...

View Full Version : login form can you find my error?



chris_s_22
11-05-2009, 02:12 PM
registrationform.php seems fine send data to registration.php
registration.php seems fine checks all data then send it to function.php
connection.php does its job and connects to database also calls function.php
function.php puts data into database and send confirmation email
link in email if pressed sends data to database

ok so far so good everything doing what i wanted it to do

loginform.php seems fine sends data to login.php

heres connection.php


<?php
// Start the session
session_start();

// MySQL Settings
$db_host = ???.net';
$db_user = '???';
$db_pass = '???';
$db_database = '???';

// Connect to the database
mysql_connect ($db_host, $db_user, $db_pass) or die ('Could not connect to the database.');
mysql_selectdb ($db_database) or die ('Could not select database.');

// Send the random number generator
srand();

// Include functions
include 'Functions.php';
?>


heres the code of login.php


<?php
include 'Connect.php';

if(!isset($_POST[submit]))
{
include 'index.php';
exit;
}
else
{
if (empty($_POST['username']) || empty($_POST['password']))// Check if any of the fields are missing
{
$loginempty_error = 'One or more fields missing';
include 'index.php';
exit;
}
//CHECKS USERNAME
if(!preg_match("/^[a-z\d]{5,12}$/i", $_POST[username]))
{
$userlogin_error = "Invalid username please check and type carefully!<br />";
include 'index.php';
exit;
}
//CHECKS PASSWORD
if(!preg_match("/^[a-z\d]{5,12}$/i", $_POST[password]))
{
$passlogin_error = "Invalid password please check and type carefully!<br />";
include 'index.php';
exit;
}

// Try and login with the given username & pass
$result = user_login($_POST['username'], $_POST['password']);

if ($result != 'Correct')
{
// Reshow the form with the error
$login_error = $result;
include 'index.php';
}
else
{
// direct to homepage
include 'index.php';
exit;
}
}

?>


heres my function.php


<?php
// Salt Generator

<?php
// Salt Generator
function generate_salt ()
{
$salt = '';// Declare $salt

// And create it with random chars
for ($i = 0; $i < 3; $i++)
{
$salt .= chr(rand(35, 126));
}
return $salt;
}

function user_login($username, $password)
{
// Try and get the salt from the database using the username
$query = "select salt from members where username='$username' limit 1";
$result = mysql_query($query);
$user = mysql_fetch_array($result);

// Using the salt, encrypt the given password to see if it
// matches the one in the database
$encrypted_pass = md5(md5($password).$user['salt']);

// Try and get the user using the username & encrypted pass
$query = "select id, username from members where username='$username' and password='$encrypted_pass'";
$result = mysql_query($query);
$user = mysql_fetch_array($result);
$numrows = mysql_num_rows($result);

// Now encrypt the data to be stored in the session
$encrypted_id = md5($user['id']);
$encrypted_name = md5($user['username']);

// Store the data in the session
$_SESSION['id'] = $id;
$_SESSION['username'] = $username;
$_SESSION['encrypted_id'] = $encrypted_id;
$_SESSION['encrypted_name'] = $encrypted_name;

if ($numrows == 1)
{
return 'Correct';
}
else
{
return false;
}
}

function user_logout()
{
// End the session and unset all vars
session_unset ();
session_destroy ();
}

function is_authed()
{
// Check if the encrypted username is the same
// as the unencrypted one, if it is, it hasn't been changed
if (isset($_SESSION['username']) && (md5($_SESSION['username']) == $_SESSION['encrypted_name']))
{
return true;
}
else
{
return false;
}
}

?>


when i type a username and password that i know is in database and is correct
it shows index.php with $login_error
why is this?

instead when everything is ok and the correct login details are enter to be directed to home.php

home.php


<?php
include 'Connect.php';
if (!is_authed())
{
die ('You are not permitted to view this page, <a href="index.php">click here</a> to go back.');
}
else
{
// Restricted articles code here
echo "welcome";
}
?>

tomws
11-05-2009, 04:19 PM
Try dumping out the $encrypted_pass in user_login() and see if it actually matches the field in the database.

chris_s_22
11-06-2009, 01:00 AM
here is my database


id = 49
username = chris
email = myemail@ntlworld.com
dob = 1981-04-05
password = c11d10c2ebbf10488f2f
salt = ekq
registereddate = 2009-11-05
registered = 1
confirmation = 921f59d358ab1a8ee7000a8345a52a88

Fou-Lu
11-06-2009, 01:16 AM
You're password field is only a char(20) or varchar(20). You'll need to bring that up to at least a char(32) in order to save an md5 encrypted password.

btw, the _s in you're username doesn't stand for Storla by chance? I had a buddy way way back and I think that you're dob happens to match his...

chris_s_22
11-06-2009, 10:53 AM
OMG i dont believe i missed that. just goes to show what a wonder a fresh pair of eyes does. thx

my date of birth for that entry was completly random so sorry im not the person you thought.

The login in now being successful if details are correct. The problem i am having now is that

it directs to this home.php


<?php
include 'Connect.php';
if (!is_authed())
{
die ('You are not permitted to view this page, <a href="index.php">click here</a> to go back.');
}
else
{
// Restricted articles code here
echo "welcome";
}
?>

correct me if im wrong but doesnt this do a simple check if not autherised/logged in view the message
but if logged in echo welcome

however i get the following


Fatal error: Cannot redeclare generate_salt() (previously declared in Functions.php:5) in Functions.php on line 13


i do declare generate_salt at the top of my function.php

ive never come across this error message before

chris_s_22
11-06-2009, 11:02 AM
im guessing because $salt is already made.

And on home.php i ask it include connect.php

this is obviously conecting to database but that page calls for functions.php and that would be then asking it to generate $salt again causing the error.

am i right and whats the solution? does home.php need to include connection.php ???

tomws
11-06-2009, 02:30 PM
It doesn't care whether the variable is re-declared. It's complaining about the function. You can't re-declare them. This often happens when including the same file from multiple locations. A workaround is to change the include/require statements to their *_once versions. Then if an include is come across more than once, PHP ignores it and carries on processing. See include_once (http://php.net/include_once)/require_once (http://php.net/require_once).



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum