View Poll Results: Is it ok ???

Voters
3. You may not vote on this poll
  • php

    3 100.00%
  • mysql

    0 0%
Results 1 to 14 of 14
  1. #1
    Join Date
    Apr 2003
    Location
    Belgium
    Posts
    23

    Smile Unanswered: passing variables with a login page

    Hi,

    I'm having problems with passing more than 1 variable through a form.
    In my db, the users have Admin or staff rights, and they have a specific company.
    When I submit my login page (which checks and shows every error), I come in my menu page, where it shows the link to create_users if you're an admin and hide the link when you're staff (this works perfect), there's also a logout link (which also works) and it also has to show from which company you are (which isn't working).
    What am I doing wrong ?

    PAGE1 (login page):


    <?php include("../include/intranet_admin.php"); ?>
    <?php
    function check_login($formdata)
    { $dbhost = "xxx.xxx.xxx.xxx";
    $dbuser = "xxx";
    $dbpassword = "xxx";
    $db = "xxx";

    $form_data = trim_data($formdata);
    $user = $form_data['username'];
    $password = $form_data['password'];

    $mysql = mysql_connect($dbhost, $dbuser, $dbpassword);
    if(!$mysql)
    { $error = "Cannot connect to Database Host";
    return($error);
    }

    $mysqldb = mysql_select_db($db);
    if(!$mysqldb)
    { $error = "Cannot open Database";
    return($error);
    }

    $myquery = "SELECT * FROM users WHERE username = '" . $user;
    $myquery .= "' AND password = '" . crypt($password,"xxxxx") . "'";

    $result = mysql_query($myquery);
    if (!$result)
    { $error = "Cannot run Query";
    return($error);
    }

    $numRows = mysql_num_rows($result);
    if ($numRows < 1)
    { $error = "User name or password not recognised";
    return($error);
    }

    $userRecord = mysql_fetch_array($result);
    $status = $userRecord["status"];
    return($status);
    }
    ?>
    <?php
    if($HTTP_POST_VARS['Submit']=="Login")
    { session_start();
    $statusCheck = check_login($HTTP_POST_VARS);
    if ($statusCheck == "Admin" || $statusCheck == "Staff")
    { session_register("statusCheck");
    header("Location: menu.php");
    }
    $companyCheck = check_company($HTTP_POST_VARS);
    if($companyCheck == "Acros" || $companyCheck == "Fisher Europe" || $companyCheck == ....)
    { session_register("companyCheck");
    }

    }
    ?>

    <html>
    <head>
    <title>Untitled Document</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    </head>

    <body bgcolor="#003366">
    <h1 align="center"><font color="#FFFFFF">LOGIN</font></h1>
    <h1 align="center"><font color="#FFFFFF">Fisher intranet</font></h1>
    <h2 align="center"><font color="#FFFFFF">Enter your User name and password</font></h2>

    <?php echo($statusCheck);
    ?>

    <form name="form1" method="post" action="<?php echo($PHP_SELF) ?>">
    <table width="32%" border="0" align="center" cellpadding="0" cellspacing="0">
    <tr>
    <td width="32%"><font color="#FFFFFF">user name :</font></td>
    <td width="68%"><input name="username" type="text" id="username" maxlength="20"></td>
    </tr>
    <tr>
    <td><font color="#FFFFFF">password :</font></td>
    <td><input name="password" type="password" id="password" maxlength="20"></td>
    </tr>
    <tr>
    <td colspan="2"><div align="center">
    <p>&nbsp;</p><p><input type="submit" name="Submit" value="Login">
    </p></div></td>
    </tr>
    </table>
    <p align="center">&nbsp;</p>
    </form>
    </body>
    </html>

    PAGE2 (menu page):


    <?php
    session_start();
    if($HTTP_GET_VARS["action"]=="logout")
    {session_unregister("statusCheck");
    session_destroy();
    }
    if (!session_is_registered("statusCheck"))
    {header("Location: login.php");}
    ?>

    ....

    <p align="center"><?php if ($statusCheck == "Admin") {print ("<a href='create_users.php'>Add new user (only administrators)</a>");} ?></p>
    <p align="center"><?php if ($compCheck == "Acros") {print ("ACROS");} ?></p>
    You help me, and I'll try to help you

  2. #2
    Join Date
    Oct 2002
    Location
    Plymouth UK
    Posts
    116
    Looks OK. The code for the function check_company is missing (presumably in the includes). I would guess the problem is in that function or the other missing function trim_data.

  3. #3
    Join Date
    Apr 2003
    Location
    Belgium
    Posts
    23

    Smile

    Can you please tell me what should be in that function check_company ?
    I'm sure my function trim_data is correct.

    trim_data :

    <?php
    function trim_data($formdata)
    { foreach($formdata as $key => $value)
    { $key = trim($key);
    $value = trim($value);
    }
    return $formdata;
    }
    ?>

    Thanks !!!
    You help me, and I'll try to help you

  4. #4
    Join Date
    Oct 2002
    Location
    Plymouth UK
    Posts
    116
    Do you not have a function check_company already written?

    As the company is not the post vars where does this info come from? Are you intending to read this from the database using the username and password? If so then you put the code to read the company info from the database into this function. Otherwise if you are intending to read this info from the post vars then there would need to be an entry on the form for the user to specify.

  5. #5
    Join Date
    Apr 2003
    Location
    Belgium
    Posts
    23
    All the code I've written I found in books and on the internet, and trying to change for my project (so sorry if I don't understand you immediately ).

    In my db you've a username, password, company.
    If a user logs in, the company in accordance with the user has to be displayed at the menu-page.
    Maybe I just have to copy the function check_login and rename it to check_company or what's your solution?

    Thanks for the help already
    You help me, and I'll try to help you

  6. #6
    Join Date
    Oct 2002
    Location
    Plymouth UK
    Posts
    116
    Presumably you also have a field in the database for status, because you are reading this value in the check_login?

    You have two options write a function to return the company or modify the check_login function to return the values required. I would favour the second option. I use Oracle so am not a mySQL expert but you could try the following.

    First option
    Copy the function check_login and rename it to check_company. Modify the line that fetches the field so that the company is returned rather than the status...

    Code:
    $userRecord = mysql_fetch_array($result);
    $status = $userRecord["company"];
    return($status);

    Second option

    The existing check_login function returns only the type of user i.e Admin or Staff from the field 'status'. Modify the last few lines of this function to return the whole row. Something like this...

    existing code

    Code:
    $userRecord = mysql_fetch_array($result);
    $status = $userRecord["status"];
    return($status);
    replace with

    Code:
    $userRecord = mysql_fetch_array($result);
    return($userRecord);

    Then you need to modify the code that uses the function to get at the values returned. Something like this...

    existing code snippets
    Code:
    $statusCheck = check_login($HTTP_POST_VARS);
    .
    .
    .
    $companyCheck = check_company($HTTP_POST_VARS);
    replace with

    Code:
    # get the row
    $row = check_login($HTTP_POST_VARS);
    # get the user status from the row
    $statusCheck = $row["status"];
    # get the user company from the row
    $companyCheck = $row["company"];

    The second option would gather all the data in one query of the database, the first option issues two queries. This should then work with the remainder of your code. Hope this helps you on the right track.

  7. #7
    Join Date
    Apr 2003
    Location
    Belgium
    Posts
    23
    Thank you very much !!! It works great.
    You saved me a lot of time !!!

    :d
    You help me, and I'll try to help you

  8. #8
    Join Date
    Apr 2003
    Location
    Belgium
    Posts
    23
    Hello !!!

    Sorry to bother you again, but I have a problem I think you can solve :$

    my code is developed to :

    Code:
    <?php include("../include/intranet_admin.php"); ?>
    <?php
    function check_login($formdata)
    { $dbhost = "xxx.xxx.xxx.xxx";
      $dbuser = "xxx"; 
      $dbpassword = "xxx";
      $db = "xxx";
      
      $form_data = trim_data($formdata);
      $user = $form_data['username'];
      $password = $form_data['password'];
      
      $mysql = mysql_connect($dbhost, $dbuser, $dbpassword);
      if(!$mysql)
      { $error = "Cannot connect to Database Host";
        return($error);
      }
      
      $mysqldb = mysql_select_db($db);
      if(!$mysqldb)
      { $error = "Cannot open Database";
        return($error);
      }
      
      $myquery = "SELECT * FROM login WHERE username = '" . $user;
      $myquery .= "' AND password = '" . crypt($password,"xxx") . "'";
      
       
    
     $result = mysql_query($myquery);
     if (!$result)
      { $error = "Cannot run query";
        return($error);
      }
     
      $numRows = mysql_num_rows($result);
      if ($numRows < 1)
      { $error = "User name or password not recognised";
        return($error);
      }
      
      $userRecord = mysql_fetch_array($result);
      return($userRecord);
    }
    ?>
    <?php 
    if($HTTP_POST_VARS['Submit']=="Login")
    { session_start();
      $row = check_login($HTTP_POST_VARS);
      $statusCheck = $row["status"];
      if ($statusCheck == "Admin" || $statusCheck == "Staff")
      { session_register("statusCheck");
        header("Location: menu.php");
      }
      $companyCheck = $row["company"];
      if($companyCheck == "Acros")
      { session_register("companyCheck");
      }
    }
    ?>
    <html>
    <head>
    <title>Fisher Intranet</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    </head>
    
    <body>
    <h1 align="center"><font color="#003366" size="3" face="Arial, Helvetica, sans-serif">Login 
      to the Fisher intranet</font></h1>
    <h1 align="center"><font color="#003366" size="5" face="Verdana, Arial, Helvetica, sans-serif"><img src="../../images/imagesform/logo.gif" width="259" height="57"></font></h1>
    <h2 align="center"><font color="#003366" size="3" face="Arial, Helvetica, sans-serif">Enter 
      your user name and password:</font></h2>
    <p align="center"><?php echo $statusCheck; ?></p>
    <p> </p><form name="form1" method="post" action="<?php echo($PHP_SELF) ?>">
      <table width="50%" border="0" align="center" cellpadding="5" cellspacing="0" bgcolor="#999966">
        <tr> 
          <td width="29%"><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><strong>user 
            name :</strong></font></td>
          <td width="71%"><input name="username" type="text" id="username" maxlength="20"></td>
        </tr>
        <tr> 
          <td><font color="#FFFFFF" size="2" face="Arial, Helvetica, sans-serif"><strong>password 
            :</strong></font></td>
          <td><input name="password" type="password" id="password" maxlength="20"></td>
        </tr>
        <tr> 
          <td colspan="2"><div align="center"> 
              <p> 
                <input type="submit" name="Submit" value="Login">
                <font color="#003366" size="2" face="Arial, Helvetica, sans-serif"><font color="#003366" size="2" face="Arial, Helvetica, sans-serif"></font></font> 
              </p>
            </div></td>
        </tr>
      </table>
      
