Private_Message_System - Can't seem to Login?
Posted: Tue Aug 28, 2012 5:43 pm
Hi,
I was going through your "Private Message System Tutorial", everything was going smoothly, until I reached near the end of Video 04.
For some reason, I can't seem to login to the inbox. I type in a correct username, and password from my database into the login fields, and I get the "Login Failed" error.
I'm new to PHP, and a novice at coding, but I have had some experience here and there with coding. As far as I can tell, I entered everything in correctly.
NOTE: My database has the fields id, username, and password. Not user_id, user_name, and user_password. My Database is named "seas".
index.php:
I was going through your "Private Message System Tutorial", everything was going smoothly, until I reached near the end of Video 04.
For some reason, I can't seem to login to the inbox. I type in a correct username, and password from my database into the login fields, and I get the "Login Failed" error.
I'm new to PHP, and a novice at coding, but I have had some experience here and there with coding. As far as I can tell, I entered everything in correctly.
NOTE: My database has the fields id, username, and password. Not user_id, user_name, and user_password. My Database is named "seas".
index.php:
<?php
include("core/init.inc.php");
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="ext/css/main.css" />
<title>Really Good Message Thingy</title>
</head>
<body>
<div id="wrap">
<?php
include($include_file);
?>
</div>
</body>
init.inc.php:
<?php
$core_path = dirname(__FILE__);
if (empty($_GET['page']) ||
in_array("{$_GET['page']}.page.inc.php", scandir("{$core_path}/pages")) == false){
header('HTTP/1.1 404 Not Found');
header('Location: index.php?page=inbox');
die();
}
session_start();
mysql_connect("localhost", "root", "");
mysql_select_db("seas");
include("{$core_path}/inc/users.inc.php");
if (isset($_POST['username'], $_POST['password'])){
if (($user_id = validate_credentials($_POST['username'], $_POST['password'])) !== false){
$_SESSION['id'] = $user_id;
header('Location: index.php?page=inbox');
die();
}
}
if (empty($_SESSION['id']) && $_GET['page'] !== 'login'){
header('HTTP/1.1 403 Forbidden');
header('Location: index.php?page=login');
die();
}
$include_file = "{$core_path}/pages/{$_GET['page']}.page.inc.php";
?>
Login.page.inc.php:<h1>Login</h1>
<?php
if (isset($_POST['username'], $_POST['password'])){
echo '<div class="msg error">Login Failed.</div>';
}
?>
<form action="index.php?page=login" method="post">
<div>
<label for="username"> Name</label>
<input type="text" name="username" id="username" />
</div>
<div>
<label for="password">Password</label>
<input type="password" name="password" id="password" />
</div>
<div>
<input type="submit" value="Login" />
</div>
</form>
users.inc.php:
<?php
// Checks a given username and password combination, returning the users ID
function validate_credentials($username, $password){
$username = mysql_real_escape_string($username);
$password = sha1($password);
$result = mysql_query("SELECT id FROM users WHERE username = '$username' AND password = '$password'");
if (mysql_num_rows($result) != 1){
return false;
}
return mysql_result($result, 0);
}
?>