Jump to content

login problem

erez22

By erez22
in PHP Coding Help

 Share

Recommended Posts

erez22 Newbie

erez22

Posted
Posted (edited)

 Hello,

here is the code I found in a php website for register, login with php and mysql.

When I registered it worked but when I tried to login with the detailes I entered into the database I got this error message:

 Incorrect Credentials, Try again

What is wrong? help me please.

 

dbconnect.php

<?php
 
// this will avoid mysql_connect() deprecation error.
error_reporting( ~E_DEPRECATED & ~E_NOTICE );
// but I strongly suggest you to use PDO or MySQLi.
 
define('DBHOST', 'localhost');
define('DBUSER', 'root');
define('DBPASS', '');
define('DBNAME', 'dbregistration');
 
$conn = mysql_connect(DBHOST,DBUSER,DBPASS);
$dbcon = mysql_select_db(DBNAME);
 
if ( !$conn ) {
    die("Connection failed : " . mysql_error());
}
 
if ( !$dbcon ) {
    die("Database Connection failed : " . mysql_error());
}
?>

home.php

<?php
ob_start();
session_start();
require_once 'dbconnect.php';
 
// if session is not set this will redirect to login page
if( !isset($_SESSION['user']) ) {
    header("Location: index.php");
    exit;
}
// select loggedin users detail
$res=mysql_query("SELECT * FROM users WHERE userId=".$_SESSION['user']);
$userRow=mysql_fetch_array($res);
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Welcome - <?php echo $userRow['userEmail']; ?></title>
<link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css"  />
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
 
 <nav class="navbar navbar-default navbar-fixed-top">
      <div class="container">
        <div class="navbar-header">
          <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
            <span class="sr-only">Toggle navigation</span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
            <span class="icon-bar"></span>
          </button>
          <a class="navbar-brand" href="http://www.codingcage.com">Coding Cage</a>
        </div>
        <div id="navbar" class="navbar-collapse collapse">
          <ul class="nav navbar-nav">
            <li class="active"><a href="http://www.codingcag...-php-mysql.html">Back to Article</a></li>
            <li><a href="http://www.codingcag...jQuery</a></li>
            <li><a href="http://www.codingcag...P">PHP</a></li>
          </ul>
          <ul class="nav navbar-nav navbar-right">
           
            <li class="dropdown">
              <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">
     <span class="glyphicon glyphicon-user"></span> Hi' <?php echo $userRow['userEmail']; ?> <span class="caret"></span></a>
              <ul class="dropdown-menu">
                <li><a href="logout.php?logout"><span class="glyphicon glyphicon-log-out"></span> Sign Out</a></li>
              </ul>
            </li>
          </ul>
        </div><!--/.nav-collapse -->
      </div>
    </nav>
 
 <div id="wrapper">
 
 <div class="container">
   
     <div class="page-header">
     <h3>Coding Cage - Programming Blog</h3>
     </div>
       
        <div class="row">
        <div class="col-lg-12">
        <h1>Focuses on PHP, MySQL, Ajax, jQuery, Web Design and more...</h1>
        </div>
        </div>
   
    </div>
   
    </div>
   
    <script src="assets/jquery-1.11.3-jquery.min.js"></script>
    <script src="assets/js/bootstrap.min.js"></script>
   
</body>
</html>
<?php ob_end_flush(); ?>

index.php

<?php
 ob_start();
 session_start();
 require_once 'dbconnect.php';
 
 // it will never let you open index(login) page if session is set
 if ( isset($_SESSION['user'])!="" ) {
  header("Location: home.php");
  exit;
 }
 
 $error = false;
 
 if( isset($_POST['btn-login']) ) {
 
  // prevent sql injections/ clear user invalid inputs
  $email = trim($_POST['email']);
  $email = strip_tags($email);
  $email = htmlspecialchars($email);
 
  $pass = trim($_POST['pass']);
  $pass = strip_tags($pass);
  $pass = htmlspecialchars($pass);
  // prevent sql injections / clear user invalid inputs
 
  if(empty($email)){
   $error = true;
   $emailError = "Please enter your email address.";
  } else if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
   $error = true;
   $emailError = "Please enter valid email address.";
  }
 
  if(empty($pass)){
   $error = true;
   $passError = "Please enter your password.";
  }
 
  // if there's no error, continue to login
  if (!$error) {
  
   $password = hash('sha256', $pass); // password hashing using SHA256
  
 
   $res=mysql_query("SELECT userId, userName, userPass FROM users WHERE userEmail='$email'");
  
   $row=mysql_fetch_array($res);
  
   $count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
  
   if( $count == 1 && $row['userPass']==$password ) {
    $_SESSION['user'] = $row['userId'];
    header("Location: home.php");
   } else {
    $errMSG = "Incorrect Credentials, Try again...";
   }
   
  }
 
 }
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Coding Cage - Login & Registration System</title>
<link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css"  />
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
 
<div class="container">
 
 <div id="login-form">
    <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
   
     <div class="col-md-12">
       
         <div class="form-group">
             <h2 class="">Sign In.</h2>
            </div>
       
         <div class="form-group">
             <hr />
            </div>
           
            <?php
   if ( isset($errMSG) ) {
   
    ?>
    <div class="form-group">
             <div class="alert alert-danger">
    <span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG; ?>
                </div>
             </div>
                <?php
   }
   ?>
           
            <div class="form-group">
             <div class="input-group">
                <span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
             <input type="email" name="email" class="form-control" placeholder="Your Email" value="<?php echo $email; ?>" maxlength="40" />
                </div>
                <span class="text-danger"><?php echo $emailError; ?></span>
            </div>
           
            <div class="form-group">
             <div class="input-group">
                <span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
             <input type="password" name="pass" class="form-control" placeholder="Your Password" maxlength="15" />
                </div>
                <span class="text-danger"><?php echo $passError; ?></span>
            </div>
           
            <div class="form-group">
             <hr />
            </div>
           
            <div class="form-group">
             <button type="submit" class="btn btn-block btn-primary" name="btn-login">Sign In</button>
            </div>
           
            <div class="form-group">
             <hr />
            </div>
           
            <div class="form-group">
             <a href="register.php">Sign Up Here...</a>
            </div>
       
        </div>
  
    </form>
    </div>
 
</div>
 
</body>
</html>
<?php ob_end_flush(); ?>

logout.php

<?php
 session_start();
 if (!isset($_SESSION['user'])) {
  header("Location: index.php");
 } else if(isset($_SESSION['user'])!="") {
  header("Location: home.php");
 }
 
 if (isset($_GET['logout'])) {
  unset($_SESSION['user']);
  session_unset();
  session_destroy();
  header("Location: index.php");
  exit;
 }
?>

register.php

<?php
 ob_start();
 session_start();
 if( isset($_SESSION['user'])!="" ){
  header("Location: home.php");
 }
 include_once 'dbconnect.php';
 
 $error = false;
 
 if ( isset($_POST['btn-signup']) ) {
 
  // clean user inputs to prevent sql injections
  $name = trim($_POST['name']);
  $name = strip_tags($name);
  $name = htmlspecialchars($name);
 
  $email = trim($_POST['email']);
  $email = strip_tags($email);
  $email = htmlspecialchars($email);
 
  $pass = trim($_POST['pass']);
  $pass = strip_tags($pass);
  $pass = htmlspecialchars($pass);
 
  // basic name validation
  if (empty($name)) {
   $error = true;
   $nameError = "Please enter your full name.";
  } else if (strlen($name) < 3) {
   $error = true;
   $nameError = "Name must have atleat 3 characters.";
  } else if (!preg_match("/^[a-zA-Z ]+$/",$name)) {
   $error = true;
   $nameError = "Name must contain alphabets and space.";
  }
 
  //basic email validation
  if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
   $error = true;
   $emailError = "Please enter valid email address.";
  } else {
   // check email exist or not
   $query = "SELECT userEmail FROM users WHERE userEmail='$email'";
   $result = mysql_query($query);
   $count = mysql_num_rows($result);
   if($count!=0){
    $error = true;
    $emailError = "Provided Email is already in use.";
   }
  }
  // password validation
  if (empty($pass)){
   $error = true;
   $passError = "Please enter password.";
  } else if(strlen($pass) < 6) {
   $error = true;
   $passError = "Password must have atleast 6 characters.";
  }
 
  // password encrypt using SHA256();
  $password = hash('sha256', $pass);
 
