PHP Tutorial: Register and Login (Cookie Extension) [part 01

[Djmann1013]

I typed what the tutorial said, and it says my password and username is incorrect. Here is the code I typed:

init.inc.php file:

[syntax=php]

<?php
//init.inc.php file
session_start();

$exceptions = array('signup', 'login', 'index');

$page = substr(end(explode( '/', $_SERVER['SCRIPT_NAME'])), 0, -4);

// SQL stuff.
mysql_connect('SQL host','username','password');
mysql_select_db('database name');

include('user.inc.php');

//$_SESSION['uid'] = 1;

if (isset($_COOKIE['username'], $_COOKIE['password'])){

if (valid_credentials($_COOKIE['username'], $_COOKIE['password'])){
$_SESSION['username'] = htmlentities($_COOKIE['username']);

setcookie('username', $_COOKIE['username'], time() + 3600);
setcookie('password', $_COOKIE['password'], time() + 3600);

}

}


if (in_array($page, $exceptions) === false){
if (isset($_SESSION['username']) === false){
header( 'Location: login.php' );
die();
}
}



?>
[/syntax]

Login.php
[syntax=php]

<?php
include('init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){

if (empty($_POST['username'])){
$errors[] = 'The username field is empty.';
}
if (empty($_POST['password'])){
$errors[] = 'The password field is empty.';
}

if (valid_credentials($_POST['username'], sha1($_POST['password'])) === false){
$errors[] = 'Username or password is incorrect.';
}

if (empty($errors)){

setcookie('username', $_POST['username'], time() + 3600);
setcookie('password', sha1($_POST['password']), time() + 3600);

$username = $_POST['username'];
session_register("username");

header( 'Location: home.php' );

}
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html>

<body>

<form action="" method="post">
<p>

<?php
if (empty($errors) === false){

?>

<ul>

<?php

foreach ($errors as $error){
echo "<center><li>[$error]</li></center>";
}

?>

</ul>

<?

}
?>

</p>
<input type="text" name="username" id="username" placeholder="Username" maxlength="40" value="<?php if (isset($_POST['username'])){ echo htmlentities($_POST['username']); } ?>"><br><br>

<input type="password" name="password" placeholder="Password"><br><br>

<input type="submit" value="Login">

</form>

</body>

</html>

[/syntax]

The problem is that it won't let me login. It's kinda annoying since I was looking for hours on the internet.

[Temor]

The problem is likely within the valid_credentials function. Could you post the code for that?

[Djmann1013]

[syntax=php]

if (valid_credentials($_POST['username'], sha1('password'))) === false){
$errors[] = 'Username or password is incorrect.';
}

[/syntax]

Exactly from the video, also this:

[syntax=php]

if (isset($_COOKIE['username'], $_COOKIE['password'])){

if (valid_credentials($_POST['username'], $_POST['password'])){
$_SESSION['username'] = htmlentities($_COOKIE['username']);

setcookie('username', $_COOKIE['username'], time() + 3600);
setcookie('password', $_COOKIE['password'], time() + 3600);

}

}


[/syntax]

[Temor]

That's not the code I asked for. Post the code for the function. Not where you use the function.

[Djmann1013]

Sorry, I meant this:

[syntax=php]
function valid_credentials($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);

$total = mysql_query("SELECT COUNT('user_id') FROM `users` WHERE `user_username` = '{$user}' AND `user_password` = '{$pass}'");

return (mysql_result($total, 0) == '1') ? true: false;

}


[/syntax]

[Temor]

Your problem is that you're applying the sha1 hash twice. Once when you call it, and once inside the function.
Remove the one where you call it and keep the one inside the function.

[Djmann1013]

Now I am getting this error with this code:

error: Parse error: syntax error, unexpected T_IS_IDENTICAL in /home/a8913488/public_html/login.php on line 18

code:
[syntax=php]

if (valid_credentials($_POST['username'], $_POST['password'])) === false){
$errors[] = 'Username or password is incorrect.';
}

user.inc.php file:

function valid_credentials($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);

$total = mysql_query("SELECT COUNT('user_id') FROM `users` WHERE `user_username` = '{$user}' AND `user_password` = '{$pass}'");

return (mysql_result($total, 0) == '1') ? true: false;

}[/syntax]

[Temor]

it is not expecting the triple equals ( === false ). Change that to two equals.

[Djmann1013]

It's fixed now, thanks!