Re: [PHP] authentication issue...
On May 29, 2010, at 12:02 AM, Nathan Nobbe wrote: On Fri, May 28, 2010 at 7:43 PM, Jason Pruim > wrote: Hey Everyone, So I'm sitting here on a friday night trying to figure out how in the world I'm going to fix an issue that should probably be simple to me but is escaping me at the moment Take this authentication function: $loginQuery = "SELECT * FROM {$cfgtableAuth} WHERE userLogin='".$authUser."' AND userPass='".$md5pass."' LIMIT 0,1;"; $loginResult = mysql_query($loginQuery) or die("Wrong data supplied or database error" .mysql_error()); $row1 = mysql_fetch_assoc($loginResult); if($row1['access'] == "500"){ foreach (array_keys($_SESSION) as $key) unset($_SESSION[$key]); die('account disabled'); } if(is_array($row1)){ $_SESSION['userInfo'] = array( "userLogin" => $row1['userName'], "loggedin" => TRUE, "userName" => $row1['userName'], "userPermission" => $row1['userPermission']); error_log("User has logged in: ". $row1['userLogin']); }else{ //$_SESSION['userInfo'] =array("loggedin" => FALSE); die('authentication failed'); } return TRUE; } ?> Here is how I am displaying the login form: CSS; include("nav.php"); if ($_SESSION['userInfo']['loggedin'] == TRUE) { MAIN PAGE DISPLAY HERE }else{ //Display login info echo << You must login to proceed! User Name: name="txtUser"> Password: name="txtPass"> FORM; if(isset($_POST['txtUser'])) { $authUser = $_POST['txtUser']; $authPass = $_POST['txtPass']; $auth = authentication($authUser, $authPass, $cfgtableAuth); } } ?> Now... the authentication actually works, and it logs me in properly, but I have to click the login button twice Ideally I should just do it once, so I'm wondering if anyone can spot my grievous misstep here? it looks to me like you need to move the authentication() call if(isset($_POST['txtUser'])) { $authUser = $_POST['txtUser']; $authPass = $_POST['txtPass']; $auth = authentication($authUser, $authPass, $cfgtableAuth); } above the check to see if the user has logged in, right after the include("nav.php"); line. right now, when the user submits the form, your code is first finding that the user isnt logged in, spitting out the 'please log in' portion of the html then logging them in, so youre actually already logged in when the form shows itself the second time! Hey nathan, You were close actually... :) If I moved just the $auth call it came up and said that the auth failed... BUT if I moved that entire if block to just below the include("nav.php"); line it works as it should! Thanks for the pointer in the right direction! :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] authentication issue...
On Sat, 2010-05-29 at 07:40 -0400, Floyd Resler wrote: > On May 28, 2010, at 9:43 PM, Jason Pruim wrote: > > > Hey Everyone, > > > > So I'm sitting here on a friday night trying to figure out how in > > the world I'm going to fix an issue that should probably be simple > > to me but is escaping me at the moment > > > > Take this authentication function: > > > > > > > function authentication($authUser, $authPass, $cfgtableAuth){ > > > > // Keep in mind, PASSWORD has meaning in MySQL > > // Do your string sanitizing here > > // (e.g. - $user = mysql_real_escape_string($_POST['user']);) > > $authUser = mysql_real_escape_string($_POST['txtUser']); > > $authPass = mysql_real_escape_string($_POST['txtPass']); > > $md5pass = md5($authPass); > > > >$loginQuery = "SELECT * FROM {$cfgtableAuth} WHERE > > userLogin='".$authUser."' AND userPass='".$md5pass."' LIMIT 0,1;"; > > > >$loginResult = mysql_query($loginQuery) or die("Wrong > > data supplied or database error" .mysql_error()); > > $row1 = mysql_fetch_assoc($loginResult); > > if($row1['access'] == "500"){ > >foreach (array_keys($_SESSION) as $key) > >unset($_SESSION[$key]); > > > > die('account disabled'); > > } > > > > if(is_array($row1)){ > > > >$_SESSION['userInfo'] = array( "userLogin" => > > $row1['userName'], "loggedin" => TRUE, "userName" => > > $row1['userName'], "userPermission" => $row1['userPermission']); > > > >error_log("User has logged in: ". > > $row1['userLogin']); > > > >}else{ > > //$_SESSION['userInfo'] =array("loggedin" => FALSE); > > die('authentication failed'); > > > > } > > return TRUE; > > > > } > > > > ?