johnseito Posted April 5, 2008 Share Posted April 5, 2008 Hello everyone, I was just wondering why when I login with the form, the username and password stored in the database after registration didn't exist when it actually does exist. over here in the confirmuser function it said if no result or no row return a 1 which means there is no username if(!$result || (mysql_numrows($result) < 1)){ return 1; /** Indicates username failure.. if username and password then return 1 */ } over here after the login in button is clicked, and $result=1 which is carried over from the confirmuser function to say, the username doesn't exist in our database. if($result == 1){ die('That username doesn\'t exist in our database.'); } Thanks, I was just wondering why when the username is in the database yet it still say it didn't. <?php /** * Checks whether or not the given username is in the * database, if so it checks if the given password is * the same password in the database for that user. * If the user doesn't exist or if the passwords don't * match up, it returns an error code (1 or 2). * On success it returns 0. */ function confirmUser($username, $password){/** ---------------------------------CONFIRM USER-----------*/ global $conn; /** Add slashes if necessary - add slashes to ' " \ (for query) Shows whether the configuration option get_magic_quotes_gpc() is on or off. This can also be determined from phpinfo() . For example, this function is useful for determining whether addslashes() needs to be used on data before writing it to a database. magic_quotes_gpc controls whether data received from GET, POST, or cookie operations has special characters prepended with a backslash (\). */ if(!get_magic_quotes_gpc()) {// Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("),An example use of addslashes() is when you're entering data into a database. For example, to insert the name O'reilly into a database, you will need to escape it. Most databases do this with a \ which would mean O\'reilly. This would only be to get the data into the database, the extra \ will not be inserted. $username = addslashes($username); } /** Verify that user is in database */ $result = mysql_query("select password from users where username ='$username'"); /** password is a field from users table, username field */ //$q = "select password from users where username = '$username'"; //$result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ return 1; /** Indicates username failure.. if username and password then return 1 */ } /** Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); //$password = stripslashes($dbarray['password']); $dbarray['password'] = stripslashes($dbarray['password']); // password is the field from the database $password = stripslashes($password); /** Validate that password is correct */ if($password == $dbarray['password']){ return 0; /** Success! Username and password confirmed */ } else{ return 2; /** Indicates password failure*/ } }/** --------------------------------CONFIRM USER--------------------------------------------- */ /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ /** Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ $_SESSION['username'] = $_COOKIE['cookname']; $_SESSION['password'] = $_COOKIE['cookpass']; } /** Username and password have been set */ if(isset($_SESSION['username']) && isset($_SESSION['password'])){ /** Confirm that username and password are valid */ if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){ /** Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['password']); return false; } return true; } /** User not logged in */ else{ return false; } } /** * Determines whether or not to display the login * form or to show the user that he is logged in * based on if the session variables are set. */ function displayLogin(){ global $logged_in; //if(isset($_POST['sublogin'])){ if($logged_in){ echo "<h1>Logged In!</h1>"; echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>"; } else{ ?> <h1>Login</h1> <form action="" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"> <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr> <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr> <tr><td colspan="2" align="left"><input type="checkbox" name="remember"> <font size="2">Remember me next time</td></tr> <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr> <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr> </table> </form> <?php } } /** * Checks to see if the user has submitted his * username and password through the login form, * if so, checks authenticity in database and * creates session. */ if(isset($_POST['sublogin'])){/** ================================================================================= /** Check that all fields were typed in */ if(!$_POST['user'] || !$_POST['pass']){ die('You didn\'t fill in a required field.'); } /** Spruce up username, check length */ $_POST['user'] = trim($_POST['user']); if(strlen($_POST['user']) > 30){ die("Sorry, the username is longer than 30 characters, please shorten it."); } /** Checks that username is in database and password is correct */ $md5pass = md5($_POST['pass']); $result = confirmUser($_POST['user'], $md5pass); /** Check error codes */ if($result == 1){ die('That username doesn\'t exist in our database.'); } else if($result == 2){ die('Incorrect password, please try again.'); } /** Username and password correct, register session variables */ $_POST['user'] = stripslashes($_POST['user']); $_SESSION['username'] = $_POST['user']; $_SESSION['password'] = $md5pass; /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his md5 encrypted password. We set them both to * expire in 100 days. Now, next time he comes to our site, we will * log him in automatically. */ if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); } /** Quick self-redirect to avoid resending data on refresh */ echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[php_SELF]\">"; return; }/** =========================================================================================================== /** Sets the value of the logged_in variable, which can be used in your code */ $logged_in = checkLogin(); displayLogin(); ?> Link to comment https://forums.phpfreaks.com/topic/99639-username-not-in-database-when-it-is/ Share on other sites More sharing options...
Caesar Posted April 5, 2008 Share Posted April 5, 2008 Haven't looked through your code but try trimming any and all white space on both the username in the db and the username you are submitting/posting. If anything, just to test. You'll want to print out all the vars in question just to make sure they are set. On my way out so can't comb through your code. Hope that helps. <?php $query = $DB->query("SELECT * FROM `users` WHERE TRIM(`username`)='".trim($username)."' AND `id`='".$id."' "); ?> Link to comment https://forums.phpfreaks.com/topic/99639-username-not-in-database-when-it-is/#findComment-509713 Share on other sites More sharing options...
quiettech Posted April 5, 2008 Share Posted April 5, 2008 Another issue is if the username has characters like '. if magic_quotes_gpc is enabled (which usually is) you shouldn't use addslashes(). Check if get_magic_quotes_gpc() returns 1 or 0. Link to comment https://forums.phpfreaks.com/topic/99639-username-not-in-database-when-it-is/#findComment-509715 Share on other sites More sharing options...
johnseito Posted April 5, 2008 Author Share Posted April 5, 2008 Another issue is if the username has characters like '. if magic_quotes_gpc is enabled (which usually is) you shouldn't use addslashes(). Check if get_magic_quotes_gpc() returns 1 or 0. magic_quotes_gpc is off, it returns a 0, that is why I have this code, if it's off/not on, addslashes to username. if(!get_magic_quotes_gpc()) { $username = addslashes($username); } thanks, Link to comment https://forums.phpfreaks.com/topic/99639-username-not-in-database-when-it-is/#findComment-509722 Share on other sites More sharing options...
johnseito Posted April 5, 2008 Author Share Posted April 5, 2008 Haven't looked through your code but try trimming any and all white space on both the username in the db and the username you are submitting/posting. If anything, just to test. You'll want to print out all the vars in question just to make sure they are set. On my way out so can't comb through your code. Hope that helps. yes, on my register.php page I trim the username entered with this code : $a = trim($_POST['user']); then on my login.php page I trim the username entered with this code : $_POST['user'] = trim($_POST['user']); Thanks, Link to comment https://forums.phpfreaks.com/topic/99639-username-not-in-database-when-it-is/#findComment-509724 Share on other sites More sharing options...
johnseito Posted April 5, 2008 Author Share Posted April 5, 2008 bump any idea why? Link to comment https://forums.phpfreaks.com/topic/99639-username-not-in-database-when-it-is/#findComment-509931 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.