PHP/MySQL Help
Date: 01/05/07
(WebDesign) Keywords: php, mysql, html, database, sql, web
Hoping somebody here can help me..
I'm going through the book PHP and MySQL Web Development by Luke Welling and Laura Thompson. I'm currently working through Chapter 26 (for those of you that have read it), Building User Authentication and Personalization. I've gotten through it pretty good so far, but am having some trouble with actually authenticating the user logins. My site is set up at http://test.aacapartsandsupplies.com. My problem is, whenever I click the login button, I always go to the member.php page.. even if I didn't put any login information in. It doesn't throw back any errors saying "you must be logged in to view this page", etc. Even if I do login, and I try to logout from member.php, it throws back the exception "you were not logged in, and so have not been logged out." I have registered some test users, and this happens on every login I've created.
I'm not exactly sure where the problem lies. I'm wondering if anyone has read this book and might be able to help me out. Even if you haven't read it and know more about PHP/MySQL than I do, I'd appreciate any kind of help. Posting the code for the two files where I *think* the problem lies.
< ?php
// include function files for this application
require_once('tokens_fns.php');
session_start();
//create short variable names
$username = $_POST['username'];
$passwd = $_POST['passwd'];
if ($username && $passwd)
// they have just tried logging in
{
try
{
login($username, $passwd);
// if they are in the database register the user id
$_SESSION['valid_user'] = $username;
}
catch(Exception $e)
{
// unsuccessful login
do_html_header('Problem:');
echo 'You could not be logged in.
You must be logged in to view this page.';
do_html_footer();
exit;
}
}
do_html_header('');
display_user_menu('');
check_valid_user('');
?>
< div id="right">
< div id="title">
< h1>Welcome to your AACA Locker < ?php $_POST['username'] ?>
< /div>
Thanks for logging in! You may now view your custom reports, vote in our
polls, and be sure to check for any rewards you may have won!
< /div>
< ?php
do_html_footer('');
?>
This is simply the login and check_valid_user functions:
function login($username, $passwd)
// check username and password with db
// if yes, return true
// else throw exception
{
// connect to db
$conn = db_connect();
// check if username is unique
$result = $conn->query("select * from user
where username='$username'
and passwd = sha1('$passwd')");
if (!$result)
throw new Exception('Could not log you in.');
if ($result->num_rows>0)
return true;
else
throw new Exception('Could not log you in.');
}
function check_valid_user()
// see if somebody is logged in and notify them if not
{
if (isset($_SESSION['valid_user']))
{
echo '
';
echo 'Logged in as '.$_SESSION['valid_user'].'.';
echo '
';
}
else
{
// they are not logged in
echo '
';
echo 'You are not logged in.
';
exit;
}
}
I can provide more code if needed.
Thank you all in advance!!
Source: http://community.livejournal.com/webdesign/1203673.html