...

View Full Version : Login script(cant get logged in)



PRodgers4284
02-14-2008, 11:46 AM
I am having trouble with a login script, i cant same to get logged in using it. I have the script working that looks up a table called "users". I need to script to look up a table called "employers", the script is the same accept for the table it is looking up. The script just outputs the error "Username and Password incorrect".

Can anyone help


<?php

$validation = "";

/**
* Checks whether or not the given username is in the
* database, if so it checks if the given password is
* the same password in the database for that user.
* If the user doesn't exist or if the passwords don't
* match up, it returns an error code (1 or 2).
* On success it returns 0.
*/
function confirmUser($username, $password){
global $conn;
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
}

/* Verify that user is in database */
$q = "select password from employers where username = '$username'";
$result = mysql_query($q,$conn);
if(!$result || (mysql_numrows($result) < 1)){
return 1; //Indicates username failure
}

/* Retrieve password from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['password'] = stripslashes($dbarray['password']);
$password = stripslashes($password);

/* Validate that password is correct */
if($password == $dbarray['password']){
return 0; //Success! Username and password confirmed
}
else{
return 2; //Indicates password failure
}
}

/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
$_SESSION['username'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
}

/* Username and password have been set */
if(isset($_SESSION['username']) && isset($_SESSION['password'])){
/* Confirm that username and password are valid */
if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['password']);
return false;
}
return true;
}
/* User not logged in */
else{
return false;
}
}



/**
* Determines whether or not to display the login
* form or to show the user that he is logged in
* based on if the session variables are set.
*/
function displayLoginemployer(){
global $validation;
global $logged_in;
if($logged_in){
echo "Welcome <b>$_SESSION[username]</b>
<br>
<br><a href=\"viewemployeedetails.php\">User Account Details</a>
<br>
<br><a href=\"viewcv.php\">CV Page</a></li>
<br>
<br><a href=\"logout.php\">Logout</a>";
}
else{

include "employerloginform.php";
echo "<p>$validation</p>";

}

}


/**
* Checks to see if the user has submitted his
* username and password through the login form,
* if so, checks authenticity in database and
* creates session.
*/
if(isset($_POST['sublogin'])){
$_POST['user'] = trim($_POST['user']);
/* Checks that username is in database and password is correct */
$md5pass = md5($_POST['pass']);
$result = confirmUser($_POST['user'], $md5pass);

/* Check that all fields were typed in */
if(!$_POST['user'] || !$_POST['pass']){
$validation = "You didn't fill in a required field";
}

/* Check that all fields were typed in */
if(!$_POST['user']){
$validation = "Please enter a username";
}

/* Check that all fields were typed in */
if(!$_POST['pass']){
$validation = "Please enter a password";
}

if($result == 1 || ($result == 2)){
$validation = "Incorrect username and password";
}

/* Check error codes */
else if($result == 1){
$validation = "Username doesn't exist";
}
else if($result == 2){
$validation = "Incorrect Password";
}


/* Username and password correct, register session variables */
$_POST['user'] = stripslashes($_POST['user']);
$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $md5pass;


if(isset($_POST['remember'])){
setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
}


}

/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();

?>

nikos101
02-14-2008, 12:13 PM
$_SESSION['password'] = $md5pass;

should be

$_SESSION['password'] = md5($pass);

hmm in fact I don't think thats the problem sorry

PRodgers4284
02-14-2008, 12:24 PM
$_SESSION['password'] = $md5pass;

should be

$_SESSION['password'] = md5($pass);

hmm in fact I don't think thats the problem sorry



nikos101 thanks for that, i still cant get logged in. Im using the same script for the another login for a table called "user" that works fine. I have added a link on the login form for "employer login" which basically goes to another form for the employer login which uses the same code as the "user login" form accept it looks up another table. Could there be a problem with the session?

nikos101
02-14-2008, 12:30 PM
Have you included session_start in the above script?

PRodgers4284
02-14-2008, 12:31 PM
Have you included session_start in the above script?

Yeah i have

nikos101
02-14-2008, 12:36 PM
This is the sort of thing where a debugger really pays off my friend

runnerjp
02-14-2008, 12:38 PM
if im correct you got it from http://www.evolt.org/node/60384

so you would have copied it fully off the website leaving nothing out?? if so should ork fine... what i would do is register yourself and see if that works.. if so change that account to have admin rights them boom ur in :P

nikos101
02-14-2008, 12:39 PM
yeah thats a great script

PRodgers4284
02-14-2008, 01:03 PM
if im correct you got it from http://www.evolt.org/node/60384

so you would have copied it fully off the website leaving nothing out?? if so should ork fine... what i would do is register yourself and see if that works.. if so change that account to have admin rights them boom ur in :P

Yeah but it has modified the errors etc to appear on one page in the login form. I cant understand way it isnt workin for the "employer" login when it works for the "user" login as its the same code accept it looks up a different table. The registration for the employer works fine, adds everything to the database but it just wont login.