> > > > > Here is how I am displaying the login form: > > > > > session_start(); > > > > $link = dbconnect($server, $username, $password, $database); > > > > $page = $_GET['page']; > > > > echo << > > > > > > > CSS; > > include("nav.php"); > > > > if ($_SESSION['userInfo']['loggedin'] == TRUE) { > > > > MAIN PAGE DISPLAY HERE > > > > }else{ > > > > //Display login info > > echo << > > > > > > >You must login to proceed! > > User Name: > name="txtUser"> > > Password: > name="txtPass"> > > > > > > > > > > FORM; > > > > if(isset($_POST['txtUser'])) { > > $authUser = $_POST['txtUser']; > > $authPass = $_POST['txtPass']; > > $auth = authentication($authUser, $authPass, $cfgtableAuth); > > > > } > > > > } > > > > ?> > > > > Now... the authentication actually works, and it logs me in > > properly, but I have to click the login button twice Ideally I > > should just do it once, so I'm wondering if anyone can spot my > > grievous misstep here? > > > > Thanks in advance for the help and pointers I am bound to receive > > from this list! :) > > > > Your problem kind of made me laugh. Not because you're having this > problem but because the problem you're having that you want to correct > is something a co-worker of mine did by design. She writes in FoxPro > and on her login page you actually have to click the login button > twice in order to log in! She did it that way because she has a > profile button on the login page. Still, clicking on a login button > twice is annoying! :) > > Take care, > Floyd > > The problem I often see in this area is where the login check is performed in an include file, and then included in every page, including the login page itself. Takes a little while sometimes to figure out why it is stuck in an eternal loop! Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] authentication issue...
On May 28, 2010, at 9:43 PM, Jason Pruim wrote: Hey Everyone, So I'm sitting here on a friday night trying to figure out how in the world I'm going to fix an issue that should probably be simple to me but is escaping me at the moment Take this authentication function: $loginQuery = "SELECT * FROM {$cfgtableAuth} WHERE userLogin='".$authUser."' AND userPass='".$md5pass."' LIMIT 0,1;"; $loginResult = mysql_query($loginQuery) or die("Wrong data supplied or database error" .mysql_error()); $row1 = mysql_fetch_assoc($loginResult); if($row1['access'] == "500"){ foreach (array_keys($_SESSION) as $key) unset($_SESSION[$key]); die('account disabled'); } if(is_array($row1)){ $_SESSION['userInfo'] = array( "userLogin" => $row1['userName'], "loggedin" => TRUE, "userName" => $row1['userName'], "userPermission" => $row1['userPermission']); error_log("User has logged in: ". $row1['userLogin']); }else{ //$_SESSION['userInfo'] =array("loggedin" => FALSE); die('authentication failed'); } return TRUE; } ?> Here is how I am displaying the login form: CSS; include("nav.php"); if ($_SESSION['userInfo']['loggedin'] == TRUE) { MAIN PAGE DISPLAY HERE }else{ //Display login info echo << You must login to proceed! User Name: Password: FORM; if(isset($_POST['txtUser'])) { $authUser = $_POST['txtUser']; $authPass = $_POST['txtPass']; $auth = authentication($authUser, $authPass, $cfgtableAuth); } } ?> Now... the authentication actually works, and it logs me in properly, but I have to click the login button twice Ideally I should just do it once, so I'm wondering if anyone can spot my grievous misstep here? Thanks in advance for the help and pointers I am bound to receive from this list! :) Your problem kind of made me laugh. Not because you're having this problem but because the problem you're having that you want to correct is something a co-worker of mine did by design. She writes in FoxPro and on her login page you actually have to click the login button twice in order to log in! She did it that way because she has a profile button on the login page. Still, clicking on a login button twice is annoying! :) Take care, Floyd -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] authentication issue...
On Fri, May 28, 2010 at 7:43 PM, Jason Pruim wrote: > Hey Everyone, > > So I'm sitting here on a friday night trying to figure out how in the world > I'm going to fix an issue that should probably be simple to me but is > escaping me at the moment > > Take this authentication function: > > > function authentication($authUser, $authPass, $cfgtableAuth){ > >// Keep in mind, PASSWORD has meaning in MySQL >// Do your string sanitizing here >// (e.g. - $user = mysql_real_escape_string($_POST['user']);) >$authUser = mysql_real_escape_string($_POST['txtUser']); >$authPass = mysql_real_escape_string($_POST['txtPass']); >$md5pass = md5($authPass); > >$loginQuery = "SELECT * FROM {$cfgtableAuth} WHERE > userLogin='".$authUser."' AND userPass='".$md5pass."' LIMIT 0,1;"; > >$loginResult = mysql_query($loginQuery) or die("Wrong data > supplied or database error" .mysql_error()); >$row1 = mysql_fetch_assoc($loginResult); >if($row1['access'] == "500"){ >foreach (array_keys($_SESSION) as $key) >unset($_SESSION[$key]); > >die('account disabled'); >} > >if(is_array($row1)){ > >$_SESSION['userInfo'] = array( "userLogin" => > $row1['userName'], "loggedin" => TRUE, "userName" => $row1['userName'], > "userPermission" => $row1['userPermission']); > >error_log("User has logged in: ". $row1['userLogin']); > >}else{ >//$_SESSION['userInfo'] =array("loggedin" => FALSE); >die('authentication failed'); > >} >return TRUE; > >} > > ?> > > Here is how I am displaying the login form: > > session_start(); > > $link = dbconnect($server, $username, $password, $database); > > $page = $_GET['page']; > > echo << > > > CSS; > include("nav.php"); > > if ($_SESSION['userInfo']['loggedin'] == TRUE) { > > MAIN PAGE DISPLAY HERE > > }else{ > >//Display login info > echo << > > >You must login to proceed! >User Name: name="txtUser"> >Password: name="txtPass"> > > > > > FORM; > > if(isset($_POST['txtUser'])) { > $authUser = $_POST['txtUser']; > $authPass = $_POST['txtPass']; > $auth = authentication($authUser, $authPass, $cfgtableAuth); > > } > > } > > ?> > > Now... the authentication actually works, and it logs me in properly, but I > have to click the login button twice Ideally I should just do it once, > so I'm wondering if anyone can spot my grievous misstep here? > it looks to me like you need to move the authentication() call if(isset($_POST['txtUser'])) { $authUser = $_POST['txtUser']; $authPass = $_POST['txtPass']; $auth = authentication($authUser, $authPass, $cfgtableAuth); } above the check to see if the user has logged in, right after the include("nav.php"); line. right now, when the user submits the form, your code is first finding that the user isnt logged in, spitting out the 'please log in' portion of the html then logging them in, so youre actually already logged in when the form shows itself the second time! -nathan
[PHP] authentication issue...
Hey Everyone, So I'm sitting here on a friday night trying to figure out how in the world I'm going to fix an issue that should probably be simple to me but is escaping me at the moment Take this authentication function: $loginQuery = "SELECT * FROM {$cfgtableAuth} WHERE userLogin='".$authUser."' AND userPass='".$md5pass."' LIMIT 0,1;"; $loginResult = mysql_query($loginQuery) or die("Wrong data supplied or database error" .mysql_error()); $row1 = mysql_fetch_assoc($loginResult); if($row1['access'] == "500"){ foreach (array_keys($_SESSION) as $key) unset($_SESSION[$key]); die('account disabled'); } if(is_array($row1)){ $_SESSION['userInfo'] = array( "userLogin" => $row1['userName'], "loggedin" => TRUE, "userName" => $row1['userName'], "userPermission" => $row1['userPermission']); error_log("User has logged in: ". $row1['userLogin']); }else{ //$_SESSION['userInfo'] =array("loggedin" => FALSE); die('authentication failed'); } return TRUE; } ?> Here is how I am displaying the login form: CSS; include("nav.php"); if ($_SESSION['userInfo']['loggedin'] == TRUE) { MAIN PAGE DISPLAY HERE }else{ //Display login info echo << You must login to proceed! User Name: Password: FORM; if(isset($_POST['txtUser'])) { $authUser = $_POST['txtUser']; $authPass = $_POST['txtPass']; $auth = authentication($authUser, $authPass, $cfgtableAuth); } } ?> Now... the authentication actually works, and it logs me in properly, but I have to click the login button twice Ideally I should just do it once, so I'm wondering if anyone can spot my grievous misstep here? Thanks in advance for the help and pointers I am bound to receive from this list! :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php