Login/Register doesn't work

Post here is you are having problems with any of the tutorials.
Post Reply
scrapemist
Posts: 4
Joined: Sat Jan 12, 2013 6:37 pm

Login/Register doesn't work

Post by scrapemist »

I'm new to PHP, and i've come a long way so far.
But for some reason my code aint workin.

- When I'm on the login page the Register here won't direct me to register.php..
- Also, when I try to login, it says username/password incorrect thou im sure it isnt..

I've checked for errors, both in the appache log and on PHP Code Checker: nothing seems wrong.

It al happend when I wrote the foreachloops in login.php and register php.
Something wrong there?


login.php
<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}

	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty.';
	}

	if (valid_credentials($_POST['username'], $_POST['password']) === false){
		$errors[] = 'Username / Password incorrect.';
	}

	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);

		header('Location: protected.php');
		die();
	}
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
	<!--<link rel="stylesheet" type="text/css" href="ext/css/style.css" />-->
		<title></title>
	</head>
	<body>
		<div>
			<?php

			if (empty($errors) === false){
				?>
				<ul>
					<?php

					foreach ($errors as $error){
						echo "<li>{$error}</li>";
					}

					?>
				</ul>
				<?php
			}else{
				echo 'Need an account ? <a href="register.php">Register here</a>';
			}

			?>
		</div>
		<form action="" method="post">
			<p>
				<label for="username">Username:</label>
				<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>"/>
			</p>
			<p>
				<label for="passwprd">Password:</label>
				<input type="password" name="password" id="password" />
			</p>
			<p>
				<input type="submit" value="Login" />
			</p>
		</form>
	</body>
</html>
register.php
<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])) {
		$errors[] = 'The username cannot be emty.';
	}

	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The password cannot be empty.';
	}

	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'Password verification faild.';
	}

	if (user_exists($_POST['username'])){
		$errors[] = 'The username you entered is already taken';
	}

	if (empty($errors)){
		add_user($_POST['username'], $_POST['password']);

		$_SESSION['username'] = htmlentities($_POST['username']);

		header('Location: protected.php');
		die();
	}
}

//Registreerformulier
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
	<!--<link rel="stylesheet" type="text/css" href="ext/css/style.css" />-->
		<title></title>
	</head>
	<body>
		<div>
			<?php

			if (empty($errors) === false){
				?>
				<ul>
					<?php

					foreach ($errors as $error) {
						echo "<li>{$error}</li>";
					}

					?>
				</ul>
				<?php
			}

			?>
		</div >
		<form action="" method="post">
			<p>
				<label for="username">Username:</label>
				<input type="text" name="username"  id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']) ?>" />
			</p>
			<p>
				<label for="password">Password:</label>
				<input type="password" name="password"  id="password" />
			</p>
			<p>
				<label for="repeat_password">Repeat Password:</label>
				<input type="password" name="repeat_password"  id="repeat_password" />
			</p>
			<p>
				<input type="submit" value="Register" />
			</p>
		</from>
	</body>
</html>
logout.php
<?php

session_start();

$_SESSION = array();

session_destroy();

header('Location: protected.php')

?>
protected.php
<?php include('core/init.inc.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
	<!--<link rel="stylesheet" type="text/css" href="ext/css/style.css" />-->
		<title></title>
	</head>
	<body>
		<p>
			You are now logged in as <?php echo $_SESSION['username']; ?>
		</p>
		<p>
			<a href="logout.php">Logout ?</a>
		</p>
	</body>
</html>
init.inc.php
<?php

session_start();

$exceptions = array('regist','login');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array($page, $exceptions) === false){
	if (isset($_SESSION['username']) === false){
		header('Location: login.php');
		die();
	}
}

mysql_connect('host', 'user', 'password');
mysql_select_db('user_system');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>
user.inc.php
<?php

//controleert of de gebruikersnaam al bestaat in de database.
function user_exists($user){
	$user = mysql_real_escape_string($user);

	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");

	return (mysql_result($total, 0) == '1') ? true : false;
}

//controleert of gebruikersnaam en wachtwoord kloppen.
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = sha1($pass);

	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{pass}'");

	return (mysql_result($total, 0) == '1') ? true : false;
}

// voegt de gebruiker toe aan de database.
function add_user($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = sha1($pass);

	mysql_query("INSERT INTO `users` (`user_name`, `user_password`) VALUES ('{$user}', '{$pass}')");
}

?>
Last edited by scrapemist on Sat Jan 12, 2013 7:50 pm, edited 1 time in total.
User avatar
KnightMaire
Posts: 29
Joined: Thu May 05, 2011 9:03 pm

Re: Login/Register doesn't work

Post by KnightMaire »

What happens when you manually go to register.php from the URL
scrapemist
Posts: 4
Joined: Sat Jan 12, 2013 6:37 pm

Re: Login/Register doesn't work

Post by scrapemist »

it directs me to login.php :|
User avatar
KnightMaire
Posts: 29
Joined: Thu May 05, 2011 9:03 pm

Re: Login/Register doesn't work

Post by KnightMaire »

The problem is in your init. You never finished spelling out "register" in the exceptions.

EDIT: or you have one too many characters.
scrapemist
Posts: 4
Joined: Sat Jan 12, 2013 6:37 pm

Re: Login/Register doesn't work

Post by scrapemist »

Do!
Register works now :)
Thanks for the quick reply!

any clue what the second problem causes?
now I can create another user but when I logout, it wont recognize the username/password anymore..
ExtremeGaming
Posts: 205
Joined: Mon Jul 09, 2012 11:13 pm

Re: Login/Register doesn't work

Post by ExtremeGaming »

There could be a conflict caused by you registering the user with htmlentities and logging in without it. That would convert characters like < to < and login would just be looking for <.

Second possibility is, your query is failing. You can try running the query on another page and add
return mysql_error();
above the the other return. And instead of
if(valid_credentials(blah, blah) === false) {
just do:
echo valid_credentials("something", "something");
Last edited by ExtremeGaming on Sat Jan 12, 2013 7:32 pm, edited 1 time in total.
<?php while(!$succeed = try()); ?>
User avatar
KnightMaire
Posts: 29
Joined: Thu May 05, 2011 9:03 pm

Re: Login/Register doesn't work

Post by KnightMaire »

scrapemist wrote:Do!
Register works now :)
Thanks for the quick reply!

any clue what the second problem causes?
now I can create another user but when I logout, it wont recognize the username/password anymore..
go through the steps starting from the bottom and make sure all the values are as you expect. Of course, there's going to be one that you don't expect and that is where your problem will lie.

Useful debug functions: echo, var_dump(), print_r().
scrapemist
Posts: 4
Joined: Sat Jan 12, 2013 6:37 pm

Re: Login/Register doesn't work

Post by scrapemist »

forgot an $ before pass in the mysqlquery...
Thanks for the tip knightmaire!

Also thanks to ExtremeGaming for the suggestion!

pfff freakin typo's... PHP is ruthless ;)

now i can finally enjoy the rest of my weekend..
Post Reply