MySQL login issue

Nulty

I'm trying to make a login script appear on every page of my site like it is here on boards. I've used include and it all works fine except when I try to use an else statement for when the user logs in.

[PHP]<?php if (!isset($_SESSION)) { echo "
<form id='login' name='login' method='post' action='<?php echo $loginFormAction; ?>'>
Username:
<label>
<input type='text' name='username' id='username' />
<br />
Password:
<input type='password' name='pwd' id='pwd' />
<br />
<input type='button' name='signup' id='signup' value='Sign Up!' onClick='parent.location=\"fsiregister_users.php\"' />
<input type='submit' name='doLogin' id='doLogin' value='Login' />
</label>
</form>";
} else {
echo "Welcome, " . $_SESSION; } ?> [/PHP]

I get an error message when I click login using this code

Forbidden

You don't have permission to access /blah-blah.com/< on this server.

When I remove the conditional statement completely it works. Is there something obvious I'm missing?

Seth Brundle

The issue isn't with MySQL though but with your PHP code & server.
What happens when you try something like:
[php]<?php if (!isset($_SESSION)) { echo "Hello World";
} else {
echo "Welcome, " . $_SESSION; } ?> [/php]

Can you get the Session username printing at all?
Are any PHP session variables working?
See http://www.computing.net/answers/webdevel/php-sessions-not-working/571.html

Nulty

Thanks kbannon

It outputs "Hello World".

The problem only presents itself when clicking the "login" button, not when the page loads.

If I remove the the conditional statement on a page "a", login on that page and then navigate to page "b" which has the original script on it, it outputs the else condition "Welcome, Username" fine.

Page a would just have this on it

[HTML]<form id='login' name='login' method='post' action='<?php echo $loginFormAction; ?>'>
Username:
<label>
<input type='text' name='username' id='username' />
<br />
Password:
<input type='password' name='pwd' id='pwd' />
<br />
<input type='button' name='signup' id='signup' value='Sign Up!' onClick='parent.location=\"fsiregister_users.php\"' />
<input type='submit' name='doLogin' id='doLogin' value='Login' />
</label>
</form>[/HTML]

Seth Brundle

FYI I edited my post above as you were posting

Nulty

Yeah the SESSION variable are working fine, just not in this particular case

Seth Brundle

If you look at the source code of the generated page, where is the form's action attribute pointing to?

If I remove the the conditional statement on a page "a", login on that page and then navigate to page "b" which has the original script on it, it outputs the else condition "Welcome, Username" fine.

Page a would just have this on it

Have a look at http://www.html-form-guide.com/php-form/php-login-form.html

Nulty

Its almost as if the server doesn't like the access of the database through a php script. If I remove the else part of the if statement, I get the same message. The problem is in wrapping the login html and probably the action='<?php echo $loginFormAction; ?>' in a php script.

Seth Brundle

your database isn't being accessed by that particular script.
If you look at the source code of the generated page, where is the form's action attribute pointing to?

if you try this also what is the result (both in the generated HTML and the effect:
[php]<?php if (!isset($_SESSION)) { echo "
<form id='login' name='login' method='post' action='" . $loginFormAction . "'>
Username:
<label>
<input type='text' name='username' id='username' />
<br />
Password:
<input type='password' name='pwd' id='pwd' />
<br />
<input type='button' name='signup' id='signup' value='Sign Up!' onClick='parent.location=\"fsiregister_users.php\"' />
<input type='submit' name='doLogin' id='doLogin' value='Login' />
</label>
</form>";
} else {
echo "Welcome, " . $_SESSION; } ?> [/php]

Nulty

[PHP]$loginFormAction = $_SERVER;[/PHP]

then i call an include that refers to the entire login script

Seth Brundle

Whats the form action in the HTML?

Nulty

Perfect kbannon! thanks.

the concatanation worked. I knew there was something fishy about echoing the php action attribute.

Thanks a million

Nulty

kbannon wrote: »

Whats the form action in the HTML?

Its a bit redundant now that the problem is solved but, I don't understand what your asking there.

Seth Brundle

You're welcome.
Stick the cheque in the post please!

Seth Brundle

Nulty wrote: »

Its a bit redundant now that the problem is solved but, I don't understand what your asking there.

I was trying to find out what the parsed PHP code was returning in the HTML served to the browser (view the served page source code in your browser [in Internet Explorer press Alt & V and then C])

Nulty

It returns

<form id='login' name='login' method='post' action='/blah-blah.com/index.php'>

strangely enough.

Seth Brundle

But earlier I'd say that the HTML was more like
action='<?php echo $loginFormAction; ?>'>
i.e. not parsed!

Nulty

Yeah thats exactly how it was happening before.

I'm getting a better understanding of it all now.

I couldn't use the $_POST variable on any other page the login script is used on or else it may be used to log someone in instead of another imagianary reason I might want to use it.

if (isset($_POST['username'])) {
  $loginUsername=$_POST['username'];
  $password=$_POST['pwd'];

I'm guessing - I $_POST the username and pwd through $loginformaction, which equals PHP_SELF, which searches the script on the current page for refence to the $_POST variables and the script starts working.

Thanks again kbannon.