chris_rulez001 Posted December 22, 2007 Share Posted December 22, 2007 hi when i try to login, it says invalid password when the password that i typed is the one in the database. why is it saying invalid password? my code: $username = $_POST['username']; $password = $_POST['password']; mysql_connect("$host1", "$username1", "$password1")or die("cannot connect"); mysql_select_db("$db_name1")or die("cannot select DB"); $sql_user_check = "SELECT * FROM forumusers WHERE username='$username'"; $result_name_check = mysql_query($sql_user_check) OR DIE(mysql_error()); $usersfound = mysql_num_rows($result_name_check); if ($usersfound < 1) { $error = "Username $username not found."; } else { $sql_pass_get = "SELECT * FROM forumusers WHERE username='$username'"; $user_info = mysql_fetch_array(mysql_query($sql_pass_get)); $pass = $user_info['password']; if ($pass != md5($password)) { $error = "Invalid Password. Try Again."; } else { $_SESSION['userid'] = $user_info['id']; $_SESSION['username'] = $user_info['username']; $_SESSION['password'] = $user_info['password']; $_SESSION['email'] = $user_info['email']; $_SESSION['access_level'] = $user_info['access_level']; $_SESSION['dateregistered'] = $user_info['dateregistered']; $_SESSION['ip'] = $user_info['ip']; } if (!isset($_SESSION['username'])) { if ($error) { echo $error; } else { echo "<html> <head> <title>Logged In Successfully</title> <SCRIPT LANGUAGE='JavaScript'> <!-- Begin redirTime = '0000'; redirURL = 'index.php'; function redirTimer() { self.setTimeout('self.location.href = redirURL;',redirTime); } // End --> </script> </head> <body onLoad='redirTimer()'> You are logged in successfully, please wait to be redirected to the homepage.<br/><br/> </body> </html>"; } } } } Quote Link to comment Share on other sites More sharing options...
severndigital Posted December 22, 2007 Share Posted December 22, 2007 start at the very beginning .. are you sure the $password variable is being filled? Quote Link to comment Share on other sites More sharing options...
rarebit Posted December 22, 2007 Share Posted December 22, 2007 try echo'ing everything out as you go, e.g. the POST's and an md5 of post password, also the mysql md5'd password Quote Link to comment Share on other sites More sharing options...
soycharliente Posted December 22, 2007 Share Posted December 22, 2007 The problem with your code is that you're not closing some of your braces correctly. I can't really tell where because it's not neat, but they're definitely not enough opening and closing braces. Try tabbing out your statements for clarity starting with the else for the usersfound > 1. Also, there's no need for you to go back to your database again. You've already "SELECT * FROM forumusers" with your $sql_user_check. You can just reference that variable in your 2nd else statement. From the look of the variables, you're creating a forum. I don't know how many users you are planning on having, but you don't want 10,000 hits on the server every time 5,000 people login. Here's the code I use for every one of my login scripts. Don't mind sharing it since it has never given me any trouble. Maybe looking at some different code as a reference will help. <?php session_start(); if (isset($_POST["login_submit"])) { $un = $_POST["un"]; $pw = md5($_POST["pw"]); dbconnect(); $query = "SELECT * FROM users WHERE username='$un' AND password='$pw'"; $result = mysql_query($query) OR DIE("err0r: ".mysql_error()); dbclose(); if (mysql_num_rows($result) > 0) { $r = mysql_fetch_assoc($result); $user = $r["username"]; $pass = $r["password"]; if ($un == $user && $pw == $pass) { $_SESSION["user"] = $un; $loggedin = TRUE; } } else { $loggedin = FALSE; } } ?> Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted December 22, 2007 Author Share Posted December 22, 2007 The problem with your code is that you're not closing some of your braces correctly. I can't really tell where because it's not neat, but they're definitely not enough opening and closing braces. Try tabbing out your statements for clarity starting with the else for the usersfound > 1. Also, there's no need for you to go back to your database again. You've already "SELECT * FROM forumusers" with your $sql_user_check. You can just reference that variable in your 2nd else statement. From the look of the variables, you're creating a forum. I don't know how many users you are planning on having, but you don't want 10,000 hits on the server every time 5,000 people login. Here's the code I use for every one of my login scripts. Don't mind sharing it since it has never given me any trouble. Maybe looking at some different code as a reference will help. <?php session_start(); if (isset($_POST["login_submit"])) { $un = $_POST["un"]; $pw = md5($_POST["pw"]); dbconnect(); $query = "SELECT * FROM users WHERE username='$un' AND password='$pw'"; $result = mysql_query($query) OR DIE("err0r: ".mysql_error()); dbclose(); if (mysql_num_rows($result) > 0) { $r = mysql_fetch_assoc($result); $user = $r["username"]; $pass = $r["password"]; if ($un == $user && $pw == $pass) { $_SESSION["user"] = $un; $loggedin = TRUE; } } else { $loggedin = FALSE; } } ?> ok cheers charlie, i have used parts of the code and when i go to the next page it shows no error at all, so that means that it is reading from the database, but i dont think it has started a session, because on the main page it is supposed to say "Yo, (my username=admin)" but it doesnt, what is going on? i am using !isset($_SESSION['username'] == true) to detect if there is a session but the text that is supposed to show when the session is started, isnt showing at all. can you help me please? Quote Link to comment Share on other sites More sharing options...
revraz Posted December 22, 2007 Share Posted December 22, 2007 Post the next page. Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted December 22, 2007 Author Share Posted December 22, 2007 Post the next page. well its the code that charlie posted, here: session_start(); $username = $_POST["username"]; $password = md5($_POST["password"]); mysql_connect("$host1", "$username1", "$password1")or die("cannot connect"); mysql_select_db("$db_name1")or die("cannot select DB"); $query = "SELECT * FROM forumusers WHERE username='$username' AND password='$password'"; $result = mysql_query($query) OR DIE("error: ".mysql_error()); mysql_close(); if (mysql_num_rows($result) > 0) { $r = mysql_fetch_assoc($result); $user = $r["username"]; $pass = $r["password"]; if ($username == $user && $password == $pass) { $_SESSION["username"] = $username; $_SESSION["access_level"] = $r["access_level"]; $loggedin = TRUE; } } else { $loggedin = FALSE; } } like i said its not activating the session Quote Link to comment Share on other sites More sharing options...
revraz Posted December 22, 2007 Share Posted December 22, 2007 Post both pages completely. Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted December 22, 2007 Author Share Posted December 22, 2007 the first page is just the html form here: <form id='form1' name='form1' method='post' action='?action=login2'> <p>Username: <input name='username' type='text' id='username' /> </p> <p>Password: <input name='password' type='password' id='password' /> </p> <p> <input type='submit' name='Submit' value='Login!' /> </p> </form> Quote Link to comment Share on other sites More sharing options...
revraz Posted December 22, 2007 Share Posted December 22, 2007 What is your php filename? Quote Link to comment Share on other sites More sharing options...
shlumph Posted December 22, 2007 Share Posted December 22, 2007 I have a feeling it has to do with this condition: if ($pass != md5($password)) Are you sure md5 is properly doing its job? Is the password encrypted in the database? You should try not hashing the password and seeing if it works, then try and implement md5 correctly, if this is the case... On a side note, it's good practice to select columns that you're going to use in your SQL query $sql_user_check = "SELECT * FROM forumusers WHERE username='$username'"; Can be optimized to $sql_user_check = "SELECT username FROM forumusers WHERE username='$username'"; Quote Link to comment Share on other sites More sharing options...
revraz Posted December 22, 2007 Share Posted December 22, 2007 Post the Main Page as well. ok cheers charlie, i have used parts of the code and when i go to the next page it shows no error at all, so that means that it is reading from the database, but i dont think it has started a session, because on the main page it is supposed to say "Yo, (my username=admin)" but it doesnt, what is going on? i am using !isset($_SESSION['username'] == true) to detect if there is a session but the text that is supposed to show when the session is started, isnt showing at all. can you help me please? Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted December 22, 2007 Author Share Posted December 22, 2007 well i am using switch() so all of the code is in one file, index.php do you want me to post the whole of the code (over 1300 lines)? Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted December 22, 2007 Share Posted December 22, 2007 yes Quote Link to comment Share on other sites More sharing options...
revraz Posted December 22, 2007 Share Posted December 22, 2007 Lets make sure Sessions work first. Create two new files, page1.php and page2.php page1.php <?php session_start(); $_SESSION['test'] = "test"; echo "Session Set"; ?> page2.php <?php session_start(); echo $_SESSION['test']; echo "Do you see test?"; ?> Run page1.php, then run page2.php. Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted December 22, 2007 Author Share Posted December 22, 2007 ok, ill try what revraz said, but i cant post the code, it says "the message exceeds the maximum allowed length (40000 characters)." so i have made an account on ripway, and here is the link to the code EDIT: tried what revraz said, and i got this in page1.php: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at J:\XAMPP\xampp\htdocs\page1.php:9) in J:\XAMPP\xampp\htdocs\page1.php on line 10 Session Set and i got this in page 2.php: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at J:\XAMPP\xampp\htdocs\page2.php:9) in J:\XAMPP\xampp\htdocs\page2.php on line 10 test Do you see test? Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted December 22, 2007 Share Posted December 22, 2007 put ob_start before session_start Quote Link to comment Share on other sites More sharing options...
revraz Posted December 22, 2007 Share Posted December 22, 2007 Better yet, use Notepad to create the files. Sounds like whatever editor you are using is adding whitespace or a character to the file. Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted December 22, 2007 Author Share Posted December 22, 2007 yep, tried it in notepad and it has worked perfectly no errors Quote Link to comment Share on other sites More sharing options...
revraz Posted December 22, 2007 Share Posted December 22, 2007 Which means whatever editor you are using is stopping the sessions from starting because it's inserting something. Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted December 22, 2007 Author Share Posted December 22, 2007 Which means whatever editor you are using is stopping the sessions from starting because it's inserting something. ok i am using dreamweaver, so do i copy the code from dreamweaver and put it in notepad and see if it works? Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted December 22, 2007 Author Share Posted December 22, 2007 ive tried copying the code from dreamweaver and pasting it into notepad, and its still doing the same problem, its not activating the session. Quote Link to comment Share on other sites More sharing options...
revraz Posted December 23, 2007 Share Posted December 23, 2007 How many pages or actions do you have embedded into one page? May want to consider breaking them into seperate pages rather than one very large index.php file. Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted December 23, 2007 Author Share Posted December 23, 2007 How many pages or actions do you have embedded into one page? May want to consider breaking them into seperate pages rather than one very large index.php file. ok, im breaking the code up into seperate pages, like you said. do you want me to post login.php when i have created it? Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted December 23, 2007 Author Share Posted December 23, 2007 here is the code for login.php: <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <?php $host1="localhost"; // Host name $username1="root"; // Mysql username $password1="***"; // Mysql password $db_name1="forum"; // Database name $tbl_name4="thunderboardforums"; // Table name // Connect to server and select databse. mysql_connect("$host1", "$username1", "$password1")or die("cannot connect"); mysql_select_db("$db_name1")or die("cannot select DB"); $sql4="SELECT * FROM $tbl_name4 ORDER BY id DESC"; // OREDER BY id DESC is order result by descending $result4=mysql_query($sql4); $rows4 = mysql_fetch_array($result4); ?> <title><?php echo $rows4['forumtitle']; ?> - <?php mysql_connect("$host1", "$username1", "$password1")or die("cannot connect"); mysql_select_db("$db_name1")or die("cannot select DB"); $sqlb="SELECT * FROM boardsetting WHERE action='boardactive'"; // OREDER BY id DESC is order result by descending $resultb=mysql_query($sqlb); $boardsetting = mysql_fetch_array($resultb); $action = $_GET['action']; if ($action == "") { echo "Login"; } else if ($action == "login2") { echo "Login"; } else if ($boardsetting['setting'] == 2) { echo "Forum Unavailable"; } else { echo ""; } ?></title> <link rel="stylesheet" href="css/stylesheet.css" /> </head> <body text="000000" bgcolor="F1F1F1" link="003399" vlink="003399" alink="003399"> <?php $tbl_name="boards"; // Table name // Connect to server and select databse. mysql_connect("$host1", "$username1", "$password1")or die("cannot connect"); mysql_select_db("$db_name1")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name ORDER BY id DESC"; // OREDER BY id DESC is order result by descending $result=mysql_query($sql); ?> <?php $tbl_name1="forumusers"; // Table name // Connect to server and select databse. mysql_connect("$host1", "$username1", "$password1")or die("cannot connect"); mysql_select_db("$db_name1")or die("cannot select DB"); $sql1="SELECT * FROM $tbl_name1 ORDER BY id DESC"; // OREDER BY id DESC is order result by descending $result1=mysql_query($sql1); $rows1 = mysql_fetch_array($result1); ?> <?php $tbl_name2="topics"; // Table name // Connect to server and select databse. mysql_connect("$host1", "$username1", "$password1")or die("cannot connect"); mysql_select_db("$db_name1")or die("cannot select DB"); $sql9="SELECT * FROM $tbl_name2 ORDER BY id DESC"; // OREDER BY id DESC is order result by descending $result9=mysql_query($sql9); $rows9 = mysql_fetch_array($result9); ?> <br /> <br/> <table border="0" width="900" cellspacing="0" cellpadding="0" style="border-color:#000000" align="center"> <tr> <td align='center'>My Forum<br/><br/><br/> << <?php $action = $_GET['action']; mysql_connect("$host1", "$username1", "$password1")or die("cannot connect"); mysql_select_db("$db_name1")or die("cannot select DB"); $sqlb="SELECT * FROM boardsetting WHERE action='boardactive'"; // OREDER BY id DESC is order result by descending $resultb=mysql_query($sqlb); $boardsetting = mysql_fetch_array($resultb); mysql_connect("$host1", "$username1", "$password1")or die("cannot connect"); mysql_select_db("$db_name1")or die("cannot select DB"); $sqlb1="SELECT setting FROM boardsetting WHERE action='boardmessage'"; // OREDER BY id DESC is order result by descending $resultb1=mysql_query($sqlb1); $boardmessage = mysql_fetch_array($resultb1); if ($action == "") { echo "Login"; } else if ($action == "login2") { echo "Login"; } else if ($boardsetting['setting'] == 2) { echo "Forum Unavailable"; } else { echo ""; } ?> >> </td> <td align='center'><?php if (!isset($_SESSION['username']) == false) { echo "Yo, ".$_SESSION['username']."<br/><br/>You currently have no new pms, You have <a href='index.php?action=pm'>111 pms</a> in your inbox."; } else{ echo "Yo, Guest, Please <a href='login.php'>Login</a> or <a href='register.php'>Register</a><br/>"; }?> <br/><br/><?php $date = date("l F d, g i a"); echo $date; ?><br/><br/> </td> </tr> <tr> <td class="menubg" valign="middle" bgcolor="EFEFEF" align="center" colspan="2"><font size="1"> <a href="index.php">Home</a> <a href="help.php">Help</a> <a href="members.php">Members</a> <a href="view_profile.php">Profile</a><?php if ($_SESSION['username'] == "admin") { echo " <a href='admin.php'>Admin Panel</a>"; }else { echo ""; } ?> <?php if (!isset($_SESSION['username']) == false) { echo " <a href='logout.php'>Logout</a>"; }else { echo " <a href='login.php'>Login</a> <a href='register.php'>Register</a>"; } ?> </font></td> </tr> </table> <br /><br/> <?php $action = $_GET['action']; switch ($action) { //start of login default: mysql_connect("$host1", "$username1", "$password1")or die("cannot connect"); mysql_select_db("$db_name1")or die("cannot select DB"); $sqlb="SELECT * FROM boardsetting WHERE action='boardactive'"; // OREDER BY id DESC is order result by descending $resultb=mysql_query($sqlb); $boardsetting = mysql_fetch_array($resultb); $username = $_POST['username']; $password = $_POST['password']; echo "<table width='92%' cellspacing='0' cellpadding='0' align='center'> <tr> <td valign='top' width='100%'> <br /> <a href='index.php' class='nav'>".