BetterPHP

The non-existent community
https://betterphp.co.uk/board/

Login error

https://betterphp.co.uk/board/viewtopic.php?t=2064

Page 1 of 1

Login error

Posted: Sat Dec 08, 2012 9:30 pm
by TehCrayz
I Have been following the register and login tutorial but the login doesnt work, the register does though.
When i try to login, it keeps saying incorrect password. i have another login code and it also says incorrect pass.
Here is the codes i have.

login.php 
<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty.';
	}
	
	if (valid_credentials($_POST['username'], $_POST['password']) === false){
		$errors[] = 'Username and/or Password is incorrect.';
	}
	
	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}

?>
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
	?>
	<ul>
		<?php
			
			foreach ($errors as $error){
				echo "<li>{$error}</li>";
			}
			
		?>
	</ul>
	<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html><?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty.';
	}
	
	if (valid_credentials($_POST['username'], $_POST['password']) === false){
		$errors[] = 'Username and/or Password is incorrect.';
	}
	
	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}

?>
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
	?>
	<ul>
		<?php
			
			foreach ($errors as $error){
				echo "<li>{$error}</li>";
			}
			
		?>
	</ul>
	<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html>
register.php 
<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	if (empty($_POST['password']) || empty($_POST['repeat_password'])){
		$errors[] = 'The password cannot be empty.';
	}
	
	if ($_POST['password'] !== $_POST['repeat_password']){
		$errors[] = 'Password verification failed.';
	}
	
	if (user_exists($_POST['username'])){
		$errors[] = 'The username you entered is already taken.';
	}
	
	if (empty($errors)){
		add_user($_POST['username'], $_POST['password']);
		
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}



?>
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title></title>
</head>
<body>
<div>
<?php

if (empty($errors) === false){
	?>
	<ul>
		<?php
			foreach($errors as $error){
				echo "<li>{$error}</li>";
			}
		?>
	<ul>
	<?php
}

?>
</div>
<form action="" method="post">
<b>Username:</b>
<br />
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>"/>
<br>
<b>Password:</b>
<br>
<input type="password" name="password" id="password" />
<br>
<b>Repeat Password:</b>
<br>
<input type="password" name="repeat_password" id="repeat_password" />
<br>
<input type="submit" value="Register" />
</form>
<p>
</body>
</html>
Protected.php 
<?php 
include('core/init.inc.php');
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
	<p>
		Registration Successful!
		<br>
		<br>
		You are logged in as <?php echo $_SESSION['username']; ?>
		<br>
		<form action='logout.php' method='POST'>
			<input type='submit' value='Logout'>
		</form>
	</p>
</body>
</html>
Logout.php 
<?php

session_start();

$SESSION = array();

session_destroy();

header('Location: protected.php');

?>
init.inc.php 
<?php

session_start();

$exceptions = array('register', 'login');

    $exploded = explode('/', $_SERVER['SCRIPT_NAME']);
    $page = substr(end($exploded), 0, -4);


if (in_array($page,$exceptions) === false){
	if(isset($_SESSION['username']) === false){
		header('Location: login.php');
		die();
	}
}

mysql_connect('localhost', 'root', '*Not showing*');
mysql_select_db('phplogin');

$path = dirname(__FILE__);

include("{$path}/inc/user.inc.php");

?>]
user.inc.php 
<?php

function user_exists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
}

function valid_credentials($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = sha1($pass);
	
	$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}' AND `Password` = '{$pass}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
}

function add_user($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = sha1($pass);
	
	mysql_query("INSERT INTO `users` (`Username`, `Password`) VALUES ('{$user}', '{$pass}')");
}

?>

Re: Login error

Posted: Sat Dec 08, 2012 9:59 pm
by ExtremeGaming
The only thing I see that could be happening is your query is failing or you are entering the wrong username and password...try changing your query in the valid_credentials functions to match the one below.
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = sha1($pass);
	
	$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `Username` = '{$user}' AND `Password` = '{$pass}'") or die(mysql_error());
	
	return (mysql_result($total, 0) == '1') ? true : false;
}
By the way you double posted login.php in the same syntax

Re: Login error

Posted: Sat Dec 08, 2012 10:08 pm
by TehCrayz
ExtremeGaming wrote:The only thing I see that could be happening is your query is failing or you are entering the wrong username and password...try changing your query in the valid_credentials functions to match the one below.
I have changed it but still...no luck... :(
http://gyazo.com/bfc251404b1682c1ff9f41ac1acfa9c1

Re: Login error

Posted: Sun Dec 09, 2012 1:53 am
by ExtremeGaming
Add this to the very first line within your php on login.php, then run your form again.
error_reporting(E_ALL);
ini_set('display_errors', '1');

Re: Login error

Posted: Sun Dec 09, 2012 8:55 am
by TehCrayz
ExtremeGaming wrote:Add this to the very first line within your php on login.php, then run your form again.
error_reporting(E_ALL);
ini_set('display_errors', '1');
Ok, i did that but still, it doesn't show anything, it just says incorrect password.
http://gyazo.com/7cc5f1a42f78295f7a80db5278a961ca 
<?php     
error_reporting(E_ALL);
ini_set('display_errors', '1');


include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'The username cannot be empty.';
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'The password cannot be empty.';
	}
	
	if (valid_credentials($_POST['username'], $_POST['password']) === false){
		$errors[] = 'Username and/or Password is incorrect.';
	}
	
	if (empty($errors)){
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}

?>
<html>
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title></title>
</head>
<body>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
<div>
<?php
if (empty($errors) === false){
	?>
	<ul>
		<?php
			
			foreach ($errors as $error){
				echo "<li>{$error}</li>";
			}
			
		?>
	</ul>
	<?php
}else{
echo 'Need an account? <a href="register.php">Register here</a>!';
}
?>
</div>
</body>
</html>

Re: Login error

Posted: Sun Dec 09, 2012 4:34 pm
by ExtremeGaming
If there are no errors that means everything should be working correctly. Remove that part because it's useless now.

What is your database structure? The type and max length of characters in your password column.

Example: Varchar (50)

Re: Login error

Posted: Sun Dec 09, 2012 7:18 pm
by TehCrayz
ExtremeGaming wrote:If there are no errors that means everything should be working correctly. Remove that part because it's useless now.

What is your database structure? The type and max length of characters in your password column.

Example: Varchar (50)
http://gyazo.com/3adf950ac618cdce669fd0edb40d9e55

Re: Login error

Posted: Sun Dec 09, 2012 7:29 pm
by ExtremeGaming
Your error is that sha1() creates a 40-byte password (40 characters in length) and you have a limit of 30 characters in the password field, thus cutting off 10 from the string. Until you fix that and register a new user, you will never be able to log in.

Re: Login error

Posted: Sun Dec 09, 2012 7:42 pm
by TehCrayz
ExtremeGaming wrote:Your error is that sha1() creates a 32-byte password (32 characters in length) and you have a limit of 30 characters in the password field, thus cutting off 2 from the string. Until you fix that and register a new user, you will never be able to log in.
So i should just make the password length 32?
I did that but it still gives the invalid password error.

http://gyazo.com/de26b57c9976b6abeedca3c0a6538c62
http://gyazo.com/895dc17bf1a5b2e87cb776c6ae1029fc

Re: Login error

Posted: Sun Dec 09, 2012 7:42 pm
by ExtremeGaming
Sorry I was thinking of md5. I edited the post; sha1 is 40 characters in length.

You will also need to register a new user.

Re: Login error

Posted: Sun Dec 09, 2012 7:44 pm
by TehCrayz
lol, i saw your little 32 - 40 change there, but now it works. THANKS SOO MUCH! YOU ARE A LIFESAVER! :D
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited