h1234

i changed it but still same issues this is my register.php <?php include("config/connect.php");?> <?php if(isset($_POST['submit'])){ $username = $_POST['username']; $name = $_POST['name']; $surname = $_POST['surname']; $email = $_POST['email']; $password = $_POST['password']; $password_again = $_POST['password_again']; if($password !== $password_again){ echo '<img class="logo" src="logo.png" width=" 382" height="122 " alt=""> <br/>'; echo "Your passwords do not match <br/>"; echo '<a href="index.php">Back to Sign up <br/> </a>'; exit(); } if(strlen($username) > 30){ echo '<img class="logo" src="logo.png" width=" 382" height="122 " alt=""> <br/>'; echo "Your username is too long <br/>"; echo '<a href="index.php">Back to Sign up </a>'; exit(); } if(empty($username) OR empty($name) OR empty($surname) OR empty($email)){ echo '<img class="logo" src="logo.png" width=" 382" height="122 " alt=""> <br/>'; echo "all the fields marked with * are required<br/>"; echo '<a href="index.php">Back to Sign up <br/> </a>'; exit(); } $hash=hash('sha256',$password); //user exists functions start function user_exists($username){ GLOBAL $dbc; $username = mysqli_real_escape_string($dbc, $username); $check=mysqli_query($dbc,"SELECT COUNT(`user_id` )FROM `users` WHERE `username` = '$username'"); $qry=mysqli_fetch_array($check); return ($qry[0]==1)?true:false; } //user exists funtion ends if(user_exists($username)===true){ echo '<img class="logo" src="logo.png" width=" 382" height="122 " alt="voucher"> <br/>'; echo ' this username exists <br/>'; echo '<a href="index.php">Back to Sign up <br/> </a>'; exit(); } else { // funtion for salts function createSalt() { $text = md5(uniqid(rand(), true)); return substr($text, 0, 3); } // end salt function $salt = createSalt(); $password = hash('sha256', $salt . $hash); //sanatize data $username = mysqli_real_escape_string($dbc, $username); $name = mysqli_real_escape_string($dbc, $name); $surname = mysqli_real_escape_string($dbc, $surname); $email = mysqli_real_escape_string($dbc, $email); $query ="INSERT INTO `users`(user_id, username , password , name , surname, email ,salt) VALUES ('$user_id','$username' , '$password' , '$name' , '$surname' ,'$email' , '$salt') "; mysqli_query($dbc,$query); mysqli_close($dbc); header('LOCATION:index.php'); exit(); } } else { echo "Sorry, registration did not work , try again <br/>"; echo '<a href="index.php">Back to Sign up <br/> </a>'; exit(); } ?> this is the login.php <?php include("config/connect.php");?> <?php if(isset($_POST['submit'])){ $username=$_POST['username']; $password=$_POST['password']; $username=mysqli_real_escape_string($dbc,$username); $query="SELECT `password`, `salt` FROM `users` WHERE `username`='$username'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0)//user not found redirect to home page { echo '<img class="logo" src="logo.png" width=" 382" height="122 " alt="voucher"> <br/>'; echo 'your username and or password is incorrect<br/>'; echo '<a href="index.php">Back to Sign up <br/> </a>'; //header('Location:index.php'); exit(); } $userdata=mysqli_fetch_array($result,MYSQL_ASSOC); $hash=hash('sha256', $userdata['salt'] . hash('sha256',$password)); if($hash != $userdata['password'])// incorrect password.redirect to login form again { echo '<img class="logo" src="logo.png" width=" 382" height="122 " alt="voucher"> <br/>'; echo 'password or username combination is incorrect <br/>'; echo '<a href="index.php">Back to Sign up <br/> </a>'; //header('Location:index.php'); exit(); } else{ // redirect to homepage after successfull login echo 'you are logged in'; //header('Location:world.php'); } }//close first if echo var_dump(__FILE__, __LINE__, $_REQUEST); //echo var_dump($dbc); ?> any ideas it still says incorrect password , does this code look ok?

i used this method in the signup for the password function createSalt() { $text = md5(uniqid(rand(), true)); return substr($text, 0, 3); } // end salt function $salt = createSalt(); $hash='hash'; $password = hash('sha256', $salt . $hash); //sanatize data $username = mysqli_real_escape_string($dbc, $username); $name = mysqli_real_escape_string($dbc, $surname); $surname = mysqli_real_escape_string($dbc, $surname); $email = mysqli_real_escape_string($dbc, $email); $query ="INSERT INTO `users`( username , name , surname , password, email ,salt) VALUES ('$username' , '$password' , '$email' , '$name' ,'$surname' , '$salt') "; mysqli_query($dbc,$query); mysqli_close($dbc);

in the database the password is char(128) and the salt is char(128) as well.

<?php include("config/connect.php");?> <?php if(isset($_POST['submit'])){ $username=$_POST['username']; $password=$_POST['password']; $username=mysqli_real_escape_string($dbc,$username); $query="SELECT `password`, `salt` FROM `users` WHERE `username`='$username'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0)//user not found redirect to home page { echo '<img class="logo" src="logo.png" width=" 382" height="122 " alt="voucher"> <br/>'; echo 'your username and or password is incorrect<br/>'; echo '<a href="index.php">Back to Sign up <br/> </a>'; //header('Location:index.php'); exit(); } $userdata=mysqli_fetch_array($result,MYSQL_ASSOC); $hash=hash('sha256', $userdata['salt'] . hash('sha256',$password)); if($hash != $userdata['password'])// incorrect password.redirect to login form again { echo '<img class="logo" src="logo.png" width=" 382" height="122 " alt="voucher"> <br/>'; echo 'password or username combination is incorrect <br/>'; echo '<a href="index.php">Back to Sign up <br/> </a>'; //header('Location:index.php'); exit(); } else{ // redirect to homepage after successfull login echo 'you are logged in'; //header('Location:head.php'); } }//close first if echo var_dump($dbc); ?> i think problem could be with the query but i am not sure any ideas ? :/ thanks

i think it may be my password thats not working :/ you have any ideas?

thanks it displays error messages now . but now my code is not logging me in even tho my password and username is correct. it displays thats it incorrect and i have been looking for hours , do you perhaps see something wrong with the query? or the paswords salts? thanks man <?php include("config/connect.php");?> <?php if(isset($_POST['submit'])){ $username=$_POST['username']; $password=$_POST['password']; $username=mysqli_real_escape_string($dbc,$username); $query="SELECT `password`, `salt` FROM `users` WHERE `username`='$username'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0)//user not found redirect to home page { echo '<img class="logo" src="logo.png" width=" 382" height="122 " alt="voucher"> <br/>'; echo 'your username and or password is incorrect<br/>'; echo '<a href="index.php">Back to Sign up <br/> </a>'; //header('Location:index.php'); exit(); } $userdata=mysqli_fetch_array($result,MYSQL_ASSOC); $hash=hash('sha256',$userdata['salt'] . hash('sha256',$password)); if($hash != $userdata['password'])// incorect password.redirect to login form again { echo '<img class="logo" src="logo.png" width=" 382" height="122 " alt="voucher"> <br/>'; echo 'password or username combination is incorrect <br/>'; echo '<a href="index.php">Back to Sign up <br/> </a>'; //header('Location:index.php'); exit(); } else{ // redirect to homepage after successfull login echo 'you are logged in'; //header('Location:index.php'); } }//close first if ?>

i am not using sessions as yet .firstly i would like to test the login script but I am unable to log in with password. the password does not recognize only the username is recognized to either exist or not. The problem is that as long as i type in the correct username the password does not matter i dont even need to type a password in . Does anyone have a solution? this is the login.php <?php include("config/connect.php");?> <?php if(isset($_POST['submit'])){ $username=$_POST['username']; $password=$_POST['password']; $username=mysqli_real_escape_string($dbc,$username); $query="SELECT `password`, `salt` FROM `users` WHERE `username`='$username'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0)//user not found redirect to home page { echo '<img class="logo" src="logo.png" width=" 382" height="122 " alt="voucher"> <br/>'; echo 'your username was not found.Please sign up <br/>'; echo '<a href="index.php">Back to Sign up <br/> </a>'; header('Locations:index.php'); exit(); } $userdata=mysqli_fetch_array($result,MYSQL_ASSOC); $hash=hash('sha256',$userdata['salt'] . hash('sha256',$password)); if($hash != $userdata['password'])// incorect password.redirect to login form again { echo '<img class="logo" src="logo.png" width=" 382" height="122 " alt="voucher"> <br/>'; echo 'password is incorrect <br/>'; echo '<a href="index.php">Back to Sign up <br/> </a>'; header('Location:index.php'); exit(); } else{ // redirect to homepage after successfull login echo 'you are logged in'; header('Location:index.php'); } }//close first if ?>

Awsome man . it seems to be working as i see the different user_id display correct within the array. but now i get this error and it does not stay logged in. this is what i get in the log.php Notice: Undefined index: username in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 218 Notice: Undefined index: name in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 219 Notice: Undefined index: surname in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 220 Notice: Undefined index: email in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 221 Notice: Undefined index: username in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 218 Notice: Undefined index: name in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 219 Notice: Undefined index: surname in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 220 Notice: Undefined index: email in /Applications/XAMPP/xamppfiles/htdocs/php/testing/config/functions/users.php on line 221 successfully logged in! Array ( [user_id] => 6 [username] => [name] => [surname] => [email] => )

i just changed code and now it doesnt logged me in at all. the code below does not work. Where must this be placed after the login function? it says i am not logged in if(login($username, $password)) { // successfully logged in! // Session data is already reloaded with users data printf('<pre>%s</pre>', print_r($_SESSION, true)); } else { // did not successfully login } if(logged_in()===true){ $session_user_id=$_SESSION['user_id']; $user_data = user_data($session_user_id,'user_id','username','password','name' ,'surname' ,'email'); //$_SESSION['user_id','username','password','name' ,'surname' ,'email']; //echo $user_data['name']; if(user_active($user_data['username'])=== false){ session_destroy(); header('Location:index.php'); exit(); } } //else echo "cannot retreive data"; only logs in with the old code in init.php

another thing is that user_data is being used to change passwords as well.

thanks but what happens to this functions as i use this to state what files are protected for example and this states what user can see it links to. When i use the if statement to check when user is logged in i get undefined variables for username and password. function logged_in(){ GLOBAL $dbc; return isset($_SESSION['user_id']) ; } this was whats in my init.php file i am not using the $user_data anymore but if i do then it doesnt recognise .It still doesnt echo out the name. the session is started in this file if(logged_in()===true){ $session_user_id=$_SESSION['user_id']; $user_data = user_data($session_user_id,'user_id','username','password','name' ,'surname' ,'email'); //echo $user_data['name']; if(user_active($user_data['username'])=== false){ session_destroy(); header('Location:index.php'); exit(); } } you been a great help so far. thanks man