  // if there's no error, continue to signup
  if( !$error ) {
  
   $query = "INSERT INTO users(userName,userEmail,userPass) VALUES('$name','$email','$password')";
   $res = mysql_query($query);
   
   if ($res) {
    $errTyp = "success";
    $errMSG = "Successfully registered, you may login now";
    unset($name);
    unset($email);
    unset($pass);
   } else {
    $errTyp = "danger";
    $errMSG = "Something went wrong, try again later...";
   }
   
  }
 
 
 }
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Coding Cage - Login & Registration System</title>
<link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css"  />
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
 
<div class="container">
 
 <div id="login-form">
    <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
   
     <div class="col-md-12">
       
         <div class="form-group">
             <h2 class="">Sign Up.</h2>
            </div>
       
         <div class="form-group">
             <hr />
            </div>
           
            <?php
   if ( isset($errMSG) ) {
   
    ?>
    <div class="form-group">
             <div class="alert alert-<?php echo ($errTyp=="success") ? "success" : $errTyp; ?>">
    <span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG; ?>
                </div>
             </div>
                <?php
   }
   ?>
           
            <div class="form-group">
             <div class="input-group">
                <span class="input-group-addon"><span class="glyphicon glyphicon-user"></span></span>
             <input type="text" name="name" class="form-control" placeholder="Enter Name" maxlength="50" value="<?php echo $name ?>" />
                </div>
                <span class="text-danger"><?php echo $nameError; ?></span>
            </div>
           
            <div class="form-group">
             <div class="input-group">
                <span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
             <input type="email" name="email" class="form-control" placeholder="Enter Your Email" maxlength="40" value="<?php echo $email ?>" />
                </div>
                <span class="text-danger"><?php echo $emailError; ?></span>
            </div>
           
            <div class="form-group">
             <div class="input-group">
                <span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
             <input type="password" name="pass" class="form-control" placeholder="Enter Password" maxlength="15" />
                </div>
                <span class="text-danger"><?php echo $passError; ?></span>
            </div>
           
            <div class="form-group">
             <hr />
            </div>
           
            <div class="form-group">
             <button type="submit" class="btn btn-block btn-primary" name="btn-signup">Sign Up</button>
            </div>
           
            <div class="form-group">
             <hr />
            </div>
           
            <div class="form-group">
             <a href="index.php">Sign in Here...</a>
            </div>
       
        </div>
  
    </form>
    </div>
 
</div>
 
</body>
</html>
<?php ob_end_flush(); ?>
Edited by cyberRobot
added [code][/code] tags
Link to comment
Share on other sites
cyberRobot Prolific Member

cyberRobot

Posted
Posted

Have you tried outputting $row['userPass'] and $password to see if they contain the same value? Perhaps the password field in the database was truncated.

 

Side note: In case you are not aware, the mysql_* functions have been removed in PHP 7. You will need to switch to PDO or MySQLi in the near future. More information can be found here:

http://php.net/manual/en/mysqlinfo.api.choosing.php

Link to comment
Share on other sites
ginerjm Prolific Member

ginerjm

Posted
Posted

Why should we help you debug outdated code using MySQL? Also - that first line of the connect code - did you read it? It is specifically ignoring errors that would tell you to stop using MySQL if it even works at all. It attempts to ignore two kinds of errors, but does it ever turn ON the other types of error messages. Does it even turn on the message display so that YOU can see any errors or do you make it a habit to view the error log every time you test it?

 

It's been so long since I used MySQL I may be missing something but you first do a connect and create a handle called $conn. Then you select a db but never reference your handle but do (attempt to) produce another handle. Does that even work?

 

See my signature for a better way to turn on error checking. And stop using MySQL.

Link to comment
Share on other sites
cyberRobot Prolific Member

cyberRobot

Posted
Posted

It's been so long since I used MySQL I may be missing something but you first do a connect and create a handle called $conn. Then you select a db but never reference your handle but do (attempt to) produce another handle. Does that even work?

 

If the handle is not provided, mysql_* functions use the last one created.

 

 

And stop using MySQL.

 

@erez22 - Just to clarify, the above refers to the mysql_* functions. Feel free to continue using MySQL for your database needs.  :happy-04:

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.