Jump to content

[SOLVED] log in action

Rother2005

By Rother2005
in PHP Coding Help

Recommended Posts

Rother2005 Member

Rother2005

Posted
Posted
I’ve got data in my database and the code acknowledges that the user is there but not the password :S

the error i get is Incorrect password, please try again. even tho its the right password

<?php
// Connects to your Database
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("booze") or die(mysql_error());

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{
$Username = $_COOKIE['ID_my_site'];
$Pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM member WHERE Username = '$Username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($Pass != $info['Password'])
{
}
else
{
header("Location: members.php");

}
}
}

//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
if(!$_POST['Username'] | !$_POST['Pass']) {
die('You did not fill in a required field.');
}
// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM member WHERE Username = '".$_POST['Username']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database.<a href=loginpage.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['Pass'] = stripslashes($_POST['Pass']);
$info['Password'] = stripslashes($info['Password']);
$_POST['Pass'] = md5($_POST['Pass']);

//gives error if the password is wrong
if ($_POST['Pass'] != $info['Password']) {
die('Incorrect password, please try again.');
}
else
{

// if login is ok then we add a cookie
$_POST['Username'] = stripslashes($_POST['Username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['Username'], $hour);
setcookie(Key_my_site, $_POST['Pass'], $hour);

//then redirect them to the members area
header("Location: members.php");
}
}
}
else
{

// if they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="Username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="Pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}

?>

thanks in advance!
Rother2005 Member

Rother2005

Posted
  • Author
Posted
i dont quite understand that 2b honest heres my reg script can you point out what s needs to be dun?

<?php
include('connect1.inc');?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Booze Cruise Reg</title>

</head>
<body>

<?php
if(!$_POST['register']){echo'<p align="center"><strong>Member Registration</strong></p>
<form name="form1" method="POST" action="">
<p align="center">Username: <input type="text" name="username"></p>
<p align="center">Password: <input type="text" name="password"></p>
<p align="center">Firsname: <input type="text" name="firstname"></p>
<p align="center">Surname:  <input type="text" name="surname"></p>
<p align="center">Address 1:<input type="text" name="address1"></p>
<p align="center">Address 2:<input type="text" name="address2"></p>
<p align="center">Town:    <input type="text" name="town"></p>
<p align="center">County:  <input type="text" name="county"></p>
<p align="center">Postcode: <input type="text" name="postcode"></p>
<p align="center">Tel No:  <input type="text" name="telno"></p>
<p align="center">Mobile:  <input type="text" name="mobile"></p>
<p align="center">Email:    <input type="text" name="email"></p>
<p align="center"><input type="submit" name="register" value="Enter Details"></p></form>';}

else{$username=$_POST['username'];$password=$_POST['password'];$firstname=$_POST['firstname'];$surname=$_POST['surname'];$address1=$_POST['address1'];$address2=$_POST['address2'];$town=$_POST['town'];$county=$_POST['county'];
$postcode=$_POST['postcode'];$telno=$_POST['telno'];$mobile=$_POST['mobile'];$email=$_POST['email'];

$sql = "INSERT INTO member(Username,Password,Firstname,Surname,Address1,Address2,Town,County,Postcode,TelNo,Mobile,Email)
VALUES ('$username','$password','$firstname','$surname','$address1','$address2','$town','$county','$postcode','$telno','$mobile','$email')";

mysql_query($sql)             

or die(mysql_error());

echo("You are registered! $username");}?>

</body>
</html>
dcro2 Newbie

dcro2

Posted
Posted
Oh.. well, just do this:

Replace:
[code]$sql = "INSERT INTO member(Username,Password,Firstname,Surname,Address1,Address2,Town,County,Postcode,TelNo,Mobile,Email)
VALUES ('$username','$password','$firstname','$surname','$address1','$address2','$town','$county','$postcode','$telno','$mobile','$email')";[/code]
With:
[code]$password = stripslashes($password);
$password = md5($password);

$sql = "INSERT INTO member(Username,Password,Firstname,Surname,Address1,Address2,Town,County,Postcode,TelNo,Mobile,Email)
VALUES ('$username','$password','$firstname','$surname','$address1','$address2','$town','$county','$postcode','$telno','$mobile','$email')";[/code]
Rother2005 Member

Rother2005

Posted
  • Author
Posted
ok... made that change but its making the password go funny, i input in the reg form 'R' as the password and it was changed to 'e1e1d3d405'

so its been encrypted great,  :) but how do it get the program / code to decrypt?


sorry to keep bothering you
Rother2005 Member

Rother2005

Posted
  • Author
Posted
so its here where it is checking the password

while($info = mysql_fetch_array( $check ))
{
$_POST['Pass'] = stripslashes($_POST['Pass']);
$info['Password'] = stripslashes($info['Password']);
$_POST['Pass'] = md5($_POST['Pass']);

//gives error if the password is wrong
if ($_POST['Pass'] != $info['Password']) {
die('Incorrect password, please try again.');
}

so what this is saying is while checking ($check)
get pass take away slashes, repost pass (now without slashes)
put into var info the password entered stripslashes repost in var without slashes
get pass ....MD5.... back into pass

but the next part is is saying if pass var = the info in var info is the same then die??

all the above maybe poo but im just trying to make sense of things
dcro2 Newbie

dcro2

Posted
Posted
If password entered in form does not equal the password in the database then die();
If it does match, create the cookie and stuff.

[edit]No... no... if you use the encrypted password from the database it will only re-encrypt it and it won't match up. Use the original password you registered with[/edit]
dcro2 Newbie

dcro2

Posted
Posted
Can you use this as your login script? Just to test it

[code]<?php

// Connects to your Database
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("booze") or die(mysql_error());

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page
{
$Username = $_COOKIE['ID_my_site'];
$Pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM member WHERE Username = '$Username'")or die(mysql_error());
$info = mysql_fetch_array( $check )
if ($Pass != $info['Password'])
{
}
else
{
header("Location: members.php");
}
}

//if the login form is submitted
if (isset($_POST['submit'])) // if form has been submitted
{

// makes sure they filled it in
if(!$_POST['Username'] || !$_POST['Pass'])
{
die('You did not fill in a required field.');
}

// checks it against the database
$check = mysql_query("SELECT * FROM member WHERE Username = '".$_POST['Username']."'") or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=loginpage.php>Click Here to Register[/url]');
}
$info = mysql_fetch_array( $check )
$_POST['Pass'] = stripslashes($_POST['Pass']);
$_POST['Pass'] = md5($_POST['Pass']);

//gives error if the password is wrong
if ($_POST['Pass'] != $info['Password'])
{
die('Incorrect password, please try again. Original Password = '.$_POST['Pass'].'. DB Password = '.$info['Password']);
}
else
{
// if login is ok then we add a cookie
$_POST['Username'] = stripslashes($_POST['Username']);
$hour = time() + 3600;
setcookie("ID_my_site", $_POST['Username'], $hour);
setcookie("Key_my_site", $_POST['Pass'], $hour);

//then redirect them to the members area
header("Location: members.php");
}
}
else
{

// if they are not logged in
?>
<form action="" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="Username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="Pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}

?>[/code]
Rother2005 Member

Rother2005

Posted
  • Author
Posted
no worries that is one thing i hate about programing in any lan miss 1 .,; and the whole thing goes to pot

its now saying

Parse error: parse error, unexpected T_VARIABLE in C:\Program Files\xampp\htdocs\logform.php on line 42

ah it the say just a ; missing

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.