Login error

Post here is you are having problems with any of the tutorials.
Post Reply
User avatar
TehCrayz
Posts: 38
Joined: Mon Dec 03, 2012 7:30 pm
Location: london
Contact:

Login error

Post by TehCrayz »

I Have been following the register and login tutorial but the login doesnt work, the register does though.
When i try to login, it keeps saying incorrect password. i have another login code and it also says incorrect pass.
Here is the codes i have.

login.php
<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty.';
	}
	
	if (valid_credentials($_POST['username'], $_POST['password']) === false){
		$errors[] = 'Username and/or Password is incorrect.';
	}
	
	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}

?>
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
	?>
	<ul>
		<?php
			
			foreach ($errors as $error){
				echo "<li>{$error}</li>";
			}
			
		?>
	</ul>
	<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html><?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty.';
	}
	
	if (valid_credentials($_POST['username'], $_POST['password']) === false){
		$errors[] = 'Username and/or Password is incorrect.';
	}
	
	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}

?>
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
	?>
	<ul>
		<?php
			
			foreach ($errors as $error){
				echo "<li>{$error}</li>";
			}
			
		?>
	</ul>
	<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html>
register.php
<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The password cannot be empty.';
	}
	
	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'Password verification failed.';
	}
	
	if (user_exists($_POST['username'])){
		$errors[] = 'The username you entered is already taken.';
	}
	
	if (empty($errors)){
		add_user($_POST['username'], $_POST['password']);
		
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}



?>
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title></title>
</head>
<body>
<div>
<?php

if (empty($errors) === false){
	?>
	<ul>
		<?php
			foreach($errors as $error){
				echo "<li>{$error}</li>";
			}
		?>
	<ul>
	<?php
}

?>
</div>
<form action="" method="post">
<b>Username:</b>
<br />
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>"/>
<br>
<b>Password:</b>
<br>
<input type="password" name="password" id="password" />
<br>
<b>Repeat Password:</b>
<br>
<input type="password" name="repeat_password" id="repeat_password" />
<br>
<input type="submit" value="Register" />
</form>
<p>
</body>
</html>
Protected.php
<?php 
include('core/init.inc.php');
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
	<p>
		Registration Successful!
		<br>
		<br>
		You are logged in as <?php echo $_SESSION['username']; ?>
		<br>
		<form action='logout.php' method='POST'>
			<input type='submit' value='Logout'>
		</form>
	</p>
</body>
</html>
Logout.php
<?php

session_start();

$SESSION = array();

session_destroy();

header('Location: protected.php');

?>
init.inc.php
<?php

session_start();

$exceptions = array('register', 'login');

    $exploded = explode('/', $_SERVER['SCRIPT_NAME']);
    $page = substr(end($exploded), 0, -4);


if (in_array($page,$exceptions) === false){
	if(isset($_SESSION['username']) === false){
		header('Location: login.php');
		die();
	}
}

mysql_connect('localhost', 'root', '*Not showing*');
mysql_select_db('phplogin');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>]
user.inc.php
<?php

function user_exists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
}

function valid_credentials($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = sha1($pass);
	
	$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}' AND `Password` = '{$pass}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
}

function add_user($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = sha1($pass);
	
	mysql_query("INSERT INTO `users` (`Username`, `Password`) VALUES ('{$user}', '{$pass}')");
}

?>
Last edited by TehCrayz on Sun Dec 09, 2012 7:47 pm, edited 2 times in total.
ExtremeGaming
Posts: 205
Joined: Mon Jul 09, 2012 11:13 pm

Re: Login error

Post by ExtremeGaming »

The only thing I see that could be happening is your query is failing or you are entering the wrong username and password...try changing your query in the valid_credentials functions to match the one below.
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = sha1($pass);
	
	$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}' AND `Password` = '{$pass}'") or die(mysql_error());
	
	return (mysql_result($total, 0) == '1') ? true : false;
}
By the way you double posted login.php in the same syntax
<?php while(!$succeed = try()); ?>
User avatar
TehCrayz
Posts: 38
Joined: Mon Dec 03, 2012 7:30 pm
Location: london
Contact:

Re: Login error

Post by TehCrayz »

ExtremeGaming wrote:The only thing I see that could be happening is your query is failing or you are entering the wrong username and password...try changing your query in the valid_credentials functions to match the one below.
I have changed it but still...no luck... :(
http://gyazo.com/bfc251404b1682c1ff9f41ac1acfa9c1
ExtremeGaming
Posts: 205
Joined: Mon Jul 09, 2012 11:13 pm

Re: Login error

Post by ExtremeGaming »

Add this to the very first line within your php on login.php, then run your form again.
error_reporting(E_ALL);
ini_set('display_errors', '1');
<?php while(!$succeed = try()); ?>
User avatar
TehCrayz
Posts: 38
Joined: Mon Dec 03, 2012 7:30 pm
Location: london
Contact:

Re: Login error

Post by TehCrayz »

ExtremeGaming wrote:Add this to the very first line within your php on login.php, then run your form again.
error_reporting(E_ALL);
ini_set('display_errors', '1');
Ok, i did that but still, it doesn't show anything, it just says incorrect password.
http://gyazo.com/7cc5f1a42f78295f7a80db5278a961ca
<?php     
error_reporting(E_ALL);
ini_set('display_errors', '1');


include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty.';
	}
	
	if (valid_credentials($_POST['username'], $_POST['password']) === false){
		$errors[] = 'Username and/or Password is incorrect.';
	}
	
	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}

?>
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
	?>
	<ul>
		<?php
			
			foreach ($errors as $error){
				echo "<li>{$error}</li>";
			}
			
		?>
	</ul>
	<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html>
ExtremeGaming
Posts: 205
Joined: Mon Jul 09, 2012 11:13 pm

Re: Login error

Post by ExtremeGaming »

If there are no errors that means everything should be working correctly. Remove that part because it's useless now.

What is your database structure? The type and max length of characters in your password column.

Example: Varchar (50)
<?php while(!$succeed = try()); ?>
User avatar
TehCrayz
Posts: 38
Joined: Mon Dec 03, 2012 7:30 pm
Location: london
Contact:

Re: Login error

Post by TehCrayz »

ExtremeGaming wrote:If there are no errors that means everything should be working correctly. Remove that part because it's useless now.

What is your database structure? The type and max length of characters in your password column.

Example: Varchar (50)
http://gyazo.com/3adf950ac618cdce669fd0edb40d9e55
ExtremeGaming
Posts: 205
Joined: Mon Jul 09, 2012 11:13 pm

Re: Login error

Post by ExtremeGaming »

Your error is that sha1() creates a 40-byte password (40 characters in length) and you have a limit of 30 characters in the password field, thus cutting off 10 from the string. Until you fix that and register a new user, you will never be able to log in.
<?php while(!$succeed = try()); ?>
User avatar
TehCrayz
Posts: 38
Joined: Mon Dec 03, 2012 7:30 pm
Location: london
Contact:

Re: Login error

Post by TehCrayz »

ExtremeGaming wrote:Your error is that sha1() creates a 32-byte password (32 characters in length) and you have a limit of 30 characters in the password field, thus cutting off 2 from the string. Until you fix that and register a new user, you will never be able to log in.
So i should just make the password length 32?
I did that but it still gives the invalid password error.

http://gyazo.com/de26b57c9976b6abeedca3c0a6538c62
http://gyazo.com/895dc17bf1a5b2e87cb776c6ae1029fc
ExtremeGaming
Posts: 205
Joined: Mon Jul 09, 2012 11:13 pm

Re: Login error

Post by ExtremeGaming »

Sorry I was thinking of md5. I edited the post; sha1 is 40 characters in length.

You will also need to register a new user.
<?php while(!$succeed = try()); ?>
User avatar
TehCrayz
Posts: 38
Joined: Mon Dec 03, 2012 7:30 pm
Location: london
Contact:

Re: Login error

Post by TehCrayz »

lol, i saw your little 32 - 40 change there, but now it works. THANKS SOO MUCH! YOU ARE A LIFESAVER! :D
Post Reply