Thanks man but how? im new to php

i have put 3 users on my database. If i login with all 3 it works there is no problem(providing correct username and password matches). The problem is that it recognizes all 3 users as the first user. even if i check password it will display all three users password the same(all tho when i log in i have to have correct password and username for each user) as the first user which is user id 1. When i echo username or name or surname it displays the first users name or surname whatever i echo , no matter who i log in with I am not sure whats going on here at all. here is my code for the login functions i think the problems lies here i know this is not the best code but there must be a way to fix this users.php <?php function register_user($register_data){ Global $dbc; array_walk($register_data,'array_sanatize'); $register_data['password']= md5($register_data['password']); $fields='`'.implode('`, `',array_keys( $register_data)).'`'; $data='\''.implode('\', \'', $register_data).'\''; //print_r($register_data); mysqli_query($dbc," INSERT INTO `users` ($fields) VALUES ($data)"); //mysqli_error($dbc); } function user_data($user_id){ Global $dbc; $data=array(); $user_id = (int)$user_id; $func_num_args=func_num_args(); $func_get_args=func_get_args(); if($func_num_args >=1){ unset($func_get_args[0]); $fields='`'.implode('`, `', $func_get_args).'`'; $data=mysqli_query($dbc," SELECT $fields FROM `users` WHERE `user_id` = $user_id "); //mysqli_error($dbc); if ($data === false) { die("error on mysqli_query: ". mysqli_error($dbc)); } $data=mysqli_fetch_assoc($data); //print_r ($data); return $data; } } function logged_in(){ GLOBAL $dbc; return(isset($_SESSION['user_id'])) ? true : false; } function user_exists($username){ GLOBAL $dbc; $username=sanatize($username); $query= mysqli_query($dbc,"SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' "); $check= mysqli_fetch_array( $query , MYSQLI_BOTH); return ($check[0]==1)?true:false; } function email_exists($email){ GLOBAL $dbc; $email=sanatize($email); $query= mysqli_query($dbc,"SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '$email' "); $check= mysqli_fetch_array( $query , MYSQLI_BOTH); return ($check[0]==1)?true:false; } function user_active($username){ GLOBAL $dbc; $username=sanatize($username); $query= mysqli_query($dbc,"SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `active` = 1 "); $check= mysqli_fetch_array( $query , MYSQLI_BOTH); return ($check[0]==1)?true:false; } function user_id_from_username($username){ GLOBAL $dbc; $username = sanatize($username); $query= mysqli_query($dbc,"SELECT `user_id` FROM `users` WHERE `username` = '$username' "); $check= mysqli_fetch_array( $query , MYSQLI_BOTH); return $check[0]=='user_id'; } function login($username , $password){ GLOBAL $dbc; $user_id = user_id_from_username($username); $username = sanatize($username); $password = md5($password); $query= mysqli_query($dbc,"SELECT `user_id` FROM `users` WHERE `username` = '$username' AND `password` = '$password'"); //$check= mysqli_fetch_array( $query , MYSQLI_BOTH); if(mysqli_num_rows($query) == 1) { return 0 == 1 ? $user_id : true ; } // no results found so return false return false; log.php include("config/init.php"); if(empty($_POST)===false){ $username= $_POST['username']; $password= $_POST['password']; } if(empty($username) ===true || empty($password) ===true){ $errors[] ='Please enter a valid username and password'; } else if (user_exists($username)===false){ $errors[] ='This username does not exist. Please sign up'; } else if (user_active($username)===false) { $errors[]="you have not activated your account via email"; } else { // here errors //testing username passwords ect, if all of the above statemens failed $login=login($username,$password); if($login===false){ //$error[]= echo "That username and password combination is incorrect"; } else { // set username session // redirect user to home //die($login); $_SESSION['user_id']=$login; header('location:index.php'); exit(); } } //print_r($errors); include('templates/header.php'); include('templates/footer.php'); ?> config/init.php <?php session_start(); require('connect.php'); require('functions/general.php'); require('functions/users.php'); // to be accessed by every page to check errors for login if(logged_in()===true){ $session_user_id=$_SESSION['user_id']; $user_data = user_data($session_user_id,'user_id','username','password','name' ,'surname' ,'email'); //echo $user_data['name']; if(user_active($user_data['username'])=== false){ session_destroy(); header('Location:index.php'); exit(); } } //else echo "cannot retreive data"; $errors=array(); ?> this does not echo correct username or id . no errors are displayed <aside id="widgets"> require_once('config/init.php'); require_once('config/functions/users.php'); require_once('config/functions/general.php'); ?> <h4 class="username"> Welcome <?php echo $user_data['name'];?> </h4> <div class="inner"> <ul> <li> <a href="logout.php"> Log out </a> </li> <li> <a href="changepassword.php"> New password </a> </li> </ul> </div> <?php echo mysqli_error($dbc);?> </aside> <?php include('templates/footer.php'); ?> <?php ?>

thanks so this would solve my problem of the user ID always shows 1 it never shows user 2 for example. it recognizes the user exists but does not recognize that specific users name or id. i get this error Fatal error: Call to undefined function logged_in()