account system not working.
Posted: Tue Jul 12, 2011 9:19 pm
its not logging in, comes up with wrong password or username. but the register page works.
login page:
login page:
<?php include('init.inc.php'); $errors = array(); if (isset($_POST['email'], $_POST['password'])){ if (empty($_POST['email'])){ $errors[] = 'You must have an email.'; } if (empty($_POST['password'])){ $errors[] = 'the password cannot be empty.'; } if (valid_credentials($_POST['email'], $_POST['password']) === false){ $errors[] = 'Email or password is incorect.'; } if (empty($errors)){ $_SESSION['user'] = htmlentities($_POST['user']); header('location: user/'); die(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Login </title> <link href="../style.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="container"> <div id="headcontainer"> <div id="navbar"> <a id="navhome" href="/">Home</a> <a id="navabout" href="/">About</a> <a id="navevents" href="/">Events</a> <a id="navcontact" href="/">Contact</a> <a id="navaccount" href="/">Account</a> </div> </div> <div id="bodycontainer"> <div id="categories"> </div> <div id="rightnav"> <div id="fb"> </div> <div id="twitter"> Follow me on twitter to recieve huge saving coupon codes </div> <div id="shipping"> </div> <div id="cfdylf"> <h4>Cant find a design you were looking for?<br />Find one here! Then fill out the form below and I will purchase it, to make it for you.<form method="post" action=""> <input type="submit" value="request form"/> </form></h4> </div> </div> <div id="body"> <div id="logintext"> <?php if (empty($errors) === false){ ?> <ul> <?php foreach ($errors as $error){ echo "<li>{$error}</li>"; } ?> </ul> <?php }else{ echo 'To have an account you must make a purchase'; } ?> <h4> Enter Account Infomation </h4> <form method="POST" action=""> Email: <input type="text" name="email" value="<?php if (isset($_POST['email'])) echo htmlentities($_POST['email']); ?>"/><br> Password: <input type="text" name="password"/><br> <input type="submit" value="Log In" name="login"> </form><br /> </div> </div> </div> </div> </body> </html>init.inc page:
<?php ob_start(); session_start(); mysql_connect('localhost','',''); mysql_select_db(''); echo mysql_error(); include('core/user.inc.php'); $exception = array('register', 'login'); $page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4); if (in_array($page, $exception) === false){ if (isset($_SESSION['user']) == false){ header('location: login.php'); die(); } }user.inc.php page:
<?php //checks if the given username is in the table function user_exists($user){ $user = mysql_real_escape_string($user); $total = mysql_query("SELECT COUNT(`acc_id`) FROM `accounts` WHERE `acc_email` = '{$user}'"); return (mysql_result($total, 0) == '1') ? true : false; } // checks if the given username and passwword is valid function valid_credentials($user, $pass){ $user = mysql_real_escape_string($user); $pass = sha1($pass); $total = mysql_query("SELECT COUNT(`acc_id`) FROM `accounts` WHERE `acc_email` = '{$user}' AND `acc_password` = '{$pass}'"); return (mysql_result($total, 0) == '1') ? true : false; } // adds user to the database function add_user($user, $pass){ $user = mysql_real_escape_string(htmlentities($user)); $pass = sha1($pass); mysql_query("INSERT INTO `accounts` (`acc_email`, `acc_password`) VALUES ('{$user}', '{$pass}')"); } ?>