Login/Register doesn't work

[scrapemist]

I'm new to PHP, and i've come a long way so far.
But for some reason my code aint workin.

- When I'm on the login page the Register here won't direct me to register.php..
- Also, when I try to login, it says username/password incorrect thou im sure it isnt..

I've checked for errors, both in the appache log and on PHP Code Checker: nothing seems wrong.

It al happend when I wrote the foreachloops in login.php and register php.
Something wrong there?


login.php

<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}

	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty.';
	}

	if (valid_credentials($_POST['username'], $_POST['password']) === false){
		$errors[] = 'Username / Password incorrect.';
	}

	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);

		header('Location: protected.php');
		die();
	}
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
	<!--<link rel="stylesheet" type="text/css" href="ext/css/style.css" />-->
		<title></title>
	</head>
	<body>
		<div>
			<?php

			if (empty($errors) === false){
				?>
				<ul>
					<?php

					foreach ($errors as $error){
						echo "<li>{$error}</li>";
					}

					?>
				</ul>
				<?php
			}else{
				echo 'Need an account ? <a href="register.php">Register here</a>';
			}

			?>
		</div>
		<form action="" method="post">
			<p>
				<label for="username">Username:</label>
				<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>"/>
			</p>
			<p>
				<label for="passwprd">Password:</label>
				<input type="password" name="password" id="password" />
			</p>
			<p>
				<input type="submit" value="Login" />
			</p>
		</form>
	</body>
</html>

register.php

<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])) {
		$errors[] = 'The username cannot be emty.';
	}

	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The password cannot be empty.';
	}

	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'Password verification faild.';
	}

	if (user_exists($_POST['username'])){
		$errors[] = 'The username you entered is already taken';
	}

	if (empty($errors)){
		add_user($_POST['username'], $_POST['password']);

		$_SESSION['username'] = htmlentities($_POST['username']);

		header('Location: protected.php');
		die();
	}
}

//Registreerformulier
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
	<!--<link rel="stylesheet" type="text/css" href="ext/css/style.css" />-->
		<title></title>
	</head>
	<body>
		<div>
			<?php

			if (empty($errors) === false){
				?>
				<ul>
					<?php

					foreach ($errors as $error) {
						echo "<li>{$error}</li>";
					}

					?>
				</ul>
				<?php
			}

			?>
		</div >
		<form action="" method="post">
			<p>
				<label for="username">Username:</label>
				<input type="text" name="username"  id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
			</p>
			<p>
				<label for="password">Password:</label>
				<input type="password" name="password"  id="password" />
			</p>
			<p>
				<label for="repeat_password">Repeat Password:</label>
				<input type="password" name="repeat_password"  id="repeat_password" />
			</p>
			<p>
				<input type="submit" value="Register" />
			</p>
		</from>
	</body>
</html>

logout.php

<?php

session_start();

$_SESSION = array();

session_destroy();

header('Location: protected.php')

?>

protected.php

<?php include('core/init.inc.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
	<!--<link rel="stylesheet" type="text/css" href="ext/css/style.css" />-->
		<title></title>
	</head>
	<body>
		<p>
			You are now logged in as <?php echo $_SESSION['username']; ?>
		</p>
		<p>
			<a href="logout.php">Logout ?</a>
		</p>
	</body>
</html>

init.inc.php

<?php

session_start();

$exceptions = array('regist','login');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: login.php');
		die();
	}
}

mysql_connect('host', 'user', 'password');
mysql_select_db('user_system');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>

user.inc.php

<?php

//controleert of de gebruikersnaam al bestaat in de database.
function user_exists($user){
	$user = mysql_real_escape_string($user);

	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");

	return (mysql_result($total, 0) == '1') ? true : false;
}

//controleert of gebruikersnaam en wachtwoord kloppen.
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = sha1($pass);

	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{pass}'");

	return (mysql_result($total, 0) == '1') ? true : false;
}

// voegt de gebruiker toe aan de database.
function add_user($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = sha1($pass);

	mysql_query("INSERT INTO `users` (`user_name`, `user_password`) VALUES ('{$user}', '{$pass}')");
}

?>

[KnightMaire]

What happens when you manually go to register.php from the URL

[scrapemist]

it directs me to login.php

[KnightMaire]

The problem is in your init. You never finished spelling out "register" in the exceptions.

EDIT: or you have one too many characters.

[scrapemist]

Do!
Register works now
Thanks for the quick reply!

any clue what the second problem causes?
now I can create another user but when I logout, it wont recognize the username/password anymore..

[ExtremeGaming]

There could be a conflict caused by you registering the user with htmlentities and logging in without it. That would convert characters like < to < and login would just be looking for <.

Second possibility is, your query is failing. You can try running the query on another page and add

return mysql_error();

above the the other return. And instead of

if(valid_credentials(blah, blah) === false) {

just do:

echo valid_credentials("something", "something");

[KnightMaire]

Do!
Register works now
Thanks for the quick reply!

any clue what the second problem causes?
now I can create another user but when I logout, it wont recognize the username/password anymore..

go through the steps starting from the bottom and make sure all the values are as you expect. Of course, there's going to be one that you don't expect and that is where your problem will lie.

Useful debug functions: echo, var_dump(), print_r().

[scrapemist]

forgot an $ before pass in the mysqlquery...
Thanks for the tip knightmaire!

Also thanks to ExtremeGaming for the suggestion!

pfff freakin typo's... PHP is ruthless

now i can finally enjoy the rest of my weekend..