Login error
Login error
I Have been following the register and login tutorial but the login doesnt work, the register does though.
When i try to login, it keeps saying incorrect password. i have another login code and it also says incorrect pass.
Here is the codes i have.
login.php
[syntax=php]<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password'])){
$errors[] = 'The password cannot be empty.';
}
if (valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'Username and/or Password is incorrect.';
}
if (empty($errors)){
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html><?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password'])){
$errors[] = 'The password cannot be empty.';
}
if (valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'Username and/or Password is incorrect.';
}
if (empty($errors)){
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html>[/syntax]
register.php
[syntax=php]<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password']) || empty($_POST['repeat_password'])){
$errors[] = 'The password cannot be empty.';
}
if ($_POST['password'] !== $_POST['repeat_password']){
$errors[] = 'Password verification failed.';
}
if (user_exists($_POST['username'])){
$errors[] = 'The username you entered is already taken.';
}
if (empty($errors)){
add_user($_POST['username'], $_POST['password']);
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach($errors as $error){
echo "<li>{$error}</li>";
}
?>
<ul>
<?php
}
?>
</div>
<form action="" method="post">
<b>Username:</b>
<br />
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>"/>
<br>
<b>Password:</b>
<br>
<input type="password" name="password" id="password" />
<br>
<b>Repeat Password:</b>
<br>
<input type="password" name="repeat_password" id="repeat_password" />
<br>
<input type="submit" value="Register" />
</form>
<p>
</body>
</html>[/syntax]
Protected.php
[syntax=php]<?php
include('core/init.inc.php');
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<p>
Registration Successful!
<br>
<br>
You are logged in as <?php echo $_SESSION['username']; ?>
<br>
<form action='logout.php' method='POST'>
<input type='submit' value='Logout'>
</form>
</p>
</body>
</html>[/syntax]
Logout.php
[syntax=php]<?php
session_start();
$SESSION = array();
session_destroy();
header('Location: protected.php');
?>[/syntax]
init.inc.php
[syntax=php]<?php
session_start();
$exceptions = array('register', 'login');
$exploded = explode('/', $_SERVER['SCRIPT_NAME']);
$page = substr(end($exploded), 0, -4);
if (in_array($page,$exceptions) === false){
if(isset($_SESSION['username']) === false){
header('Location: login.php');
die();
}
}
mysql_connect('localhost', 'root', '*Not showing*');
mysql_select_db('phplogin');
$path = dirname(__FILE__);
include("{$path}/inc/user.inc.php");
?>][/syntax]
user.inc.php
[syntax=php]<?php
function user_exists($user){
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
function valid_credentials($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}' AND `Password` = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
mysql_query("INSERT INTO `users` (`Username`, `Password`) VALUES ('{$user}', '{$pass}')");
}
?>[/syntax]
When i try to login, it keeps saying incorrect password. i have another login code and it also says incorrect pass.
Here is the codes i have.
login.php
[syntax=php]<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password'])){
$errors[] = 'The password cannot be empty.';
}
if (valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'Username and/or Password is incorrect.';
}
if (empty($errors)){
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html><?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password'])){
$errors[] = 'The password cannot be empty.';
}
if (valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'Username and/or Password is incorrect.';
}
if (empty($errors)){
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html>[/syntax]
register.php
[syntax=php]<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password']) || empty($_POST['repeat_password'])){
$errors[] = 'The password cannot be empty.';
}
if ($_POST['password'] !== $_POST['repeat_password']){
$errors[] = 'Password verification failed.';
}
if (user_exists($_POST['username'])){
$errors[] = 'The username you entered is already taken.';
}
if (empty($errors)){
add_user($_POST['username'], $_POST['password']);
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach($errors as $error){
echo "<li>{$error}</li>";
}
?>
<ul>
<?php
}
?>
</div>
<form action="" method="post">
<b>Username:</b>
<br />
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>"/>
<br>
<b>Password:</b>
<br>
<input type="password" name="password" id="password" />
<br>
<b>Repeat Password:</b>
<br>
<input type="password" name="repeat_password" id="repeat_password" />
<br>
<input type="submit" value="Register" />
</form>
<p>
</body>
</html>[/syntax]
Protected.php
[syntax=php]<?php
include('core/init.inc.php');
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<p>
Registration Successful!