    </form>
    <p align="center"> <font color="#003366" size="2" face="Arial, Helvetica, sans-serif">
    <div align="center"> Copyright Fisher Scientific Europe <br>
      <font color="#003366" size="2" face="Arial, Helvetica, sans-serif"></font></div>
    </font>
    <p align="center"></p>
    <div align="center"><font color="#003366" size="2" face="Arial, Helvetica, sans-serif">
      <script language=Javascript1.2>
    // verander hieronder de kleur font en grootte van het klokje 
    var tags_before_clock = "<font face='Arial, Helvetica, sans-serif' size='1' color='#003366'> "
    var tags_middle_clock = ""
    if(navigator.appName == "Netscape") {
    document.write('<layer id="clock"></layer><br>');
    }
    if (navigator.appVersion.indexOf("MSIE") != -1){
    document.write('<span id="clock"></span>');
    }
    function upclock(){
    var dte = new Date();
    var hrs = dte.getHours();
    var min = dte.getMinutes();
    var sec = dte.getSeconds();
    var col = ":";
    var spc = " ";
    var com = "";
    if (hrs == 0) hrs=12;
    if (min<=9) min="0"+min;
    if (sec<=9) sec="0"+sec;
    if(navigator.appName == "Netscape") {
    document.clock.document. write(tags_before_clock+hrs+col+min+col+sec+tags_m
    iddle_clock+day+com+spc);
    document.clock.document.close();
    }
    if (navigator.appVersion.indexOf("MSIE") != -1){
    clock.innerHTML =  tags_before_clock+hrs+col+min+col+sec+tags_middle_
    clock+com+com+spc;
    }
    }
    setInterval("upclock()",200);
    </script>
      </font></p> </div>
    </body>
    </html>
    My login-page works great, but I've found an error I can't solve.
    Normally, if I login with a wrong username or password, it shows "User name or password not recognised". But when I test it, it only shows the first letter : U. Do you know what the problem is because I've tried several things but it won't work.


    Thank you again in advance.
    You help me, and I'll try to help you

  9. #9
    Join Date
    Oct 2002
    Location
    Plymouth UK
    Posts
    116
    Looks OK to me. It might be worth checking which part of the check_login is returning the 'U'. Sorry I couldn't help more.

  10. #10
    Join Date
    Apr 2003
    Location
    Belgium
    Posts
    23
    That's ok, I'm pleased that somebody will even try to help me

    I've tried to check out if it's really the first letter of "User name and password not recognised", I changed the User to Oser and it displays the 'O' when I give a wrong username or password. So it gives the correct error message, but it isn't displayed correct.
    You help me, and I'll try to help you

  11. #11
    Join Date
    Apr 2003
    Location
    Belgium
    Posts
    23
    The next thing was said to me :

    1. the check_login() returns a string
    2. you call the function (returns a string), and save to $row: $row = check_login($HTTP_POST_VARS);
    3. you save one character from $row in new variable $statusCheck: $statusCheck = $row["status"];
    4. that's why you get 'U'


    Is this correct ?
    And if it is, how do I have to change this ?
    I really don't know what I'm supposed to do.

    Thanks for all the help !!!
    You help me, and I'll try to help you

  12. #12
    Join Date
    Oct 2002
    Location
    Plymouth UK
    Posts
    116
    Ah this is probably where the problem lies. The mySql returns an array and subsequent processing assumes an array. The error messages however are returned as strings. I think you need to make these an array type.

    The changes to your code would be associated with the declarations of the error text.

    Currently you have the return string
    Code:
    $error = "User name or password not recognised";
    This needs to be changed to an array something like this:
    Code:
    $error = array ("status" => "User name or password not recognised");

  13. #13
    Join Date
    Apr 2003
    Location
    Belgium
    Posts
    23
    I've found the solution, I just had to change

    Code:
    .
    .
    <?php 
    if($HTTP_POST_VARS['Submit']=="Login")
    { session_start();
      $row = check_login($HTTP_POST_VARS);
      $statusCheck = $row["status"];
    .
    .
    to

    Code:
    .
    .
    <?php 
    if($HTTP_POST_VARS['Submit']=="Login")
    { session_start();
      $row = check_login($HTTP_POST_VARS);
      $statusCheck = strlen($row["status"]) == 1 ? $row : $row["status"];
    .
    .
    ?>
    I don't now if your solution is working, but I have no doubts about it


    Thanks
    You help me, and I'll try to help you

  14. #14
    Join Date
    Oct 2002
    Location
    Plymouth UK
    Posts
    116
    Great. There are many ways to solve a problem, depending which end you start. Glad you are up and running.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •