Login script werkt niet. Waarom werkt hij niet?

Door Robin van der Vliet op 10-06-2010 17:59

1.987 views

Ik heb onderstaande code geschreven maar als ik probeer in te loggen gebeurt er niks, maar als ik iets fout invoer krijg ik wel de melding: "Gebruikersnaam of wachtwoord incorrect.".
Wat doe ik fout?

              <?php

              session_start();

              $con = mysql_connect("*****", "*****", "*****") or die('Kan niet verbinden met de server.' );
              mysql_select_db("*****", $con) or die('Kan de database niet selecteren.' );

              $fetchusers = mysql_query("SELECT * FROM users WHERE id = '" . $_SESSION['id'] . "'");
              $fetchusers = mysql_fetch_assoc($fetchusers);

              if ($_POST['submit'])
              {
                  $username = $_POST['username'];
                  $password = $_POST['password'];
                  $sha1_password = (sha1($password));

                  $check_aantal = mysql_query("Select Count(username) From users Where username = '".mysql_escape_string($username)."' AND sha1_password = '".$sha1_password."'") or die(mysql_error());

                  if (mysql_result($check_aantal, 0))
                  {
                      $_SESSION['id'] = $fetchusers['id'];
                  }
                  else
                  {
                      echo "<br>Gebruikersnaam of wachtwoord incorrect.";
                  }
              }

              if (!isset($_SESSION['ip']))
              {
                  $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
              }
              if ($_SESSION['ip'] != $_SERVER['REMOTE_ADDR'])
              {
                  trigger_error("<br>Session Hijacking gedetecteerd!", E_USER_WARNING);
              }

              if (isset($_SESSION['id']))
              {
                  $fetchusers = mysql_query("SELECT * FROM users WHERE id = '" . $_SESSION['id'] . "'");
                  $fetchusers = mysql_fetch_assoc($fetchusers);

                  echo "<br>Ingelogd als: ".$fetchusers['username'].". | <a href='http://www.robinvandervliet.hostoi.com/myaccount.php?url=".$_SERVER['PHP_SELF']."'>Mijn account</a>. | <a href='http://www.robinvandervliet.hostoi.com/logout.php?url=".$_SERVER['PHP_SELF']."'>Uitloggen</a>.";
              }
              else
              {
                  echo '<form method="post">';
                  echo 'Gebruikersnaam: <input type="text" name="username" size="15"> ';
                  echo 'Wachtwoord: <input type="password" name="password" size="15"> ';
                  echo '<input name="submit" type="submit" value="Inloggen">';
                  echo '</form>';
              }
              ?>

- SanThe -

11-06-2010 00:55

Nette foutafhandeling mist.
Wat is het nut van regel 19?
De $_SESSION['id'] in regel 39 wordt nergens geset.

sander salemander

11-06-2010 01:44

zo beter :P

<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);

require("config.php");
session_start();

if (isset($_POST['submit']))
{
$username = $_POST['username'];
$password = sha1($_POST['password']);

$check_aantal = mysql_query("Select id,username,password,ip From users Where username= '".mysql_escape_string($username)."' AND password = '".$password."'") or die(mysql_error());

if (mysql_num_rows($check_aantal) > 0) {
$row = mysql_fetch_assoc($check_aantal);
}
$_SESSION['id'] = $row['id'];
}
else
{
echo'er ging iets fout';
}

if (!isset($_SESSION['ip']))
{
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
}
if ($_SESSION['ip'] != $_SERVER['REMOTE_ADDR'])
{
trigger_error("<br>Session Hijacking gedetecteerd!", E_USER_WARNING);
}

if (isset($_SESSION['id']))
{
$fetchusers = mysql_query("SELECT * FROM users WHERE id = '" . $_SESSION['id'] . "'");
$fetchusers = mysql_fetch_assoc($fetchusers);

echo "<br>Ingelogd als: ".$fetchusers['username'].". | <a href='myaccount.php?url=".$_SERVER['PHP_SELF']."'>Mijn account</a>. | <a href='http://www.robinvandervliet.hostoi.com/logout.php?url=".$_SERVER['PHP_SELF']."'>Uitloggen</a>.";;
}
else
{
echo '<form method="post">';
echo 'Gebruikersnaam: <input type="text" name="gebruikersnaam" size="15"> ';
echo 'Wachtwoord: <input type="password" name="wachtwoord" size="15"> ';
echo '<input name="submit" type="submit" value="Inloggen">';
echo '</form>';
}
?>

Robin van der Vliet

11-06-2010 08:27 gewijzigd op 11-06-2010 09:03

Het probleem zat gewoon in deze regel.

$fetchusers =  mysql_query("SELECT * FROM users WHERE id = '" .  $_SESSION['id'] . "'");
$fetchusers = mysql_fetch_assoc($fetchusers);

En het moest dit zijn.

$fetchusers = mysql_query("SELECT * FROM users Where username = '".mysql_escape_string($username)."' AND sha1_password = '".$sha1_password."'") or die(mysql_error());
$fetchusers = mysql_fetch_assoc($fetchusers);

*opgelost*

Reageren

Inloggen om te reageren