There are the following php-files of the site: authmain.php

<?php session_start(); if (isset($_POST['userid']) && isset($_POST['password'])) { // if the user has just tried to log in $userid = $_POST['userid']; $password = $_POST['password']; $db_conn = mysql_connect('localhost', 'webauth', 'webauth'); $query = 'select * from auth ' ."where name='$userid' " ." and password=password('$password')"; $result = mysql_query($query, $db_conn); if ($result->num_rows >0 ) { // if they are in the database register the user id $_SESSION['valid_user'] = $userid; } } ?> <html> <body> <h1>Home page</h1> <? if (isset($_SESSION['valid_user'])) { echo 'You are logged in as: '.$_SESSION['valid_user'].' <br />'; echo '<a href="logout.php">Log out</a><br />'; } else { if (isset($userid)) { // if they've tried and failed to log in echo 'Could not log you in.<br />'; } else { // they have not tried to log in yet or have logged out echo 'You are not logged in.<br />'; } // provide form to log in echo '<form method="post" action="authmain.php">'; echo '<table>'; echo '<tr><td>Userid:</td>'; echo '<td><input type="text" name="userid"></td></tr>'; echo '<tr><td>Password:</td>'; echo '<td><input type="password" name="password"></td></tr>'; echo '<tr><td colspan="2" align="center">'; echo '<input type="submit" value="Log in"></td></tr>'; echo '</table></form>'; } ?> <br /> <a href="members_only.php">Members section</a> </body> </html>

members_only.php

 <?php session_start(); echo '<h1>Members only</h1>'; // check session variable if (isset($_SESSION['valid_user'])) { echo '<p>You are logged in as '.$_SESSION['valid_user'].'</p>'; echo '<p>Members only content goes here</p>'; } else { echo '<p>You are not logged in.</p>'; echo '<p>Only logged in members may see this page.</p>'; } echo '<a href="authmain.php">Back to main page</a>'; ?>

logout.php

 <?php session_start(); // store to test if they *were* logged in $old_user = $_SESSION['valid_user']; unset($_SESSION['valid_user']); session_destroy(); ?> <html> <body> <h1>Log out</h1> <?php if (!empty($old_user)) { echo 'Logged out.<br />'; } else { // if they weren't logged in but came to this page somehow echo 'You were not logged in, and so have not been logged out.<br />'; } ?> <a href="authmain.php">Back to main page</a> </body> </html>

there is also a mysql database created in denwer

 create database auth; use auth; create table auth ( name varchar(lO) not null, pass varchar(30) not null, primary key (name) ); insert into auth values ( 'user', 'pass'); insert into auth values ( 'testuser', password('test123') ); grant select, insert, update, delete on auth.* to webauthglocalhost identified by 'webauth';

At the same time, when I enter testuser and test123 as a user and password, I cannot log in as Couldn't log you in

  • one
    @ ivan31, To format a code, select it with the mouse and click on the button 101010 of the editor. - Artem

1 answer 1

 if (isset($userid)) { // if they've tried and failed to log in echo 'Could not log you in.<br />'; } else { // they have not tried to log in yet or have logged out echo 'You are not logged in.<br />'; }

I certainly did not go into logic, but

 if (isset($userid)) // полный бред если смотреть на то что выводится, в любом случае выводится сообщение об ошибке! Не удается войти, или вы не авторизованы. Просто бред.

Not once already wrote "Put and do not be lazy quotes!"

  $query = "Select * from auth where name='".$userid."' and password=password('".$password."')"; // неужели до сих пор кто-то пользуется в MySql ф-ей PASSWORD() ппц. $result = mysql_query($query, $db_conn); if ($result->num_rows >0 ) // пашет такое? { // if they are in the database register the user id $_SESSION['valid_user'] = $userid; }

There is no desire and time to understand further.

gut

 <?php session_start(); if (isset($_POST['userid']) && isset($_POST['password'])) { // if the user has just tried to log in $userid = $_POST['userid']; $password = $_POST['password']; $db_conn = mysql_connect('localhost', 'webauth', 'webauth'); $query = 'select * from auth ' ."where name='$userid' " ." and password=password('$password')"; $result = mysql_query($query, $db_conn); if ($result->num_rows >0 ) { // if they are in the database register the user id $_SESSION['valid_user'] = $userid; } } ?>

Insert at the end of the file

 echo "<PRE>"; var_dump($_SESSION); echo "<PRE>";

And then sign off what is displayed.

  • Did not work, send answers yet - ivan89
  • 2
    learn how to debug your files! - Artem
  • What error is displayed? - chambo
  • one
    1 Shrek, well done just. My patience is not enough just to answer such a question. - Vfvtnjd
  • So you think I have the patience to answer? I let him admonish, I feel it will be possible to close the question, because TC does not write anything reasonable. Ps marked as "work for the author." for it turns out. - Artem