Page 1 of 1

account system not working.

Posted: Tue Jul 12, 2011 9:19 pm
by foxcad2
its not logging in, comes up with wrong password or username. but the register page works.
login page:
<?php
include('init.inc.php');

$errors = array();

if (isset($_POST['email'], $_POST['password'])){
	if (empty($_POST['email'])){
		$errors[] = 'You must have an email.';	
	}
	
	if (empty($_POST['password'])){
		$errors[] = 'the password cannot be empty.';
	}
	
	if (valid_credentials($_POST['email'], $_POST['password']) === false){
		$errors[] = 'Email or password is incorect.';
	}
	
	if (empty($errors)){
		$_SESSION['user'] = htmlentities($_POST['user']);
		
		header('location: user/');
		die();
	}
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login </title>
<link href="../style.css" rel="stylesheet" type="text/css" />
</head>

<body>
<div id="container">

	<div id="headcontainer">
		<div id="navbar">
        <a id="navhome" href="/">Home</a>
        <a id="navabout" href="/">About</a>
        <a id="navevents" href="/">Events</a>
        <a id="navcontact" href="/">Contact</a>
        <a id="navaccount" href="/">Account</a>
        

        </div>
	</div>
		
        	<div id="bodycontainer">
		<div id="categories">
        
                            </div>
           
			<div id="rightnav">
            	<div id="fb">
                </div>
            	<div id="twitter">
                Follow me on twitter to recieve huge saving coupon codes
                </div>
                <div id="shipping">
                </div>
              <div id="cfdylf">
                <h4>Cant find a design you were looking for?<br />Find one here!
                Then fill out the form below and I will purchase it, to make it for you.<form method="post" action="">
                <input type="submit" value="request form"/>
                </form></h4>
              </div>
            </div> 
            <div id="body">
            	<div id="logintext">
             <?php
							 if (empty($errors) === false){
								?>
                                	<ul>
                                    	<?php
										
										foreach ($errors as $error){
										echo "<li>{$error}</li>";
										}
										?>
                                    </ul> 
									<?php
							 }else{
								 echo 'To have an account you must make a purchase';
							 }
							 
							 ?>
                            <h4> Enter Account Infomation </h4>
                <form method="POST" action="">
               Email: <input type="text" name="email" value="<?php if (isset($_POST['email'])) echo htmlentities($_POST['email']); ?>"/><br>
                Password: <input type="text" name="password"/><br>
                <input type="submit" value="Log In" name="login">
                </form><br />
            	</div>
            </div>
		</div>
	

</div>
</body>
</html>
init.inc page:
<?php
ob_start();
session_start();
mysql_connect('localhost','','');
mysql_select_db('');
echo mysql_error();
include('core/user.inc.php');

$exception = array('register', 'login');

$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);

if (in_array($page, $exception) === false){
	if (isset($_SESSION['user']) == false){
		header('location: login.php');
		die();
	}
}
user.inc.php page:
<?php
//checks if the given username is in the table
function user_exists($user){
	$user = mysql_real_escape_string($user);
	
	$total = mysql_query("SELECT COUNT(`acc_id`) FROM `accounts` WHERE `acc_email` = '{$user}'");
	
	
	return (mysql_result($total, 0) == '1') ? true : false;
	
}
// checks if the given username and passwword is valid
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = sha1($pass);
	
	$total = mysql_query("SELECT COUNT(`acc_id`) FROM `accounts` WHERE `acc_email` = '{$user}' AND `acc_password` = '{$pass}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
}

// adds user to the database
function add_user($user, $pass){
	$user = mysql_real_escape_string(htmlentities($user));
	$pass = sha1($pass);
	
	mysql_query("INSERT INTO `accounts` (`acc_email`, `acc_password`) VALUES ('{$user}', '{$pass}')");
}






?>

Re: account system not working.

Posted: Tue Jul 12, 2011 11:30 pm
by jacek
Wow a 4 word post. :roll:

If you expect any kind of serious answer you will have to give a bit more information than that.

Re: account system not working.

Posted: Wed Jul 13, 2011 1:21 am
by foxcad2
cleaned up

Re: account system not working.

Posted: Wed Jul 13, 2011 9:03 am
by jacek
foxcad2 wrote:cleaned up
foxcad2 wrote: comes up with wrong password or username. but the register page works.
Okay :D

I can't see anything in the code that would cause that right away, so can you make sure you have your error_reporting level set to E_ALL. you can do that by adding
ini_set('display_errors', 'On');
error_reporting(E_ALL);
to the top of the login page.

If that does not show anything up when you try to log in, try adding
echo mysql_error();
after the query in the valid_credentials() function.

And then if that does not show anything up, make sure that the password field in your database is not set to less than 40 characters.