Jump to content

Php Authentication Script Prob

MikeW

By MikeW
in Scripting Talk

 Share

Recommended Posts

MikeW Rookie

MikeW

Posted
Posted

Hiya All,

 

First time posting within the family forums in a long time (just got another domain after being away fer a bit)

 

Anyway, lookin' for some help

Have a MySql Dbase with a Users table, to which of course holds user info - username and password

I have inserted the user info into the dbase with a config *.sql file.

The syntax I used was

 

>insert into users(username, password, fullname, company, email, phone) values ('mwells', sha1('Te5t3r'), 'Mike Wells', 'EMT', 'mwells@emt.com', '847.123.1234');

 

Now the problem I am having is that, whenever I test authentication, it does not seem to pass and I get my "Failure" message (within the login.php file).

If I echo the $_REQUEST the info passed to the login script is correct. Any ideas on why I cannot get this to start my session??

 

login.php

><?php
// Set up error reporting display
ini_set('display_errors', 1);
error_reporting(E_ALL);

include_once('cafs_fns.php');

 if ( (!isset($_REQUEST['username'])) || (!isset($_REQUEST['password'])) ) 
 {
echo 'You must enter your username and password to proceed';
exit;
 }

 $username = $_REQUEST['username'];
 $password = $_REQUEST['password'];

if (login($username, $password)) 
 {
$_SESSION['auth_user'] = $username;
  header('Location: '.$_SERVER['HTTP_REFERER']);
 }
 else 
 {
echo '<br>';
echo 'The credentials you have entered are incorrect<br>';
echo 'You must enter in a valid Username & Password to continue';
exit;
 }
?>

 

cafs_fns holds my connect to...script and an auth_fns script, to which also includes the login form itself

 

auth_fns.php

><?php

// Set up error reporting display
ini_set('display_errors', 1);
error_reporting(E_ALL); 
// Check username and password with db
 function login($username, $password)
 {
// connect to db
$handle = db_connect();
if (!$handle)
  return 0;

$result = mysql_query("select * from users,
						  where username='$username' and
							password = sha1($password)", $handle);
if (!$result)
{
  return 0;
}
if ($result->mysql_num_rows>0)
{
  return 1;
}
else 
{
  return 0;
}
 }

 function check_auth_user()
 // see if somebody is logged in and notify them if not
 {
global $_SESSION;
if (isset($_SESSION['auth_user']))
{
  return true;
}
else
{
  return false;
}
 }
 function login_form()
 {
?>
<p> </p>
<div id="global">
<form action='../cafs/admin/login.php' method='POST'>
<table border=0>
<tr>
  <td>Username</td>
  <td><input size='16' name='username'></td>
</tr>
<tr>
  <td>Password</td>
  <td><input size='16' type='password' name='password'></td>
</tr>
</table>
<input type='submit' value='Log in'>
</form>
</div>
<?php
 }

 function check_permission($username, $file)
 // check user has permission to act on this record 
 {
// connect to db
$handle = db_connect();
if (!$handle)
  return 0;

if(!$_SESSION['auth_user'])
  return 0;

$result = mysql_query("select * from user_permissions up, uploads d
						  where up.user = '{$_SESSION['auth_user']}' and
							  up.company = d.client and
							  d.id = $file
						  ", $handle);
if (!$result)
{
  return 0;
}
if ($result->mysql_num_rows>0)
{
  return 1;
}
else 
{
  return 0;
}
 }
?>

 

Thanks Ahead of Time All!!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...