Jump to content

PHP login form help (Done Most of It)

lewisstevens1

By lewisstevens1
in PHP Coding Help

 Share

Recommended Posts

lewisstevens1 Member

lewisstevens1

Posted
Posted

Hi i am having a problem, when i try logging in it is always saying "Invalid Login" im not sure what is going wrong, a week ago i had it working. I cant remember the change i did but i know its in one of theese files (dont worry about the styling, i know theres one div i havent closed lol :

 

Login.php

<?php 
include 'dbc.php';

$user_email = mysql_real_escape_string($_POST['email']);
$full_name = mysql_real_escape_string($_POST['full_name']);

$money = mysql_real_escape_string($_POST['money']);
$id = mysql_real_escape_string($_POST['id']);
$level = mysql_real_escape_string($_POST['level']);
$crystals = mysql_real_escape_string($_POST['crystals']);
$userdp = mysql_real_escape_string($_POST['userdp']);
$health = mysql_real_escape_string($_POST['health']);
$exp = mysql_real_escape_string($_POST['exp']);
$rep = mysql_real_escape_string($_POST['rep']);
$class = mysql_real_escape_string($_POST['class']);
$bonus = mysql_real_escape_string($_POST['bonus']);
$tutorial = mysql_real_escape_string($_POST['tutorial']);
$mana = mysql_real_escape_string($_POST['mana']);

if ($_POST['Submit']=='Login')
{
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,user_email,full_name,money,level,crystals,userdp,health,exp,rep,class,bonus,tutorial,mana FROM users WHERE 
            user_email = '$user_email' AND 
            user_pwd = '$md5pass' AND user_activated='1'"; 

$result = mysql_query($sql) or die (mysql_error()); 
$num = mysql_num_rows($result);

    if ( $num != 0 ) { 

       session_start(); 
   list($id,$full_name,$user_email,$money,$level,$crystals,$userdp,$health,$exp,$rep,$class,$bonus,$tutorial,$mana) = mysql_fetch_row($result);
	// session variables 
	$_SESSION['user']= $user_email;
	$_SESSION['full_name']= $full_name;
	$_SESSION['money']= $money;
	$_SESSION['id']= $id;
	$_SESSION['level']= $level;
	$_SESSION['crystals']= $crystals;
	$_SESSION['userdp']= $userdp;
	$_SESSION['health']= $health;
	$_SESSION['exp']= $exp;
	$_SESSION['rep']= $rep;
	$_SESSION['class']= $class;
	$_SESSION['bonus']= $bonus;
	$_SESSION['tutorial']= $tutorial;
	$_SESSION['mana']= $mana;*/



	if (isset($_GET['ret']) && !empty($_GET['ret']))
	{
	header("Location: $_GET[ret]");
	} else
	{
	header("Location: index.php");
	}
	exit();
    } 

header("Location: login.php?msg=Invalid Login");
exit();		
}

?>

<link href="styles.css" rel="stylesheet" type="text/css">
<?php if (isset($_GET['msg'])) { echo "<div class=\"msg\"> $_GET[msg] </div>"; } ?>


<p> </p><table width="40%" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr>
    <td bgcolor="#000066" class="mnuheader" >
<div align="center"><font size="5"><strong>Login 
        Members</strong></font></div></td>
  </tr>
  <tr>
    <td bgcolor="#000099" class="mnubody"><form name="form1" method="post" action="">
        <p> </p>
        <p align="center">Your Email 
          <input name="email" type="text" id="email">
        </p>
        <p align="center"> Password: 
          <input name="pwd" type="password" id="pwd">
        </p>
        <p align="center"> 
          <input type="submit" name="Submit" value="Login">
        </p>
        <p align="center"><a href="register.php">Register</a> | <a href="forgot.php">Forgot</a></p>
      </form></td>
  </tr>
</table>

 

Register.php

<?php 
session_start();


include ('dbc.php'); 


if ($_POST['Submit'] == 'Register')
{
   if (strlen($_POST['email']) < 5)
   {
    die ("Incorrect email. Please enter valid email address..");
    }
   if (strcmp($_POST['pass1'],$_POST['pass2']) || empty($_POST['pass1']) )
{ 
//die ("Password does not match");
die("ERROR: Password does not match or empty..");

}
if (strcmp(md5($_POST['user_code']),$_SESSION['ckey']))
{ 
		 die("Invalid code entered. Please enter the correct code as shown in the Image");
  		} 
$rs_duplicates = mysql_query("select id from users where user_email='$_POST[email]'");
$duplicates = mysql_num_rows($rs_duplicates);
if ($duplicates > 0)
{	
//die ("ERROR: User account already exists.");
header("Location: register.php?msg=ERROR: User account already exists..");
exit();
}




