WampServer

Hi people,
I'm trying to give users mechanism or means to prove their authenticity using a 2 field form and am supposed to get the following login result:

Congratulations, John Doe, you are authorized!

Authorized Users' Menu:

. secret page



But unfortunately, the above message is not displayed in the browser.

auth_users table
-----------------
create table auth_users
(
id int not null primary key auto_increment,
f_name varchar(50),
l_name varchar(50),
email varchar(150),
username varchar(25),
password varchar(75)
);

insert into auth_users values (null, 'john', 'doe', 'john@doe.com', 'jdoe', password('doepass'));

listing15.7.php - user login form
-------------------------------
<html>
<head>
<title>Listing 15.7 User Login Form</title>
</head>
<body>
<H1>Login Form</H1>
<FORM METHOD="POST" ACTION="listing15.8.php">
<P><STRONG>Username/STRONG><BR>
<INPUT TYPE="text" NAME="username"></p>
<P><STRONG>Password/STRONG><BR>
<INPUT TYPE="password" NAME="password"></p>
<P><INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login"></P>
</FORM>
</body>
</html>

listing15.8.php - user login script
--------------------------------
<?php
//check for required fields from the form
if ((!$_POST[username]) || (!$_POST[password])) {
header("Location: listing15.7.php";
exit;
}

//connect to server and select database
$conn = mysql_connect("localhost", "root", "olu1bal"
or die(mysql_error());
mysql_select_db("testDB",$conn) or die(mysql_error());

//create and issue the query
$sql = "select f_name, l_name from auth_users where username = '$_POST[username]' AND password = password('$_POST[password]')";
$result = mysql_query($sql,$conn) or die(mysql_error());

//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {
//if authorized, get the values of f_name l_name
$f_name = mysql_result($result, 0, 'f_name');
$l_name = mysql_result($result, 0, 'l_name');

//set authorization cookie
setcookie("auth", "1", 0, "/", "yourdomain.com", 0);

//prepare message for printing, and user menu
$msg = "<P>$f_name $l_name is authorized!</p>";
$msg .= "<P>Authorized Users' Menu:";
$msg .= "<ul><li><a href=\"listing15.8.php\">secret page</a></ul>";
} else {
//redirect back to login form if not authorized
header("Location: listing15.7.php";
exit;
}
?>
<HTML>
<HEAD>
<TITLE>Listing 15.8 User Login </TITLE>
</HEAD>
<BODY>
<? print "$msg"; ?>
</BODY>
</HTML>

listing15.9.php - checking for auth cookie
----------------------------------------
<?php
if ($_COOKIE[auth] == "1" {
$msg = "<p>You are an authorized user.</p>";
} else {
//redirect back to login form if not authorized
header("Location: listing15.7.php";
exit;
}
?>
<html>
<head>
<title>Listing 15.8 Accessing a restricted page </title>
</head>
<body>
<?php print "$msg"; ?>
</body>
</html>

one thing that I noticed by quickly scanning your code is you are using yourdomain.com in setcookie

//set authorization cookie
setcookie("auth", "1", 0, "/", "yourdomain.com", 0);

you need to change that to your actual domain. if you are using subdomains, then change that line to this so your cooke will work

//set authorization cookie
setcookie("auth", "1", 0, "/", ".yourdomain.com", 0);



Post Edited (07-13-06 01:20)

CyberSpatium
----------------------
WAMP Forum Admin

Web Development for Newbie's Blog - Check out my new blog. It is for web developers, and especially tailored for the web development newbie. If you are not fluent in “geek speak”, then this incredible resource is just you. And even if you are a web development pro, this is a great resource to check out some of the latest web development tips, news, tutorials, codes and more.

@CyberSpatium,

I have made changes as you had suggested, but still not working.

add this line of code to all your php files, it will help you locate your errors. the default setting in the php.ini file is to only display serious error, so use this line to show all errors.

error_reporting(E_ALL);

where in my php file should i add this line of code:

error_reporting(E_ALL);

anywhere?

put it at the top of all your php webpages

for example

<?php

error_reporting(E_ALL);

or, you can do what I do. since I just use wamp for development and testing, I enable all errors in my php.ini file which helps big time with troubleshooting php code.

open your php.ini file, and find:
error_reporting = E_ALL & ~E_NOTICE

change it to:
error_reporting = E_ALL

save the file and restart apache for the new settings to take effect. note, it you change your php.ini file like I said above, you do not need to add the error_reporting(E_ALL); line to your code.

@ Cyber

I have made changes like you suggested, but still does not work

Good evening from beautiful Greece,

you have some errors in your initial scripts (not closing html tags, should increase poor cookie's lifetime and echo in function and not in body in 2nd file) made some modifications and worked ok in me. Note that I renamed listing15.7.php->help1.php, listing15.8.php->help2.php, listing15.9.php->help3.php, testDB -. testDB1 and that I also don't use password on root in mysql. So your files are as following:

------------------------------------------------ help1.php -------------------------------------------------
<html>
<head>
<title>Listing help1 User Login Form</title>
</head>

<body>
<H1>Login Form</H1>
<FORM METHOD="POST" ACTION="help2.php">
<P>
<STRONG>Username</STRONG><BR>
<INPUT TYPE="text" NAME="username"></p>
<P>
<STRONG>Password</STRONG><BR>
<INPUT TYPE="password" NAME="password"></p>
<P>
<INPUT TYPE="SUBMIT" NAME="submit" VALUE="Login"></P>
</FORM>
</body>
</html>

------------------------------------------------ help2.php -------------------------------------------------
<?php
//check for required fields from the form
if ((!$_POST['username']) || (!$_POST['password'])) {
header("Location: help1.php";
exit;
}

//connect to server and select database
$conn = mysql_connect("localhost", "root", "" or die(mysql_error());
mysql_select_db("testDB1",$conn) or die(mysql_error());

//create and issue the query
$sql = "select f_name, l_name from auth_users where username = '$_POST[username]' AND password = password('$_POST[password]')";
$result = mysql_query($sql,$conn) or die(mysql_error());

//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1)
{
//if authorized, get the values of f_name l_name
$f_name = mysql_result($result, 0, 'f_name');
$l_name = mysql_result($result, 0, 'l_name');

//set authorization cookie
$inTwoMonths = 60 * 60 * 24 * 60 + time();
setcookie("auth","1", $inTwoMonths);

//prepare message for printing, and user menu
$msg = "<P>$f_name $l_name is authorized!</p>";
$msg .= "<P>Authorized Users' Menu:";
$msg .= "<ul><li><a href=\"help3.php\">secret page</a></ul>";
echo "$msg";
}
else
{
//redirect back to login form if not authorized
header("Location: help1.php";
exit;
}
?>
<html>
<HEAD>
<TITLE>Listing help2.php User Login </TITLE>
</HEAD>

</html>


------------------------------------------------ help3.php -------------------------------------------------
<?php
//if ($_COOKIE[auth] == "1" {
if (isset($_COOKIE['auth']))
{
$msg = "<p>You are an authorized user.</p>";
}
else
{
//redirect back to login form if not authorized
header("Location: help1.php";
exit;
}
?>

<html>
<head>
<title>Listing 15.8 Accessing a restricted page </title>
</head>

<body>
<?php print "$msg"; ?>
</body>
</html>

------------------------------------------------ create_table.sql ------------------------------------------------

use testdb1;

create table auth_users
(
id int not null primary key auto_increment,
f_name varchar(50),
l_name varchar(50),
email varchar(150),
username varchar(25),
password varchar(75)
);

insert into auth_users values (null, 'john', 'doe', 'john@doe.com', 'jdoe', password('doepass'));

Now it works ok....

ps regarding greek fonts now they play kind of ok because if i use utf8 I can see greek fonts coming from php script (echos for example) and not the ones from mysql (?????? instead) and if I use iso-8859-7 exactly the opposite occurs. I suppose it's a wamp's bug and hopefully it will be fixed the soonest possible!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

another reason you may have problems is because you have set your 'id' column in your auth_users table to:
id int not null primary key auto_increment,

you used 'not null' above, yet you set it to null here:
insert into auth_users values (null, 'john', 'doe', 'john@doe.com', 'jdoe', password('doepass'));

since you are not using unique ids and just using null, you could run into problems if you have two users that have the same first and last name. it would cause problems because mysql would detect duplicate rows.

Thanks for replying to my posting wraios. I have made changes like you suggested and unfortunately, this is the error messages displayed in my browser:

Notice: Use of undefined constant username - assumed 'username' in G:\Program Files\Apache Group\Apache2\htdocs\stybook\Hour 15\listing15.8.php on line 3

Notice: Use of undefined constant password - assumed 'password' in G:\Program Files\Apache Group\Apache2\htdocs\stybook\Hour 15\listing15.8.php on line 3

black85

Good morning,
Are you sure that they are single quoted? I mean:
if ((!$_POST['username']) || (!$_POST['password']))
notice 'username' and 'password' ?

One way or another notices are not a significant problem and if you set
error_reporting = E_ALL & ~E_NOTICE
in your php.ini file they will be suppressed.

The code should work fine, doesn't it?

its working now . thanks