php
admin_register.php

Here is my login.php page

PHP Code:

<?



session_start();



include('admin_connect.php');



include('admin_register.php');



if ($cs_admin)

{

    if ( isset($HTTP_GET_VARS['id']) || isset($HTTP_POST_VARS['id']) )

    {

        $id = ( isset($HTTP_GET_VARS['id']) ) ? $HTTP_GET_VARS['id'] : $HTTP_POST_VARS['id'];

        

        if ($id == 'logout')

        {

            session_destroy();

            $cs_admin = false;

            include('login_body.tpl');

        }

    }

    else

    {

        include('index_body.tpl');

    }

}



// include('admin_footer.php');



?>

Here is my admin_register.php page

PHP Code:

<?



$cs_admin = false;



if (!session_is_registered($user_name)) 

{

    if (isset($user_name) && ($user_name <> "") && isset($user_pass) && ($user_pass <> ""))

    {

        $sql = "SELECT * FROM cs_admin

                WHERE user_name = '$user_name'";

        $result = mysql_query($sql);

        $row = mysql_fetch_array($result);

        

        $user_id = $row['user_id'];

        $user_active = $row['user_active'];

        $user_name = $row['user_name'];

        $user_pass = $row['user_pass'];

        

        if ($user_active != '1')

        {

            $error .= "You have not activated your account at Clear Stitch.";

            $error .= "<br></br>";

        }

        

        if (strtolower($row[2]) == strtolower($user_name))

        {

            if ($row[3] == (md5($user_pass)))

            {

                $cs_admin = true;

                $user_id = $row[0];

                session_register('user_id');

                session_register('user_name');

                session_register('user_pass');

            }

            else

            {

                $error = 'Wrong username/password combination!';

            }

        }

        else

        {

            $error = 'Wrong username/password combination!';

        }

    }

}

else

{

    $cs_admin = true;

}



if (!$cs_admin)

{

    include('login_body.tpl');

}



?>

Here is my index.php page

PHP Code:

<?



session_start();



include('admin_header.php');



if (!$cs_admin)

{

    header("Location:login.php");

}

else

{

    print 'Success!';

}

?>

This is my login form

HTML Code:

<form name="cs_admin" action="login.php" method="post">
	<table border="0" cellpadding="2" cellspacing="0" align="center">
		<tr valign="top">
			<td align="center" colspan="2">
				<? echo $error ?>
			</td>
		</tr>
		<tr><td><br /></td></tr>
		<tr valign="top">
			<td align="left">
				Username: 
			</td>
			<td align="left">
				<input type="text" name="user_name" value="" size="40">
			</td>
		</tr>
		<tr valign="top">
			<td align="left">
				Password: 
			</td>
			<td align="left">
				<input type="password" name="user_pass" value="" size="40">
			</td>
		</tr>
		<tr valign="top">
			<td align="center" colspan="2">
				<input type="reset" name="reset" value="Clear">&nbsp;&nbsp;
				<input type="submit" name="submit" value="Submit">
			</td>
		</tr>
	</table>
</form>

So, like I said, for some reason when I attempt to login it just refreshes my login page. My connection to the database works fine, and is tested, so I know that's correct, and I only have one login. If you want to check out the pages, just go to clearstitch.com/admin

Username: admin
Password: admin

If anyone sees any problems and can help me I would greatly appreciate it!

[de.monkeyz]

It seems like you're using very old code to be honest. I would recommend just going with either post or get. Not both. And using $_GET or $_POST instead of the $HTTP_VARS arrays as they are not super globals and are depreciated.

I'd also suggest you don't use tables for layout in html (nothing to do with php, but good practise non the less). Also setting the forms action to action="" will make it post back to the same page, which prevents problems with files being renamed etc.

With the login script, what is $cs_admin exactly? As it could be the root of the problem

[de.monkeyz]

Oh also. session_is_registered is also depreciated as far as I'm aware also.

[kaceykeleher]

Thanks for the response! To start, $cs_admin is just a variable I set as an added measure, which I may not need. So, basically, their information is registered, and it also sets the $cs_admin equal to true. I could dispose of this.

Now, as far as the post or get you mentioned. I'm assuming you mean something along these lines:

PHP Code:

$user_name = $_POST['user_name']; 

...and so on?

And for setting the $id, you were saying use the $_POST or $_GET variables as well. Would I write it as such:

PHP Code:

if ( isset($_GET['id']) || isset($_POST['id']) )

    {

        $id = ( isset($_GET['id']) ) ? $_GET['id'] : $_POST['id']; 

I rewrote a login script that used three different pages to check everything. A login.php, checklogin.php, and login_success.php. It works, and I use the $_POST variable instead. Would you recommend using separate pages like this for a login, or keep it to one?

Also, just to add, like I said before this is an old script I wrote a few years back, and I've since started using <div> tags & XHTML. I'm more up to standards now! It was just the form I had wrote before and didn't want to change it just yet.

I know there are a few questions here, but anything you can answer would be greatly appreciated. Thank you so much for your previous posts and any information you can give me!

[de.monkeyz]

Yes that is what I meant, use $_GET and $_POST like you put. Also with session registered do

PHP Code:

isset($_SESSION['varname']) 

instead of

PHP Code:

session_is_registered('varname'); 

As for your question about separate pages, I'd reccommend using just one page.

http://www.deathmonkeyz.com/tutorials << At the bottom I have a 3 part video on reg and login. I believe the 3rd video just talks about login, if you need any additional help.

[kaceykeleher]

Much thanks, de! I really appreciate it.