$md5pass = md5($_POST['pass2']);
$activ_code = rand(1000,9999);
$server = $_SERVER['HTTP_HOST'];
$host = ereg_replace('www.','',$server);
mysql_query("INSERT INTO users
              (`user_email`,`user_pwd`,`sex`,`joined`,`activation_code`,`char_name`,`log_name`)
			  VALUES
			  ('$_POST[email]','$md5pass','$_POST[sex]',now(),'$activ_code','$_POST[char_name]','$_POST[log_name]')") or die(mysql_error());

$message = 
"Thank you for registering an account with $server. Here are the login details...\n\n
User Email: $_POST[email] \n
Password: $_POST[pass2] \n
Activation Code: $activ_code \n
____________________________________________
*** ACTIVATION LINK ***** \n
Activation Link: http://$server/myown/activate.php?usr=$_POST[email]&code=$activ_code \n\n
_____________________________________________
Thank you. This is an automated response. PLEASE DO NOT REPLY.
";

mail($_POST['email'] , "Login Activation", $message,
    "From: \"Auto-Response\" <notifications@$host>\r\n" .
     "X-Mailer: PHP/" . phpversion());
unset($_SESSION['ckey']);
echo("Registration Successful! An activation code has been sent to your email address with an activation link...");	

exit;
}	

?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-US" xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
<link rel="stylesheet" type="text/css" href="main.css">
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<style type="text/css"></style>
<title>The Website</title>

<center>
<html>


<center>
<head>
<div style="border: 1px white solid;">
<div id="photolayer" style="z-index: 1; left: 5px; top: 1000px; width: 100%; height: 138px; background-color:#000; visibility: visible" div align = "center">
<img src="header.jpg" alt="Title" border="5px" style="padding-top: 4px">
</div>
</div>
</head>
</center>

<body>
<p></p>
</body>



<body>
<p></p>
</body>

<center>

<div id="box">
<?php if (isset($_GET['msg'])) { echo "<div class=\"msg\"> $_GET[msg] </div>"; } ?>
<div id="center1">
<h1>Registration</h1><img src="images/page1.png">
<form name="form1" method="post" action="tutorial.php">
<table border="0" width="500px";>

<tr>
<br><th><p>Please choose your <font color="red">characters</font> name:</th><td><br><input name="char_name" type="text" id="char_name"></p></td>
</tr>
<tr>
<th><p>Please choose your <font color="red">login</font> name:</th><td><br><input name="log_name" type="text" id="log_name"></p></td>
</tr>
<tr>
<th><p>Please choose your <font color="red">password</font>:</th><td><br><input name="pass1" type="password" id="pass1"></p></td>
</tr>
<tr>
<th><p>Please <font color="red">re-enter</font> your <font color="red">password</font>:</th><td><br><input name="pass2" type="password" id="pass2"></p></td>
</tr>
<tr>
<th><p>Please enter your <font color="red">email address</font>:</th><td><br><input name="email" type="text" id="email"></p></td>
</tr>
<tr>
<th><br><img src="pngimg.php" align="middle"></th><td><br><input name="user_code" type="text" size="10"></td>
</tr>
</table>

<br><br><input type="submit" name="Submit" value="Register">
</form>


</div>

</div>

</center>
<body>
<p></p>
</body>

<div id="box">
<div id="footer">
</div>
</div>
</div>
</div>
</style>
</center>
</html>

 

I dont think its this one as the connection is ok, but here it is anyway

<?php
$dbname = 'stonersg_myown';
$link = mysql_connect('localhost','stonersg_myown','davemira1') or die("Couldn't make connection.");
$db = mysql_select_db($dbname, $link) or die("Couldn't select database");
?>

 

I thank you in advance for your help. Lewis Stevens

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Your query is not matching any row(s) in your table ($num is equal to zero, but your query did execuite without any errors.) You are going to need to find out why it did not match any row(s.)

 

Echo the $sql variable so that you know exactly what it contains. Look directly in your table using your favorite database management tool and check if there is a row that should match the values that are in the WHERE clause in the query.

Link to comment
Share on other sites
lewisstevens1 Member

lewisstevens1

Posted
  • Author
Posted
Your query is not matching any row(s) in your table ($num is equal to zero, but your query did execuite without any errors.) You are going to need to find out why it did not match any row(s.)

 

Echo the $sql variable so that you know exactly what it contains. Look directly in your table using your favorite database management tool and check if there is a row that should match the values that are in the WHERE clause in the query.

 

Ok i read through this, i understand what you are trying to say, but i dont get why it wont. Here are my Database fields:

id - full_name - user_name - user_pwd - user_email - activation_code - joined - sex - user_activated - money - level - crystals - userdp - health - rep - exp - class - bonus - tutorial - mana - char_name - log_name

 

regarding the: $rs_duplicates change, i tried both ways, still didnt work

 

i found an error in login.php, where i put */ i deleted it but not much is happening, when im clicking register its not adding the new user to the database :S

 

Sorry about this and thankyou for all your help. :D

Link to comment
Share on other sites
Deoctor Member

Deoctor

Posted
Posted

i think the md5 of ur password is not matching out correctly..

have u tried to  echo these values and see.

 

and instead of this one 

SELECT id,user_email,full_name,money,level,crystals,userdp,health,exp,rep,class,bonus,tutorial,mana FROM users WHERE 
            user_email = '$user_email' AND 
            user_pwd = '$md5pass' AND user_activated='1'";

 

use as

SELECT * FROM users WHERE 
            user_email = '$user_email' AND 
            user_pwd = '$md5pass' AND user_activated='1'";

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

when im clicking register its not adding the new user to the database :S

 

That would be the first thing you need to troubleshoot and fix. What IS your browser displaying when you try to register? Do you get the email and does activate.php do what it is supposed to?

 

You cannot worry about login.php working until all the steps leading up to having a valid account are working.

Link to comment
Share on other sites
lewisstevens1 Member

lewisstevens1

Posted
  • Author
Posted

Mmmm nope... thats strange...

So theres somethihng wrong with:

	$md5pass = md5($_POST['pass2']);
$activ_code = rand(1000,9999);
$server = $_SERVER['HTTP_HOST'];
$host = ereg_replace('www.','',$server);
mysql_query("INSERT INTO users
              (`user_email`,`user_pwd`,`sex`,`joined`,`activation_code`,`full_name`)
			  VALUES
			  ('$_POST[email]','$md5pass','$_POST[sex]',now(),'$activ_code','$_POST[full_name]')") or die(mysql_error());

$message = 
"Thank you for registering an account with $server. Here are the login details...\n\n
User Email: $_POST[email] \n
Password: $_POST[pass2] \n
Activation Code: $activ_code \n
____________________________________________
*** ACTIVATION LINK ***** \n
Activation Link: http://$server/myown/activate.php?usr=$_POST[email]&code=$activ_code \n\n
_____________________________________________
Thank you. This is an automated response. PLEASE DO NOT REPLY.
";

mail($_POST['email'] , "Login Activation", $message,
    "From: \"Auto-Response\" <notifications@$host>\r\n" .
     "X-Mailer: PHP/" . phpversion());
unset($_SESSION['ckey']);
echo("Registration Successful! An activation code has been sent to your email address with an activation link...");	

exit;
}

Link to comment
Share on other sites
Deoctor Member

Deoctor

Posted
Posted

hai this is what that is going wrong in ur code..

u have given as the md5 but when i saw ur database u dont have the md5 of the passwords stored.

as well. u have given the given condition and

 

<?php 
include 'dbc.php';

$user_email = mysql_real_escape_string($_POST['email']);
$full_name = mysql_real_escape_string($_POST['full_name']);

$money = mysql_real_escape_string($_POST['money']);
$id = mysql_real_escape_string($_POST['id']);
$level = mysql_real_escape_string($_POST['level']);
$crystals = mysql_real_escape_string($_POST['crystals']);
$userdp = mysql_real_escape_string($_POST['userdp']);
$health = mysql_real_escape_string($_POST['health']);
$exp = mysql_real_escape_string($_POST['exp']);
$rep = mysql_real_escape_string($_POST['rep']);
$class = mysql_real_escape_string($_POST['class']);
$bonus = mysql_real_escape_string($_POST['bonus']);
$tutorial = mysql_real_escape_string($_POST['tutorial']);
$mana = mysql_real_escape_string($_POST['mana']);

if ($_POST['Submit']=='Login')
{
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,user_email,full_name,money,level,crystals,userdp,health,exp,rep,class,bonus,tutorial,mana FROM users WHERE 
            user_email = '$user_email' AND 
            user_pwd = '$md5pass' AND user_activated='1'"; 
         
$result = mysql_query($sql) or die (mysql_error()); 
$num = mysql_num_rows($result);

    if ( $num != 0 ) { 

       session_start(); 
      list($id,$full_name,$user_email,$money,$level,$crystals,$userdp,$health,$exp,$rep,$class,$bonus,$tutorial,$mana) = mysql_fetch_row($result);
      // session variables 
      $_SESSION['user']= $user_email;
      $_SESSION['full_name']= $full_name;
      $_SESSION['money']= $money;
      $_SESSION['id']= $id;
      $_SESSION['level']= $level;
      $_SESSION['crystals']= $crystals;
      $_SESSION['userdp']= $userdp;
      $_SESSION['health']= $health;
      $_SESSION['exp']= $exp;
      $_SESSION['rep']= $rep;
      $_SESSION['class']= $class;
      $_SESSION['bonus']= $bonus;
      $_SESSION['tutorial']= $tutorial;
      $_SESSION['mana']= $mana;*/

      
         
      if (isset($_GET['ret']) && !empty($_GET['ret']))
      {
      header("Location: $_GET[ret]");
      } else
      {
      header("Location: index.php");
      }
      exit();
    } 

header("Location: login.php?msg=Invalid Login");
exit();      
}

?>

after the condition satisfy u have given as

 

header("Location: login.php?msg=Invalid Login")

so it will always give u invalid login..

so i have changed it to else condition..

after login do u want to go the index page.??

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.