i follow the register and login tutorials but this is not easy for me. Earlier on i tested the register page and there were some mistakes(my mistakes obviously) and now i am testing the login page and again there is something not good. When i lo in the message incorrect username and password always appears. But i know that the username and password are right.
I don't know really where to look for any mistakes so i looked everywhere and especially by the function valid_credentials in user.inc.php and the login.php but i don't see any errors. After a while i saw only {} [''];:"'@$&<>/\. And maybe that is why i missed a mistake.
Here is the code;
user.inc.php
<?php //bestaat de gebruikersnaam in de database function user_exists($user){ $user = mysql_real_escape_string($user); $total = mysql_query("SELECT COUNT('user_id') FROM `user_system` WHERE `user_name` = '{$user}'"); return (mysql_result($total, 0) == '1') ? true : false; } //is de gebruikersnaam en paswoord combinatie correct function valid_credentials($user, $pass){ $user = mysql_real_escape_string($user); $pass = sha1($pass); $total = mysql_query("SELECT COUNT('user_id') FROM `user_system` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'"); return (mysql_result($total, 0) == '1') ? true : false; } function is_active($user){ $user = mysql_real_escpe_string($user); $sql = "SELECT COUNT(`user_activations`. `user_id`) FROM `users` INNER JOIN `user_activations` ON `users`, `user_id` = `user_activations`,`user_id` WHERE `users`,`user_name` = '{$user}'"; $result = mysql_query($sql); return (mysql_result($result, 0) == '0') ? true : false; } function activate_account($aid){ $aid = mysql_real_escape_string($aid); mysql_query("DELETE FROM `user_activations` WHERE `activations_code` = '{$aid}'"); } //paswoord vergeten function random_string($length){ $charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9))); shuffle($charset); $password = array_slice($charset, 0, $length); return implode('', $password); } //voegt een gebruiker toe aan de database function add_user($user, $email, $pass){ $user = mysql_real_escape_string(htmlentities($user)); $email = mysql_real_escape_string($email); $pass = sha1($pass); $charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9))); $aid = implode('', array_rand($charset, 10)); $body = <<<EMAIL Hallo, dank voor het registreren, voordat je gaat inloggen is het nodig dat je je account gaat activeren. omdat de doen kan je gewoon op deze link klikken, http://www.robcnossen.nl/activate.php?aid={$aid} EMAIL; mail($email, 'je nieuwe account in robbcnossen.nl', $body, 'From: robcnossen@quicknet.nl'); mysql_query("INSERT INTO `user_system` (`user_name`, `user_password`, `user_email`) VALUES ('{$user}', '{$pass}', '{$email}')"); $user_id = mysql_insert_id(); mysql_query("INSERT INTO `user_activations` (`user_id`, `activations_code`) VALUES ({$user_id}, '{$aid}')"); } ?>login.php
<?php include('init.inc.php'); $errors = array(); if (isset($_POST['username'], $_POST['password'])){ if (empty($_POST['username'])){ $errors[] = 'De gebruikersnaam mag niet leeg wezen.'; } if (empty($_POST['password'])){ $errors[] = 'Het paswoord mag niet leeg zijn.'; } if (valid_credentials($_POST['username'], sha1($_POST['password'])) === false){ $errors[] = 'Gebruikersnaam/paswoord zijn niet goed ingevuld.'; } if (empty($errors) &&is_active($_POST['username']) === false){ $errors[] = 'Deze account is niet geactiveerd.'; } if (empty($errors)){ if(isset($_POST['set_cookie']) && $_POST['set_cookie'] == '1'){ setcookie('username', $_POST['username'], time() + 684800); setcookie('password', sha1($_POST['password']), time() + 684800); } $_SESSION['username'] = htmlentities($_POST['username']); header('location:beschermd.php'); die(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <div> <?php if (empty($errors) === false){ ?> <ul> <?php foreach ($errors as $error){ echo"<li>{$error}</li>"; } ?> </ul> <?php }else{ echo 'Wil je je inschrijven? <a href="register.php">Schrijf je hier in</a>'; } ?> </p> <form action="" method="post"> <p> <label for="username">Gebruikersnaam:</label> <input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username'])?>" /> </p> <p> <label for="password">Paswoord:</label> <input type="password" name="password" id="password" /> </p> <p> <label for="set_cookie">Onthoud mij:</label> <input type="checkbox" name="set_cookie" id="set_cookie" value="1" /> </p> <p> <input type="submit" value="Login" /> </div> <a href="forgot_pass.php">Paswoord vergeten? Klik hier.</a> </body> </html>The table structure is;
user_id int(6) auto_increment;
user_name varchar(24);
user_password char(40);
user_email varchar(128);
I hope someone can help me.
Thanks in advance.
Robbedoesie