peter_anderson Posted September 12, 2009 Share Posted September 12, 2009 Hi all, I've been busy creating a membership script, but when I try to login, it throws up the wrong password error. Pass's are MD5 encrypted, and I know the passwords are correct. Here is my code - some has been removed that is not required. <?php session_start(); //get required files //config require_once("config.php"); //queries require_once("queries.php"); //theme $html = file_get_contents('./theme/index.html'); //get what the user requests //$request = $_GET['membership']; //connect to DB mysql_connect($host, $user, $pass) or die(mysql_error()); mysql_select_db($db) or die(mysql_error()); echo '<style type="text/css"> #membership { font-family: Helvetica, Arial; font-size: 13px; size: 13px; } </style>'; switch ($_GET['membership']){ #line 78 starts on next line //log in PROCESS case "LoginProcess": $user_email = mysql_real_escape_string($_POST['email']); if ($_POST['Submit']=='Login') { $md5pass = md5($_POST['pwd']); $loginprocess = "SELECT id,user_email FROM users WHERE user_email = '$user_email'"; $result = mysql_query($loginprocess) or die (mysql_error()); $row = mysql_fetch_array($result); if($md5pass != $row['user_pwd']) { // Incorrect Password $content = '<h2>Log In Error</h2> <h3 style="color: Red;">ERROR: You could not be logged in!</h3> <p> Please go back and try again. <br /> If you have forgotten your password, please contact support.</p>'; } else { // Correct Password $_SESSION['username'] = $row['user_name']; $_SESSION['userid'] = $row['id']; $_SESSION['loggedin'] = 'yes'; $_SESSION['admin'] = $row['admin']; $content = '<h2>Log In Complete!</h2> <p>Thank you for logging into the website.</p> <p>You have been sucesfully logged in.</p>'; } } $title = 'Login'; $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html); $html = str_replace('{content}', $content, $html); echo $html; break; //login form case "Login": $content = '<h2>Please Login</h2> <p>Please login to the website for full access.</p> <p><strong>Not a member?</strong> <a href="Register">Register here!<br /></a></p> <h3 style="color: Red;">Login Notes: Please remember to use your EMAIL address to login. We do not reset passwords, so if you have forgotten yours, you will need to re-register.</h3> <form action="LoginProcess" method="post" name="login"> <p>Email Address:<br /><input name="email" type="text" /></p> <p>Password:<br /><input name="pwd" type="password" /></p> <p><input name="Submit" type="submit" value="Login" /></p> </form>'; $title = 'Login'; $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html); $html = str_replace('{content}', $content, $html); echo $html; break; //logout case "Logout": //session_start(); unset($_SESSION['user']); $content = '<h3 style="color: Red;">You are now logged out.</h3> <p>Thank you for using our website!</p>'; $title = 'Logout | Thank you for logging out'; $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html); $html = str_replace('{content}', $content, $html); echo $html; break; //register process case "RegisterProcess": ////session_start(); if ($_POST['Submit'] == 'Register') { if (strlen($_POST['email']) < 5) { $content = '<h3 style="color: Red;">Incorrect Email or Password. Try again.</h3>'; } if (strcmp($_POST['pass1'],$_POST['pass2']) || empty($_POST['pass1']) ) { $content = '<h3 style="color: Red;">Incorrect Email or Password. Try again.</h3>'; } if (strcmp(md5($_POST['user_code']),$_SESSION['ckey'])) { die("Invalid code entered. Please enter the correct code as shown in the Image"); } $rs_duplicates = mysql_query("select id from users where user_email='$_POST[email]'"); $duplicates = mysql_num_rows($rs_duplicates); if ($duplicates > 0) { $content = '<h2>User Account In Use</h2> <p>We're sorry, but you specified a user account that is already in use. Please go back and try again.</p>'; } $md5pass = md5($_POST['pass2']); $activ_code = rand(1000,9999); $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); mysql_query("INSERT INTO users (`user_email`, `user_activated`, `user_pwd`,`country`,`joined`,`activation_code`,`full_name`) VALUES ('$_POST[email]','1','$md5pass','$_POST[country]',now(),'$activ_code','$_POST[full_name]')") or die(mysql_error()); unset($_SESSION['ckey']); $content = '<h2>Registration Complete!</h2> <p>Thank you for registering with our website. </p> <p>Your account is now activated, and you may now purchase a subscription.</p>'; } $title = 'Registration'; $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html); $html = str_replace('{content}', $content, $html); echo $html; break; } ?> Any ideas what's wrong, and how I fix it? Quote Link to comment Share on other sites More sharing options...
Stuie_b Posted September 12, 2009 Share Posted September 12, 2009 Try the following <?php session_start(); //get required files //config require_once("config.php"); //queries require_once("queries.php"); //theme $html = file_get_contents('./theme/index.html'); //get what the user requests //$request = $_GET['membership']; //connect to DB mysql_connect($host, $user, $pass) or die(mysql_error()); mysql_select_db($db) or die(mysql_error()); echo '<style type="text/css"> #membership { font-family: Helvetica, Arial; font-size: 13px; size: 13px; } </style>'; switch ($_GET['membership']){ #line 78 starts on next line //log in PROCESS case "LoginProcess": $user_email = mysql_real_escape_string($_POST['email']); if ($_POST['Submit']=='Login') { $md5pass = md5($_POST['pwd']); $loginprocess = "SELECT id,user_email FROM users WHERE user_email = '$user_email'"; $result = mysql_query($loginprocess) or die (mysql_error()); $row = mysql_fetch_array($result,MYSQL_ASSOC); if($md5pass != $row['user_pwd']) { // Incorrect Password $content = '<h2>Log In Error</h2> <h3 style="color: Red;">ERROR: You could not be logged in!</h3> <p> Please go back and try again. <br /> If you have forgotten your password, please contact support.</p>'; } else { // Correct Password $_SESSION['username'] = $row['user_name']; $_SESSION['userid'] = $row['id']; $_SESSION['loggedin'] = 'yes'; $_SESSION['admin'] = $row['admin']; $content = '<h2>Log In Complete!</h2> <p>Thank you for logging into the website.</p> <p>You have been sucesfully logged in.</p>'; } } $title = 'Login'; $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html); $html = str_replace('{content}', $content, $html); echo $html; break; //login form case "Login": $content = '<h2>Please Login</h2> <p>Please login to the website for full access.</p> <p><strong>Not a member?</strong> <a href="Register">Register here!<br /></a></p> <h3 style="color: Red;">Login Notes: Please remember to use your EMAIL address to login. We do not reset passwords, so if you have forgotten yours, you will need to re-register.</h3> <form action="LoginProcess" method="post" name="login"> <p>Email Address:<br /><input name="email" type="text" /></p> <p>Password:<br /><input name="pwd" type="password" /></p> <p><input name="Submit" type="submit" value="Login" /></p> </form>'; $title = 'Login'; $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html); $html = str_replace('{content}', $content, $html); echo $html; break; //logout case "Logout": //session_start(); unset($_SESSION['user']); $content = '<h3 style="color: Red;">You are now logged out.</h3> <p>Thank you for using our website!</p>'; $title = 'Logout | Thank you for logging out'; $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html); $html = str_replace('{content}', $content, $html); echo $html; break; //register process case "RegisterProcess": ////session_start(); if ($_POST['Submit'] == 'Register') { if (strlen($_POST['email']) < 5) { $content = '<h3 style="color: Red;">Incorrect Email or Password. Try again.</h3>'; } if (strcmp($_POST['pass1'],$_POST['pass2']) || empty($_POST['pass1']) ) { $content = '<h3 style="color: Red;">Incorrect Email or Password. Try again.</h3>'; } if (strcmp(md5($_POST['user_code']),$_SESSION['ckey'])) { die("Invalid code entered. Please enter the correct code as shown in the Image"); } $rs_duplicates = mysql_query("select id from users where user_email='$_POST[email]'"); $duplicates = mysql_num_rows($rs_duplicates); if ($duplicates > 0) { $content = '<h2>User Account In Use</h2> <p>We&#39;re sorry, but you specified a user account that is already in use. Please go back and try again.</p>'; } $md5pass = md5($_POST['pass2']); $activ_code = rand(1000,9999); $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); mysql_query("INSERT INTO users (`user_email`, `user_activated`, `user_pwd`,`country`,`joined`,`activation_code`,`full_name`) VALUES ('$_POST[email]','1','$md5pass','$_POST[country]',now(),'$activ_code','$_POST[full_name]')") or die(mysql_error()); unset($_SESSION['ckey']); $content = '<h2>Registration Complete!</h2> <p>Thank you for registering with our website. </p> <p>Your account is now activated, and you may now purchase a subscription.</p>'; } $title = 'Registration'; $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html); $html = str_replace('{content}', $content, $html); echo $html; break; } ?> on a side note, try to echo out what is actually in the $row['user_pwd'], this will make sure the value is actually being set.. Stuie Quote Link to comment Share on other sites More sharing options...
peter_anderson Posted September 12, 2009 Author Share Posted September 12, 2009 Try the following <?php session_start(); //get required files //config require_once("config.php"); //queries require_once("queries.php"); //theme $html = file_get_contents('./theme/index.html'); //get what the user requests //$request = $_GET['membership']; //connect to DB mysql_connect($host, $user, $pass) or die(mysql_error()); mysql_select_db($db) or die(mysql_error()); echo '<style type="text/css"> #membership { font-family: Helvetica, Arial; font-size: 13px; size: 13px; } </style>'; switch ($_GET['membership']){ #line 78 starts on next line //log in PROCESS case "LoginProcess": $user_email = mysql_real_escape_string($_POST['email']); if ($_POST['Submit']=='Login') { $md5pass = md5($_POST['pwd']); $loginprocess = "SELECT id,user_email FROM users WHERE user_email = '$user_email'"; $result = mysql_query($loginprocess) or die (mysql_error()); $row = mysql_fetch_array($result,MYSQL_ASSOC); if($md5pass != $row['user_pwd']) { // Incorrect Password $content = '<h2>Log In Error</h2> <h3 style="color: Red;">ERROR: You could not be logged in!</h3> <p> Please go back and try again. <br /> If you have forgotten your password, please contact support.</p>'; } else { // Correct Password $_SESSION['username'] = $row['user_name']; $_SESSION['userid'] = $row['id']; $_SESSION['loggedin'] = 'yes'; $_SESSION['admin'] = $row['admin']; $content = '<h2>Log In Complete!</h2> <p>Thank you for logging into the website.</p> <p>You have been sucesfully logged in.</p>'; } } $title = 'Login'; $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html); $html = str_replace('{content}', $content, $html); echo $html; break; //login form case "Login": $content = '<h2>Please Login</h2> <p>Please login to the website for full access.</p> <p><strong>Not a member?</strong> <a href="Register">Register here!<br /></a></p> <h3 style="color: Red;">Login Notes: Please remember to use your EMAIL address to login. We do not reset passwords, so if you have forgotten yours, you will need to re-register.</h3> <form action="LoginProcess" method="post" name="login"> <p>Email Address:<br /><input name="email" type="text" /></p> <p>Password:<br /><input name="pwd" type="password" /></p> <p><input name="Submit" type="submit" value="Login" /></p> </form>'; $title = 'Login'; $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html); $html = str_replace('{content}', $content, $html); echo $html; break; //logout case "Logout": //session_start(); unset($_SESSION['user']); $content = '<h3 style="color: Red;">You are now logged out.</h3> <p>Thank you for using our website!</p>'; $title = 'Logout | Thank you for logging out'; $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html); $html = str_replace('{content}', $content, $html); echo $html; break; //register process case "RegisterProcess": ////session_start(); if ($_POST['Submit'] == 'Register') { if (strlen($_POST['email']) < 5) { $content = '<h3 style="color: Red;">Incorrect Email or Password. Try again.</h3>'; } if (strcmp($_POST['pass1'],$_POST['pass2']) || empty($_POST['pass1']) ) { $content = '<h3 style="color: Red;">Incorrect Email or Password. Try again.</h3>'; } if (strcmp(md5($_POST['user_code']),$_SESSION['ckey'])) { die("Invalid code entered. Please enter the correct code as shown in the Image"); } $rs_duplicates = mysql_query("select id from users where user_email='$_POST[email]'"); $duplicates = mysql_num_rows($rs_duplicates); if ($duplicates > 0) { $content = '<h2>User Account In Use</h2> <p>We&#39;re sorry, but you specified a user account that is already in use. Please go back and try again.</p>'; } $md5pass = md5($_POST['pass2']); $activ_code = rand(1000,9999); $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); mysql_query("INSERT INTO users (`user_email`, `user_activated`, `user_pwd`,`country`,`joined`,`activation_code`,`full_name`) VALUES ('$_POST[email]','1','$md5pass','$_POST[country]',now(),'$activ_code','$_POST[full_name]')") or die(mysql_error()); unset($_SESSION['ckey']); $content = '<h2>Registration Complete!</h2> <p>Thank you for registering with our website. </p> <p>Your account is now activated, and you may now purchase a subscription.</p>'; } $title = 'Registration'; $html = str_replace('{pagetitle}', ''.$title.' | Membership', $html); $html = str_replace('{content}', $content, $html); echo $html; break; } ?> on a side note, try to echo out what is actually in the $row['user_pwd'], this will make sure the value is actually being set.. Stuie Thanks for that, but that makes no difference - still gives the wrong details error. I used echo to print the encrypted password, and it matches what's in the DB. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted September 12, 2009 Share Posted September 12, 2009 Since your query is not SELECTing the 'user_pwd' column, $row['user_pwd'] does not exist and your if() conditional test will always fail. Please set error_reporting to E_ALL and display_errors to ON in your php.ini so that php will help you find simple mistakes. There would have been an error message about the non-existent $row['user_pwd'] variable. Stop and start your web server to get any change made to php.ini to take effect and verify that the settings were actually changed using a phpinfo() statement. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.