[SOLVED] Cannot find problem in this script.

[tomcommathe]

Trying to create a user Login for a website that I help run. We're streamlining everything into one design (i'm excited!), but being the only PHP MySQL guy, I get lots of work. Haha... Here is the Login Script. I have been creating all of my scripts and then when all the scripts work individually I was going to add them into the website.

 

<?php

//Include Error Management Scripts
require_once ('../include/config.inc.php');

//Check if form has been submitted!
if (isset($_POST['email'])) {
require_once ('../include/mysql_connect.php');

//Validate Email Address
if (!empty($_POST['email'])) {
	$e = escape_data($_POST['email']);
} else {
	echo '<font color="red">You forgot to enter your email address!</font>';
	$e = FALSE;
}

//Validate Password!
if (!empty($_POST['pass'])) {
	$p = escape_data($_POST['email']);
} else {
	$p = FALSE;
	echo '<font color="red">You have not entered a password!</font>';
}

//Both passed.
if ($e && $p) {
	$query = "SELECT user_id, first_name FROM users WHERE (email='$e' AND pass=SHA('$p')) AND active IS NULL";
	$result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " . mysql_error());

	//If a match was made
	if (@mysql_num_rows($result) == 1) {
		$row = mysql_fetch_array ($result, MYSQL_NUM);
		mysql_free_result($result);
		mysql_close();
		$_SESSION['first_name'] = $row[1];
		$_SESSION['user_id'] = $row[0];

		//Start defining URL
		$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
		if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
			$url = substr ($url, 0, -1); //chops off slash
		}
		//Add the page
		$url .= '/index.php';

		ob_end_clean();
		header("Location: $url");
		exit();
	} else {//No match was made
		echo '<font color="red">Either the email address and password entered do not match those on file or you have not yet activated your account.</font>';
	}
} else { //Everything wasn't ok
	echo '<font color="red">Please Try again!</font>';
}
mysql_close();
}
?>

<h1>Log in!</h1>
<form action="login.php" method="post">
<b>Email Address:<b><br />
<input type="text" name="email" size="20" maxlength="40" value="<? if (isset($_POST['email'])) echo $_POST['email']; ?>" /><br />
<br />
<b>Password:</b><br />
<input type="password" name="pass" size="20" maxlength="20" /><br />
<br />
<input type="submit" name="submit" value="Log In!" />
<input type="hidden" name="submitted" value="TRUE" />
</form>

 

You can test it here: http://mopedstl.com/v2/registration_test/login.php

 

Username: [email protected]

Password: test

 

The problem is that it always returns the "invalid email / password or you aren't activated."

 

Any help would be great!

[Adam]

Remove the "@" below:

 

if (@mysql_num_rows($result) == 1) {

 

... Could be an error you're hiding. Obviously if there is an error it should make things a lot clearer as to why it's not working!

 

A

[Lumio]

Instead of

if (@mysql_num_rows($result) == 1) {

make

if ($result != false && mysql_num_rows($result) == 1) {

This is going to check $result if the query was ok or not. If not the if-statement gets false.

 

Also check if mysql_error() is empty or not.

[tomcommathe]

Thanks guys, but neither of those worked. :/

 

-shrug- kind of lost. haha

[revraz]

You are probably grabbing the wrong value here

 

$p = escape_data($_POST['email']);

 

Shouldn't you be getting the Password field from your form and not the email one?

 

Echo your variables and check them.

 

Echo your query and check them.

 

Compare the SHA password value to the one stored in the DB, do they match?

 

Is your DB field set right for the type and length of data?

[tomcommathe]

Yeah, coding at 3am has proven to be a bad choice for easy mistakes once again.

 

I just noticed that too. It's fixed. I am dumb, thanks for all your help guys!