...

View Full Version : My login.php has a result of "Incorect password, Please try again"



ijzuniga
06-23-2010, 04:45 PM
My login.php will not allow me to log in even though I know the password is correct. My register.php allows me to register, and I can even see the information I type into the register page populate in my phpmyadmin. Below is my register.php followed by my login.php.

REGISTER.PHP

<?
session_start();
include("database.php");

/**
* Returns true if the username has been taken
* by another user, false otherwise.
*/
function usernameTaken($username){
global $conn;
if(!get_magic_quotes_gpc()){
$username = addslashes($username);
}
$q = "select username from users where username = '$username'";
$result = mysql_query($q,$conn);
return (mysql_numrows($result) > 0);
}

/**
* Inserts the given (username, password) pair
* into the database. Returns true on success,
* false otherwise.
*/
function addNewUser($username, $password, $firstname, $lastname, $phone, $email){
global $conn;
$q = "INSERT INTO users VALUES ('$username', '$password', '$firstname', '$lastname', '$phone', '$email')";
return mysql_query($q,$conn);
}

function displayStatus(){
$uname = $_SESSION['reguname'];
if($_SESSION['regresult']){
?>

<h1>Registered!</h1>
<p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="index1.php" title="Login">log in</a>.</p>

<?
}
else{
?>

<h1>Registration Failed</h1>
<p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
Please try again at a later time.</p>

<?
}
unset($_SESSION['reguname']);
unset($_SESSION['regfirstname']);
unset($_SESSION['reglastname']);
unset($_SESSION['regphone']);
unset($_SESSION['regemail']);
unset($_SESSION['registered']);
unset($_SESSION['regresult']);
}

if(isset($_SESSION['registered'])){

?>

<html>
<title>Registration Page</title>
<body>

<? displayStatus(); ?>

</body>
</html>

<?
return;
}


if(isset($_POST['subjoin'])){
/* Make sure all fields were entered */
if(!$_POST['user'] || !$_POST['pass']){
die('You didn\'t fill in a required field.');
}

/* Spruce up username, check length */
$_POST['user'] = trim($_POST['user']);
if(strlen($_POST['user']) > 30){
die("Sorry, the username is longer than 30 characters, please shorten it.");
}

/* Check if username is already in use */
if(usernameTaken($_POST['user'])){
$use = $_POST['user'];
die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
}

/* Add the new account to the database */
$md5pass = md5($_POST['pass']);
$_SESSION['reguname'] = $_POST['user'];
$_SESSION['regfirstname'] = $_POST['firstname'];
$_SESSION['reglastname'] = $_POST['lastname'];
$_SESSION['regphone'] = $_POST['phone'];
$_SESSION['regemail'] = $_POST['email'];
$_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass, $_POST['firstname'], $_POST['lastname'], $_POST['phone'], $_POST['email']);
$_SESSION['registered'] = true;
echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
return;
}
else{

?>

<html>
<title>Registration Page</title>
<body>
<h1>Register</h1>
<form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
<tr><td>First Name:</td><td><input type="text" name="firstname" maxlength="30"></td></tr>
<tr><td>Last Name:</td><td><input type="text" name="lastname" maxlength="30"></td></tr>
<tr><td>Phone:</td><td><input type="text" name="phone" maxlength="30"></td></tr>
<tr><td>Email:</td><td><input type="text" name="email" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
</table>
</form>
</body>
</html>


<?
}
?>


LOGIN.PHP

<?


function confirmUser($username, $password){
global $conn;
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
}

/* Verify that user is in database */
$q = "select password from users where username = '$username'";
$result = mysql_query($q,$conn);
if(!$result || (mysql_numrows($result) < 1)){
return 1; //Indicates username failure
}

/* Retrieve password from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['password'] = stripslashes($dbarray['password']);
$password = stripslashes($password);

/* Validate that password is correct */
if($password == $dbarray['password']){
return 0; //Success! Username and password confirmed
}
else{
return 2; //Indicates password failure
}
}


function checkLogin(){
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
$_SESSION['username'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
}

/* Username and password have been set */
if(isset($_SESSION['username']) && isset($_SESSION['password'])){
/* Confirm that username and password are valid */
if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['password']);
return false;
}
return true;
}
/* User not logged in */
else{
return false;
}
}


function displayLogin(){
global $logged_in;
if($logged_in){
echo "<h1>Logged In!</h1>";
echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";
}
else{
?>

<h1>Login</h1>
<form action="" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember">
<font size="2">Remember me next time</td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
<tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr>
</table>
</form>

<?
}
}



if(isset($_POST['sublogin'])){
/* Check that all fields were typed in */
if(!$_POST['user'] || !$_POST['pass']){
die('You didn\'t fill in a required field.');
}
/* Spruce up username, check length */
$_POST['user'] = trim($_POST['user']);
if(strlen($_POST['user']) > 30){
die("Sorry, the username is longer than 30 characters, please shorten it.");
}

/* Checks that username is in database and password is correct */
$md5pass = md5($_POST['pass']);
$result = confirmUser($_POST['user'], $md5pass);

/* Check error codes */
if($result == 1){
die('That username doesn\'t exist in our database.');
}
else if($result == 2){
die('Incorrect password, please try again.');
}

/* Username and password correct, register session variables */
$_POST['user'] = stripslashes($_POST['user']);
$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $md5pass;


if(isset($_POST['remember'])){
setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
}

/* Quick self-redirect to avoid resending data on refresh */
echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
return;
}

/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();

?>

mlseim
06-23-2010, 05:11 PM
Do you have this (the red part) at the top of EVERY script that uses PHP SESSIONS?

<?
session_start();

ijzuniga
06-23-2010, 05:20 PM
Yes I do have the session starts at the top of every script that needs them. My login.php was working correctly before. I then added FIRSTNAME, LASTNAME, PHONE, EMAIL, to my register.php file. Now when I try to login, I get the incorrect password error.

tomws
06-23-2010, 06:57 PM
What does your users table look like? Is the field order the same as the query?

$q = "INSERT INTO users VALUES ('$username', '$password', '$firstname', '$lastname', '$phone', '$email')";

Have your debugged with var_export/var_dump to confirm the passwords in the login and registration processes really are the same?

ijzuniga
06-23-2010, 07:07 PM
My users table is in the exact order as my query.
I have never tried to do a var_export/var_dump. I will try and let you know.

ijzuniga
06-23-2010, 08:01 PM
I over looked my users table in phpmyadmin, I had the password set to VARCHAR(30) when it needed to be VARCHAR(32)

I can now login withou any problems.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum