Jump to content

Login form not logging in

peter_anderson

By peter_anderson
in PHP Coding Help

 Share

Recommended Posts

peter_anderson Member

peter_anderson

Posted
Posted

Hi all,

 

I've been busy creating a membership script, but when I try to login, it throws up the wrong password error. Pass's are MD5 encrypted, and I know the passwords are correct.

 

Here is my code - some has been removed that is not required.

 

<?php

session_start();

//get required files
//config
require_once("config.php");
//queries
require_once("queries.php");
//theme
$html = file_get_contents('./theme/index.html');
//get what the user requests
//$request = $_GET['membership'];

//connect to DB
mysql_connect($host, $user, $pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());

echo '<style type="text/css">
#membership {
font-family: Helvetica, Arial;
font-size: 13px;
size: 13px;
}
</style>';



switch ($_GET['membership']){

#line 78 starts on next line	
//log in PROCESS
case "LoginProcess":
	$user_email = mysql_real_escape_string($_POST['email']);

	if ($_POST['Submit']=='Login')
	{
	$md5pass = md5($_POST['pwd']);
	$loginprocess = "SELECT id,user_email FROM users WHERE user_email = '$user_email'"; 
	$result = mysql_query($loginprocess) or die (mysql_error()); 
	$row = mysql_fetch_array($result);
	if($md5pass != $row['user_pwd']) {
		// Incorrect Password
		$content = '<h2>Log In Error</h2>
		<h3 style="color: Red;">ERROR: You could not be logged in!</h3>
		<p>	Please go back and try again. <br />
		If you have forgotten your password, please contact support.</p>';
	} else {
		// Correct Password
		$_SESSION['username'] = $row['user_name'];
		$_SESSION['userid'] = $row['id'];
		$_SESSION['loggedin'] = 'yes';
		$_SESSION['admin'] = $row['admin'];
		$content = '<h2>Log In Complete!</h2>
		<p>Thank you for logging into the website.</p>
		<p>You have been sucesfully logged in.</p>';
	}
	}
	$title = 'Login';
	$html = str_replace('{pagetitle}', ''.$title.' | Membership', $html);
	$html = str_replace('{content}', $content, $html);
	echo $html;
break; 

//login form
case "Login":
	$content = '<h2>Please Login</h2>
	<p>Please login to the website for full access.</p>
	<p><strong>Not a member?</strong> <a href="Register">Register here!<br /></a></p>
	<h3 style="color: Red;">Login Notes: Please remember to use your EMAIL address to login. We do not reset passwords, so if you have forgotten yours, you will need to re-register.</h3>
	<form action="LoginProcess" method="post" name="login">
	<p>Email Address:<br /><input name="email" type="text" /></p>
	<p>Password:<br /><input name="pwd" type="password" /></p>
	<p><input name="Submit" type="submit" value="Login" /></p>
	</form>';
	$title = 'Login';
	$html = str_replace('{pagetitle}', ''.$title.' | Membership', $html);
	$html = str_replace('{content}', $content, $html);
	echo $html;
break;

//logout
case "Logout":
	//session_start(); 
	unset($_SESSION['user']);
	$content = '<h3 style="color: Red;">You are now logged out.</h3>
	<p>Thank you for using our website!</p>';
	$title = 'Logout | Thank you for logging out';
	$html = str_replace('{pagetitle}', ''.$title.' | Membership', $html);
	$html = str_replace('{content}', $content, $html);
	echo $html;
break;

//register process
case "RegisterProcess":
	////session_start();
	if ($_POST['Submit'] == 'Register')
	{
	if (strlen($_POST['email']) < 5)
	{
	$content = '<h3 style="color: Red;">Incorrect Email or Password. Try again.</h3>';
	}
	if (strcmp($_POST['pass1'],$_POST['pass2']) || empty($_POST['pass1']) )
	{ 
	$content = '<h3 style="color: Red;">Incorrect Email or Password. Try again.</h3>';
	}
	if (strcmp(md5($_POST['user_code']),$_SESSION['ckey']))
	{ 
		 die("Invalid code entered. Please enter the correct code as shown in the Image");
  		} 
	$rs_duplicates = mysql_query("select id from users where user_email='$_POST[email]'");
	$duplicates = mysql_num_rows($rs_duplicates);

	if ($duplicates > 0)
	{	
	$content = '<h2>User Account In Use</h2>
	<p>We&#39;re sorry, but you specified a user account that is already in use. Please go back and try again.</p>';
	}

	$md5pass = md5($_POST['pass2']);
	$activ_code = rand(1000,9999);
	$host  = $_SERVER['HTTP_HOST'];
	$uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
	mysql_query("INSERT INTO users
              (`user_email`, `user_activated`, `user_pwd`,`country`,`joined`,`activation_code`,`full_name`) VALUES ('$_POST[email]','1','$md5pass','$_POST[country]',now(),'$activ_code','$_POST[full_name]')") or die(mysql_error());
	unset($_SESSION['ckey']);
	$content = '<h2>Registration Complete!</h2>
	<p>Thank you for registering with our website. </p>
	<p>Your account is now activated, and you may now purchase a subscription.</p>';
	}	
	$title = 'Registration';
	$html = str_replace('{pagetitle}', ''.$title.' | Membership', $html);
	$html = str_replace('{content}', $content, $html);
	echo $html;
break;

}

?>

 

Any ideas what's wrong, and how I fix it?

Link to comment
Share on other sites
Stuie_b Newbie

Stuie_b

Posted
Posted

Try the following

 

<?php

session_start();

//get required files
//config
require_once("config.php");
//queries
require_once("queries.php");
//theme
$html = file_get_contents('./theme/index.html');
//get what the user requests
//$request = $_GET['membership'];

//connect to DB
mysql_connect($host, $user, $pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());

echo '<style type="text/css">
   #membership {
   font-family: Helvetica, Arial;
   font-size: 13px;
   size: 13px;
   }
   </style>';


   
switch ($_GET['membership']){

#line 78 starts on next line   
   //log in PROCESS
   case "LoginProcess":
      $user_email = mysql_real_escape_string($_POST['email']);
      
      if ($_POST['Submit']=='Login')
      {
      $md5pass = md5($_POST['pwd']);
      $loginprocess = "SELECT id,user_email FROM users WHERE user_email = '$user_email'"; 
      $result = mysql_query($loginprocess) or die (mysql_error()); 
      $row = mysql_fetch_array($result,MYSQL_ASSOC);
      if($md5pass != $row['user_pwd']) {
         // Incorrect Password
         $content = '<h2>Log In Error</h2>
         <h3 style="color: Red;">ERROR: You could not be logged in!</h3>
         <p>   Please go back and try again. <br />
         If you have forgotten your password, please contact support.</p>';
      } else {
         // Correct Password
         $_SESSION['username'] = $row['user_name'];
         $_SESSION['userid'] = $row['id'];
         $_SESSION['loggedin'] = 'yes';
         $_SESSION['admin'] = $row['admin'];
         $content = '<h2>Log In Complete!</h2>
         <p>Thank you for logging into the website.</p>
         <p>You have been sucesfully logged in.</p>';
      }
      }
      $title = 'Login';
      $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html);
      $html = str_replace('{content}', $content, $html);
      echo $html;
   break; 

   //login form
   case "Login":
      $content = '<h2>Please Login</h2>
      <p>Please login to the website for full access.</p>
      <p><strong>Not a member?</strong> <a href="Register">Register here!<br /></a></p>
      <h3 style="color: Red;">Login Notes: Please remember to use your EMAIL address to login. We do not reset passwords, so if you have forgotten yours, you will need to re-register.</h3>
      <form action="LoginProcess" method="post" name="login">
      <p>Email Address:<br /><input name="email" type="text" /></p>
      <p>Password:<br /><input name="pwd" type="password" /></p>
      <p><input name="Submit" type="submit" value="Login" /></p>
      </form>';
      $title = 'Login';
      $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html);
      $html = str_replace('{content}', $content, $html);
      echo $html;
   break;
   
   //logout
   case "Logout":
      //session_start(); 
      unset($_SESSION['user']);
      $content = '<h3 style="color: Red;">You are now logged out.</h3>
      <p>Thank you for using our website!</p>';
      $title = 'Logout | Thank you for logging out';
      $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html);
      $html = str_replace('{content}', $content, $html);
      echo $html;
   break;

   //register process
   case "RegisterProcess":
      ////session_start();
      if ($_POST['Submit'] == 'Register')
      {
      if (strlen($_POST['email']) < 5)
      {
      $content = '<h3 style="color: Red;">Incorrect Email or Password. Try again.</h3>';
      }
      if (strcmp($_POST['pass1'],$_POST['pass2']) || empty($_POST['pass1']) )
      { 
      $content = '<h3 style="color: Red;">Incorrect Email or Password. Try again.</h3>';
      }
      if (strcmp(md5($_POST['user_code']),$_SESSION['ckey']))
      { 
          die("Invalid code entered. Please enter the correct code as shown in the Image");
        } 
      $rs_duplicates = mysql_query("select id from users where user_email='$_POST[email]'");
      $duplicates = mysql_num_rows($rs_duplicates);
   
      if ($duplicates > 0)
      {   
      $content = '<h2>User Account In Use</h2>
      <p>We&#38;#39;re sorry, but you specified a user account that is already in use. Please go back and try again.</p>';
      }
   
      $md5pass = md5($_POST['pass2']);
      $activ_code = rand(1000,9999);
      $host  = $_SERVER['HTTP_HOST'];
      $uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
      mysql_query("INSERT INTO users
                 (`user_email`, `user_activated`, `user_pwd`,`country`,`joined`,`activation_code`,`full_name`) VALUES ('$_POST[email]','1','$md5pass','$_POST[country]',now(),'$activ_code','$_POST[full_name]')") or die(mysql_error());
      unset($_SESSION['ckey']);
      $content = '<h2>Registration Complete!</h2>
      <p>Thank you for registering with our website. </p>
      <p>Your account is now activated, and you may now purchase a subscription.</p>';
      }   
      $title = 'Registration';
      $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html);
      $html = str_replace('{content}', $content, $html);
      echo $html;
   break;

}

?>

 

on a side note, try to echo out what is actually in the $row['user_pwd'], this will make sure the value is actually being set..

 

Stuie

Link to comment
Share on other sites
peter_anderson Member

peter_anderson

Posted
  • Author
Posted

Try the following

 

<?php

session_start();

//get required files
//config
require_once("config.php");
//queries
require_once("queries.php");
//theme
$html = file_get_contents('./theme/index.html');
//get what the user requests
//$request = $_GET['membership'];

//connect to DB
mysql_connect($host, $user, $pass) or die(mysql_error());
mysql_select_db($db) or die(mysql_error());

echo '<style type="text/css">
   #membership {
   font-family: Helvetica, Arial;
   font-size: 13px;
   size: 13px;
   }
   </style>';


   
switch ($_GET['membership']){

#line 78 starts on next line   
   //log in PROCESS
   case "LoginProcess":
      $user_email = mysql_real_escape_string($_POST['email']);
      
      if ($_POST['Submit']=='Login')
      {
      $md5pass = md5($_POST['pwd']);
      $loginprocess = "SELECT id,user_email FROM users WHERE user_email = '$user_email'"; 
      $result = mysql_query($loginprocess) or die (mysql_error()); 
      $row = mysql_fetch_array($result,MYSQL_ASSOC);
      if($md5pass != $row['user_pwd']) {
         // Incorrect Password
         $content = '<h2>Log In Error</h2>
         <h3 style="color: Red;">ERROR: You could not be logged in!</h3>
         <p>   Please go back and try again. <br />
         If you have forgotten your password, please contact support.</p>';
      } else {
         // Correct Password
         $_SESSION['username'] = $row['user_name'];
         $_SESSION['userid'] = $row['id'];
         $_SESSION['loggedin'] = 'yes';
         $_SESSION['admin'] = $row['admin'];
         $content = '<h2>Log In Complete!</h2>
         <p>Thank you for logging into the website.</p>
         <p>You have been sucesfully logged in.</p>';
      }
      }
      $title = 'Login';
      $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html);
      $html = str_replace('{content}', $content, $html);
      echo $html;
   break; 

   //login form
   case "Login":
      $content = '<h2>Please Login</h2>
      <p>Please login to the website for full access.</p>
      <p><strong>Not a member?</strong> <a href="Register">Register here!<br /></a></p>
      <h3 style="color: Red;">Login Notes: Please remember to use your EMAIL address to login. We do not reset passwords, so if you have forgotten yours, you will need to re-register.</h3>
      <form action="LoginProcess" method="post" name="login">
      <p>Email Address:<br /><input name="email" type="text" /></p>
      <p>Password:<br /><input name="pwd" type="password" /></p>
      <p><input name="Submit" type="submit" value="Login" /></p>
      </form>';
      $title = 'Login';
      $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html);
      $html = str_replace('{content}', $content, $html);
      echo $html;
   break;
   
   //logout
   case "Logout":
      //session_start(); 
      unset($_SESSION['user']);
      $content = '<h3 style="color: Red;">You are now logged out.</h3>
      <p>Thank you for using our website!</p>';
      $title = 'Logout | Thank you for logging out';
      $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html);
      $html = str_replace('{content}', $content, $html);
      echo $html;
   break;

   //register process
   case "RegisterProcess":
      ////session_start();
      if ($_POST['Submit'] == 'Register')
      {
      if (strlen($_POST['email']) < 5)
      {
      $content = '<h3 style="color: Red;">Incorrect Email or Password. Try again.</h3>';
      }
      if (strcmp($_POST['pass1'],$_POST['pass2']) || empty($_POST['pass1']) )
      { 
      $content = '<h3 style="color: Red;">Incorrect Email or Password. Try again.</h3>';
      }
      if (strcmp(md5($_POST['user_code']),$_SESSION['ckey']))
      { 
          die("Invalid code entered. Please enter the correct code as shown in the Image");
        } 
      $rs_duplicates = mysql_query("select id from users where user_email='$_POST[email]'");
      $duplicates = mysql_num_rows($rs_duplicates);
   
      if ($duplicates > 0)
      {   
      $content = '<h2>User Account In Use</h2>
      <p>We&#38;#39;re sorry, but you specified a user account that is already in use. Please go back and try again.</p>';
      }
   
      $md5pass = md5($_POST['pass2']);
      $activ_code = rand(1000,9999);
      $host  = $_SERVER['HTTP_HOST'];
      $uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
      mysql_query("INSERT INTO users
                 (`user_email`, `user_activated`, `user_pwd`,`country`,`joined`,`activation_code`,`full_name`) VALUES ('$_POST[email]','1','$md5pass','$_POST[country]',now(),'$activ_code','$_POST[full_name]')") or die(mysql_error());
      unset($_SESSION['ckey']);
      $content = '<h2>Registration Complete!</h2>
      <p>Thank you for registering with our website. </p>
      <p>Your account is now activated, and you may now purchase a subscription.</p>';
      }   
      $title = 'Registration';
      $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html);
      $html = str_replace('{content}', $content, $html);
      echo $html;
   break;

}

?>

 

on a side note, try to echo out what is actually in the $row['user_pwd'], this will make sure the value is actually being set..

 

Stuie

 

Thanks for that, but that makes no difference - still gives the wrong details error.

 

I used echo to print the encrypted password, and it matches what's in the DB.

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Since your query is not SELECTing the 'user_pwd' column, $row['user_pwd'] does not exist and your if() conditional test will always fail.

 

Please set error_reporting to E_ALL and display_errors to ON in your php.ini so that php will help you find simple mistakes. There would have been an error message about the non-existent $row['user_pwd'] variable. Stop and start your web server to get any change made to php.ini to take effect and verify that the settings were actually changed using a phpinfo() statement.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.