$rows4['forumtitle']."</a> --> "; if ($action == "") { echo "Login"; } else if ($action == "login2") { echo "Login"; } else if ($boardsetting['setting'] == 2) { echo "Forum Unavailable"; } else { echo ""; } if ($boardsetting['setting'] == 2) { echo "<br/><br/> <table border='0' width='100%' cellspacing='0' cellpadding='0'> <tr> <td> <table cellpadding='4' cellspacing='1' border='0' width='100%'>"; echo "<tr> <td class='catbg' bgcolor='DADADA' height='18'> $boardmessage<br/><br/> Admin Team. </td>"; echo "</table><br/><br/>"; } else { echo "<br/><br/> <table border='0' width='100%' cellspacing='0' cellpadding='0'> <tr> <td> <table cellpadding='4' cellspacing='1' border='0' width='100%'> <tr> <td style='background-color:DADADA' colspan='2'> <font color='0000' size='-1'><b>Login</b></font></td> </tr>"; echo "<tr> <td class='catbg' bgcolor='DADADA' height='18'> <form id='form1' name='form1' method='post' action='?action=login2'> <p>Username: <input name='username' type='text' id='username' /> </p> <p>Password: <input name='password' type='password' id='password' /> </p> <p> <input type='submit' name='Submit' value='Login!' /> </p> </form>"; echo "</td> </tr> </table></td> </tr> </table><br/><br/>"; } break; //end of login case login2: mysql_connect("$host1", "$username1", "$password1")or die("cannot connect"); mysql_select_db("$db_name1")or die("cannot select DB"); $sqlb="SELECT * FROM boardsetting WHERE action='boardactive'"; // OREDER BY id DESC is order result by descending $resultb=mysql_query($sqlb); $boardsetting = mysql_fetch_array($resultb); echo "<table width='92%' cellspacing='0' cellpadding='0' align='center'> <tr> <td valign='top' width='100%'> <br /> <a href='index.php' class='nav'>".$rows4['forumtitle']."</a> --> "; if ($action == "") { echo "Login"; } else if ($action == "login2") { echo "Login"; } else if ($boardsetting['setting'] == 2) { echo "Forum Unavailable"; } else { echo ""; } if ($boardsetting['setting'] == 2) { echo "<br/><br/> <table border='0' width='100%' cellspacing='0' cellpadding='0'> <tr> <td> <table cellpadding='4' cellspacing='1' border='0' width='100%'>"; echo "<tr> <td class='catbg' bgcolor='DADADA' height='18'> $boardmessage<br/><br/> Admin Team. </td>"; echo "</table><br/><br/>"; } else { echo "<br/><br/> <table border='0' width='100%' cellspacing='0' cellpadding='0'> <tr> <td> <table cellpadding='4' cellspacing='1' border='0' width='100%'> <tr> <td style='background-color:DADADA' colspan='2'> <font color='0000' size='-1'><b>Login</b></font></td> </tr>"; echo "<tr> <td class='catbg' bgcolor='DADADA' height='18'>"; $username = $_POST["username"]; $password = md5($_POST["password"]); mysql_connect("$host1", "$username1", "$password1")or die("cannot connect"); mysql_select_db("$db_name1")or die("cannot select DB"); if(mysql_real_escape_string(empty($username))) { echo "You havent filled all the required fields<br/><br/><a href='javascript:history.go(-1)'>Go Back</a>"; } else if (mysql_real_escape_string(empty($password))) { echo "You havent filled all the required fields<br/><br/><a href='javascript:history.go(-1)'>Go Back</a>"; } else { $query = "SELECT * FROM forumusers WHERE username='$username' AND password='$password'"; $result = mysql_query($query) OR DIE("error: ".mysql_error()); mysql_close(); if (mysql_num_rows($result) > 0) { $r = mysql_fetch_assoc($result); $user = $r["username"]; $pass = $r["password"]; if ($username == $user && $password == $pass) { $_SESSION["username"] = $username; $loggedin = TRUE; } } else { $loggedin = FALSE; } } } echo "</td> </tr> </table></td> </tr> </table><br/><br/>"; break; } ?> <div align="center"><?php include('includes/copyright.php'); echo $hosted; ?></div> </body> </html> to get username and password into $_SESSION['username'] and $_SESSION['password'] couldn't i use session_register() or wouldnt that work for what i want the session to do? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.