<br>
<br>
You are logged in as <?php echo $_SESSION['username']; ?>
<br>
<form action='logout.php' method='POST'>
<input type='submit' value='Logout'>
</form>
</p>
</body>
</html>[/syntax]
Logout.php
[syntax=php]<?php
session_start();
$SESSION = array();
session_destroy();
header('Location: protected.php');
?>[/syntax]
init.inc.php
[syntax=php]<?php
session_start();
$exceptions = array('register', 'login');
$exploded = explode('/', $_SERVER['SCRIPT_NAME']);
$page = substr(end($exploded), 0, -4);
if (in_array($page,$exceptions) === false){
if(isset($_SESSION['username']) === false){
header('Location: login.php');
die();
}
}
mysql_connect('localhost', 'root', '*Not showing*');
mysql_select_db('phplogin');
$path = dirname(__FILE__);
include("{$path}/inc/user.inc.php");
?>][/syntax]
user.inc.php
[syntax=php]<?php
function user_exists($user){
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
function valid_credentials($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}' AND `Password` = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
mysql_query("INSERT INTO `users` (`Username`, `Password`) VALUES ('{$user}', '{$pass}')");
}
?>[/syntax]
Last edited by TehCrayz on Sun Dec 09, 2012 7:47 pm, edited 2 times in total.
-
- Posts: 205
- Joined: Mon Jul 09, 2012 11:13 pm
Re: Login error
The only thing I see that could be happening is your query is failing or you are entering the wrong username and password...try changing your query in the valid_credentials functions to match the one below.
[syntax=php]
function valid_credentials($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}' AND `Password` = '{$pass}'") or die(mysql_error());
return (mysql_result($total, 0) == '1') ? true : false;
}[/syntax]
By the way you double posted login.php in the same syntax
[syntax=php]
function valid_credentials($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}' AND `Password` = '{$pass}'") or die(mysql_error());
return (mysql_result($total, 0) == '1') ? true : false;
}[/syntax]
By the way you double posted login.php in the same syntax
<?php while(!$succeed = try()); ?>
Re: Login error
ExtremeGaming wrote:The only thing I see that could be happening is your query is failing or you are entering the wrong username and password...try changing your query in the valid_credentials functions to match the one below.
I have changed it but still...no luck...
http://gyazo.com/bfc251404b1682c1ff9f41ac1acfa9c1
-
- Posts: 205
- Joined: Mon Jul 09, 2012 11:13 pm
Re: Login error
Add this to the very first line within your php on login.php, then run your form again.
[syntax=php]error_reporting(E_ALL);
ini_set('display_errors', '1');[/syntax]
[syntax=php]error_reporting(E_ALL);
ini_set('display_errors', '1');[/syntax]
<?php while(!$succeed = try()); ?>
Re: Login error
ExtremeGaming wrote:Add this to the very first line within your php on login.php, then run your form again.
[syntax=php]error_reporting(E_ALL);
ini_set('display_errors', '1');[/syntax]
Ok, i did that but still, it doesn't show anything, it just says incorrect password.
http://gyazo.com/7cc5f1a42f78295f7a80db5278a961ca
[syntax=php]<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password'])){
$errors[] = 'The password cannot be empty.';
}
if (valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'Username and/or Password is incorrect.';
}
if (empty($errors)){
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html>[/syntax]
-
- Posts: 205
- Joined: Mon Jul 09, 2012 11:13 pm
Re: Login error
If there are no errors that means everything should be working correctly. Remove that part because it's useless now.
What is your database structure? The type and max length of characters in your password column.
Example: Varchar (50)
What is your database structure? The type and max length of characters in your password column.
Example: Varchar (50)
<?php while(!$succeed = try()); ?>
Re: Login error
ExtremeGaming wrote:If there are no errors that means everything should be working correctly. Remove that part because it's useless now.
What is your database structure? The type and max length of characters in your password column.
Example: Varchar (50)
http://gyazo.com/3adf950ac618cdce669fd0edb40d9e55
-
- Posts: 205
- Joined: Mon Jul 09, 2012 11:13 pm
Re: Login error
Your error is that sha1() creates a 40-byte password (40 characters in length) and you have a limit of 30 characters in the password field, thus cutting off 10 from the string. Until you fix that and register a new user, you will never be able to log in.
<?php while(!$succeed = try()); ?>
Re: Login error
ExtremeGaming wrote:Your error is that sha1() creates a 32-byte password (32 characters in length) and you have a limit of 30 characters in the password field, thus cutting off 2 from the string. Until you fix that and register a new user, you will never be able to log in.
So i should just make the password length 32?
I did that but it still gives the invalid password error.
http://gyazo.com/de26b57c9976b6abeedca3c0a6538c62
http://gyazo.com/895dc17bf1a5b2e87cb776c6ae1029fc
-
- Posts: 205
- Joined: Mon Jul 09, 2012 11:13 pm
Re: Login error
Sorry I was thinking of md5. I edited the post; sha1 is 40 characters in length.
You will also need to register a new user.
You will also need to register a new user.
<?php while(!$succeed = try()); ?>
Re: Login error
lol, i saw your little 32 - 40 change there, but now it works. THANKS SOO MUCH! YOU ARE A LIFESAVER!