Login error
Posted: Sat Dec 08, 2012 9:30 pm
I Have been following the register and login tutorial but the login doesnt work, the register does though.
When i try to login, it keeps saying incorrect password. i have another login code and it also says incorrect pass.
Here is the codes i have.
login.php
[syntax=php]<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password'])){
$errors[] = 'The password cannot be empty.';
}
if (valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'Username and/or Password is incorrect.';
}
if (empty($errors)){
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html><?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password'])){
$errors[] = 'The password cannot be empty.';
}
if (valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'Username and/or Password is incorrect.';
}
if (empty($errors)){
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html>[/syntax]
register.php
[syntax=php]<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password']) || empty($_POST['repeat_password'])){
$errors[] = 'The password cannot be empty.';
}
if ($_POST['password'] !== $_POST['repeat_password']){
$errors[] = 'Password verification failed.';
}
if (user_exists($_POST['username'])){
$errors[] = 'The username you entered is already taken.';
}
if (empty($errors)){
add_user($_POST['username'], $_POST['password']);
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach($errors as $error){
echo "<li>{$error}</li>";
}
?>
<ul>
<?php
}
?>
</div>
<form action="" method="post">
<b>Username:</b>
<br />
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>"/>
<br>
<b>Password:</b>
<br>
<input type="password" name="password" id="password" />
<br>
<b>Repeat Password:</b>
<br>
<input type="password" name="repeat_password" id="repeat_password" />
<br>
<input type="submit" value="Register" />
</form>
<p>
</body>
</html>[/syntax]
Protected.php
[syntax=php]<?php
include('core/init.inc.php');
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<p>
Registration Successful!
<br>
<br>
You are logged in as <?php echo $_SESSION['username']; ?>
<br>
<form action='logout.php' method='POST'>
<input type='submit' value='Logout'>
</form>
</p>
</body>
</html>[/syntax]
Logout.php
[syntax=php]<?php
session_start();
$SESSION = array();
session_destroy();
header('Location: protected.php');
?>[/syntax]
init.inc.php
[syntax=php]<?php
session_start();
$exceptions = array('register', 'login');
$exploded = explode('/', $_SERVER['SCRIPT_NAME']);
$page = substr(end($exploded), 0, -4);
if (in_array($page,$exceptions) === false){
if(isset($_SESSION['username']) === false){
header('Location: login.php');
die();
}
}
mysql_connect('localhost', 'root', '*Not showing*');
mysql_select_db('phplogin');
$path = dirname(__FILE__);
include("{$path}/inc/user.inc.php");
?>][/syntax]
user.inc.php
[syntax=php]<?php
function user_exists($user){
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
function valid_credentials($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}' AND `Password` = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
mysql_query("INSERT INTO `users` (`Username`, `Password`) VALUES ('{$user}', '{$pass}')");
}
?>[/syntax]
When i try to login, it keeps saying incorrect password. i have another login code and it also says incorrect pass.
Here is the codes i have.
login.php
[syntax=php]<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password'])){
$errors[] = 'The password cannot be empty.';
}
if (valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'Username and/or Password is incorrect.';
}
if (empty($errors)){
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html><?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password'])){
$errors[] = 'The password cannot be empty.';
}
if (valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'Username and/or Password is incorrect.';
}
if (empty($errors)){
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html>[/syntax]
register.php
[syntax=php]<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if (empty($_POST['password']) || empty($_POST['repeat_password'])){
$errors[] = 'The password cannot be empty.';
}
if ($_POST['password'] !== $_POST['repeat_password']){
$errors[] = 'Password verification failed.';
}
if (user_exists($_POST['username'])){
$errors[] = 'The username you entered is already taken.';
}
if (empty($errors)){
add_user($_POST['username'], $_POST['password']);
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach($errors as $error){
echo "<li>{$error}</li>";
}
?>
<ul>
<?php
}
?>
</div>
<form action="" method="post">
<b>Username:</b>
<br />
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>"/>
<br>
<b>Password:</b>
<br>
<input type="password" name="password" id="password" />
<br>
<b>Repeat Password:</b>
<br>
<input type="password" name="repeat_password" id="repeat_password" />
<br>
<input type="submit" value="Register" />
</form>
<p>
</body>
</html>[/syntax]
Protected.php
[syntax=php]<?php
include('core/init.inc.php');
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<p>
Registration Successful!
<br>
<br>
You are logged in as <?php echo $_SESSION['username']; ?>
<br>
<form action='logout.php' method='POST'>
<input type='submit' value='Logout'>
</form>
</p>
</body>
</html>[/syntax]
Logout.php
[syntax=php]<?php
session_start();
$SESSION = array();
session_destroy();
header('Location: protected.php');
?>[/syntax]
init.inc.php
[syntax=php]<?php
session_start();
$exceptions = array('register', 'login');
$exploded = explode('/', $_SERVER['SCRIPT_NAME']);
$page = substr(end($exploded), 0, -4);
if (in_array($page,$exceptions) === false){
if(isset($_SESSION['username']) === false){
header('Location: login.php');
die();
}
}
mysql_connect('localhost', 'root', '*Not showing*');
mysql_select_db('phplogin');
$path = dirname(__FILE__);
include("{$path}/inc/user.inc.php");
?>][/syntax]
user.inc.php
[syntax=php]<?php
function user_exists($user){
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
function valid_credentials($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}' AND `Password` = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
mysql_query("INSERT INTO `users` (`Username`, `Password`) VALUES ('{$user}', '{$pass}')");
}
?>[/syntax]