djjamiegee Posted September 17, 2009 Share Posted September 17, 2009 hi guys just a quickie here i have a basic members login from still in its raw state but i can get the password to match, ill explain. i have 4 pages to to register, login, members and logout i sign up on the register page i.e username and 2 password fields all works fine and goes in to mysql database all ok with encrypted password. when i try to login using the login page it always comes up with error invalid password please try again. anybody have any idea why??] many thanks jamie login page <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <?php // Connects to your Database mysql_connect("****", "*****", "*****") or die(mysql_error()) ; mysql_select_db("******") or die(mysql_error()) ; //Checks if there is a login cookie if(isset($_COOKImyE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: members.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: members.php"); } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> Login Full </body> </html> register page <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <?php mysql_connect("******", "*********", "*********") or die(mysql_error()) ; mysql_select_db("**********") or die(mysql_error()) ; if (isset($_POST['submit'])) { if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) { die('You did not complete all of the required fields'); } if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use.'); } if ($_POST['pass'] != $_POST['pass2']) { die('Your passwords did not match. '); } $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } $insert = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0"> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="60"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="10"> </td></tr> <tr><td>Confirm Password:</td><td> <input type="password" name="pass2" maxlength="10"> </td></tr> <tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table> </form> <?php } ?> <h1>Registered</h1> <p>Thank you, you have registered - you may now login.</p> </body> </html> Link to comment https://forums.phpfreaks.com/topic/174591-member-login/ Share on other sites More sharing options...
waynew Posted September 17, 2009 Share Posted September 17, 2009 You don't seem to be encrypting the password that the user is entering? If you're trying to match an unencrypted password with an encrypted password; your script is going to fail. Either that or I completely overlooked something because I only did a quick scan of your code. Link to comment https://forums.phpfreaks.com/topic/174591-member-login/#findComment-920129 Share on other sites More sharing options...
PFMaBiSmAd Posted September 17, 2009 Share Posted September 17, 2009 When a comparison in YOUR code fails, echo out the actual value(s) that failed so that you can see if they are what you expect. We don't have access to your database, your server, or what you entered in your form as input, so the only person here who can troubleshoot what YOUR code is doing on YOUR server with YOUR data is YOU. Link to comment https://forums.phpfreaks.com/topic/174591-member-login/#findComment-920133 Share on other sites More sharing options...
djjamiegee Posted September 17, 2009 Author Share Posted September 17, 2009 hi mate thank for your helps how would i go about echoing out the errors i am still really new to php and still find it difficult when errors occur to find out the root cause of them. jamie Link to comment https://forums.phpfreaks.com/topic/174591-member-login/#findComment-920136 Share on other sites More sharing options...
PFMaBiSmAd Posted September 17, 2009 Share Posted September 17, 2009 You are kidding right? This is basic problem solving that really has nothing to do with any programming skills. A) Find the code responsible for outputting the 'Incorrect password, please try again.' message, B) Examine the logic that causes that message to be output. C) Echo the two values being compared by that logic. Link to comment https://forums.phpfreaks.com/topic/174591-member-login/#findComment-920146 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.