PRodgers4284
02-14-2008, 02:01 PM
Im using the following code for the "user" login, im looking to use the same code for the "employer" login. I have included my loginform which has a link the the index2 page which it the page the employer will be directed to where the employer login form will be displayed "index2.php". Im using the same code as below for the employer login only it looks up the employers table to check the username and password. Once i try to login as an employer it just keep bringing up username and password incorrect.


<?php

$validation = "";

/**
* Checks whether or not the given username is in the
* database, if so it checks if the given password is
* the same password in the database for that user.
* If the user doesn't exist or if the passwords don't
* match up, it returns an error code (1 or 2).
* On success it returns 0.
*/
function confirmUser($username, $password){
global $conn;
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
}

/* Verify that user is in database */
$q = "select password from users where username = '$username'";
$result = mysql_query($q,$conn);
if(!$result || (mysql_numrows($result) < 1)){
return 1; //Indicates username failure
}

/* Retrieve password from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['password'] = stripslashes($dbarray['password']);
$password = stripslashes($password);

/* Validate that password is correct */
if($password == $dbarray['password']){
return 0; //Success! Username and password confirmed
}
else{
return 2; //Indicates password failure
}
}

/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
$_SESSION['username'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
}

/* Username and password have been set */
if(isset($_SESSION['username']) && isset($_SESSION['password'])){
/* Confirm that username and password are valid */
if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['password']);
return false;
}
return true;
}
/* User not logged in */
else{
return false;
}
}



/**
* Determines whether or not to display the login
* form or to show the user that he is logged in
* based on if the session variables are set.
*/
function displayLogin(){
global $validation;
global $logged_in;
if($logged_in){
echo "Welcome <b>$_SESSION[username]</b>
<br>
<br><a href=\"viewemployeedetails.php\">User Account Details</a>
<br>
<br><a href=\"viewcv.php\">CV Page</a></li>
<br>
<br><a href=\"logout.php\">Logout</a>";
}
else{

include "loginform.php";
echo "<p>$validation</p>";

}

}


/**
* Checks to see if the user has submitted his
* username and password through the login form,
* if so, checks authenticity in database and
* creates session.
*/
if(isset($_POST['sublogin'])){
$_POST['user'] = trim($_POST['user']);
/* Checks that username is in database and password is correct */
$md5pass = md5($_POST['pass']);
$result = confirmUser($_POST['user'], $md5pass);

/* Check that all fields were typed in */
if(!$_POST['user'] || !$_POST['pass']){
$validation = "You didn't fill in a required field";
}

/* Check that all fields were typed in */
if(!$_POST['user']){
$validation = "Please enter a username";
}

/* Check that all fields were typed in */
if(!$_POST['pass']){
$validation = "Please enter a password";
}

if($result == 1 || ($result == 2) || ($result == 3)){
$validation = "Incorrect username and password";
}

/* Check error codes */
else if($result == 1){
$validation = "Username doesn't exist";
}
else if($result == 2){
$validation = "Incorrect Password";
}

else if($result == 3){
$validation = "Inactive account";
}



/* Username and password correct, register session variables */
$_POST['user'] = stripslashes($_POST['user']);
$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $md5pass;

/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his md5 encrypted password. We set them both to
* expire in 100 days. Now, next time he comes to our site, we will
* log him in automatically.
*/
if(isset($_POST['remember'])){
setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
}


}

/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();

?>

The form im using is:


<form action="" method="post">

<p><label>Username:</label>
<input input tabindex="1" class="txtBox" type="text" name="user" maxlength="30" size="20" value="<?php echo $_POST['user']; ?>" />
</p>
<p><label>Password: </label>
&nbsp;<input input tabindex="2" class="txtBox" type="password" name="pass" maxlength="30" value="<?php echo $_POST['pass']; ?>" />
</p>
<p><label><input tabindex="3" type="checkbox" class='chkbox' name="remember">Remember Me</label>
<p>
<input tabindex="4" class="go" accesskey="l" type="submit" name="sublogin" value="Login" /><br class="spacer" />
<p>
<a href="register.php">Register</a>
</p>
<p><a href="Index2.php">Employer Login</a> </p>
</form>

rafiki
02-14-2008, 02:45 PM
why keep the password in a session?

PRodgers4284
02-14-2008, 02:48 PM
why keep the password in a session?

Would it make a difference if i didnt have it as a session? Im really struggling with this, i tried everythin i can think of.

PRodgers4284
02-14-2008, 03:14 PM
i got this workin, thanks guys



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum