Problem when you login script user maneger
see message /// Please enter a correct username and password
-----------------------
-----------------------
I can not change or modify username and password I do not have real bassword

this is class

-------------------
1) Membership.php
-------------------

PHP Code:
<?php

class Membership extends ClassAbstract {


    function 
validate_user($un$pwd) {
        global 
$mysql;
        global 
$log;
        
$error "";
        
        
$this->setUsername($un);
        
$this->setRemoteAddress($_SERVER['REMOTE_ADDR']);
        if (
preg_match('/^([A-Za-z1-90]+)$/'$un)) {
            
$clean_un $un;
        } else {
            
$error "Bad Username";
            
$log->LogWarn('User [' $this->getUsername() . '](' $this->getRemoteAddress() . ') try to log in to system. Login Denied. BAD Username or Password.');
        }

        if (
$clean_pwd preg_match('/^([A-Za-z0-9]+)$/'$pwd)) {
            
$clean_pwd $pwd;
        } else {
            if (
$error != "") {
                
$error .=" And Bad Password";
                
$log->LogWarn('User [' $this->getUsername() . '](' $this->getRemoteAddress() . ') try to log in to system. Login Denied. BAD Username or Password.');
            } else {
                
$error "Bad Password";
                
$log->LogWarn('User [' $this->getUsername() . '](' $this->getRemoteAddress() . ') try to log in to system. Login Denied. BAD Username or Password.');
            }
        }

        if (
$error != "")
            return 
$error;

        
$ensure_credentials $mysql->verify_Username_and_Pass($clean_unmd5($clean_pwd));
        
$reseller $mysql->get_reseller_id($un);
        
$permission $mysql->get_permission_id($un);

        if (
$ensure_credentials) {
            
$this->setStatus('authorized');
            
$this->setReseller($mysql->get_reseller_id($un));
            
$this->setPersmission($mysql->get_permission_id($un));
            
$this->setServerAllow($mysql->get_member_serverallow($un));
            
$this->setProfileAllow($mysql->get_member_profileallow($un));
            
$this->setTotalUser($mysql->get_member_total_user($un));
            
$this->setActiveUser($mysql->get_member_active_user($un));
            
$this->setUpdateActiveTotalUser(1);
            
$this->setCurrActiveTotalUser($this->getReseller());
            
$this->setServerList();
            
$this->setGroupList();
            
$this->cspUpdateTime "";

            
/*
             * Save all member data in session
             */
            
$this->setSessionData();

            
header("location: index.php");
            
$log->LogInfo('User [' $this->getUsername() . '] (' $this->getRemoteAddress() . ') Logged in Successfully.');
        } else {
            
$log->LogWarn('User [' $this->getUsername() . '](' $this->getRemoteAddress() . ') Login Denied. Wrong Username or Password.');
            return 
"[COLOR="Red"]Please enter a correct username and password[/COLOR]";
        }
    }

    function 
log_User_Out() {
        global 
$log;
        if (isset(
$_SESSION['status'])) {
            unset(
$_SESSION['status']);
            
$log->LogInfo('User [' $_SESSION['username'] . '] Logged Out Successfully.');
            if (isset(
$_COOKIE[session_name()]))
                
setcookie(session_name(), ''time() - 1000);
            
session_destroy();
        }
    }

    function 
confirm_Member() {
//        session_start();
        
if ($_SESSION['status'] != 'authorized')
            
header("location: login.php");
    }

    function 
confirm_permision($section_permission$user_permission) {
        global 
$mysql;
        if (!
$mysql->bitwise_check($section_permission$user_permission)) {
            echo 
"Sorry... \nYou are not allow to enter this section. </br>";
            echo 
'<a href=index.php>back to previous page</a>';
            die();
        }
    }



}

$membership = new Membership();
-------------
2) Mysql.php
-------------

PHP Code:
<?php

class Mysql {

    private 
$conn;
    private 
$query;
    private 
$log_init;
    private 
$log;
    private 
$groupList=array();
    private 
$serverList=array();

    function 
__construct() {
        global 
$logger;
        
$this->log =& $logger;
        if ( !empty(
$_SESSION['status']) && $_SESSION['status'] == "authorized" )  {
            
$this->log_init 'User [' $_SESSION['username'] . '] (' $_SESSION['remote_address'] . ') | ';
        }
        
$this->conn = new mysqli(DB_SERVERDB_USERDB_PASSWORDDB_NAME) or
                die(
'There was a problem connecting to the database.');
        
date_default_timezone_set('Africa/Khartoum');
    }

    function 
verify_Username_and_Pass($un$pwd) {
        
$query "SELECT *FROM members
                    WHERE username = ? AND password = ?
                    LIMIT 1"
;

        if (
$stmt $this->conn->prepare($query)) {
            
$stmt->bind_param('ss'$un$pwd);
            
$stmt->execute();
            unset(
$query);

            if (
$stmt->fetch()) {
                
$stmt->close();
                return 
true;
            }
        }
    }

$mysql = New Mysql();
----------------
3) functions.php
----------------

PHP Code:
<?php

function strip_zeros_from_date$marked_string="" ) {
  
// first remove the marked zeros
  
$no_zeros str_replace('*0'''$marked_string);
  
// then remove any remaining marks
  
$cleaned_string str_replace('*'''$no_zeros);
  return 
$cleaned_string;
}

function 
redirect_to$location NULL ) {
  if (
$location != NULL) {
    
header("Location: {$location}");
    exit;
  }
}

function 
output_message($message="") {
  if (!empty(
$message)) { 
    return 
"<p class=\"message\">{$message}</p>";
  } else {
    return 
"";
  }
}

function 
__autoload($class_name) {
    
//$class_name = strtolower($class_name);
    
$path "{$class_name}.php";
    if (require_once(
$path)) {

    } else {
        die(
"The file {$class_name}.php could not be found.");
    }
}

function 
include_layout_template($template="") {
        
$b=SITE_ROOT;
    include(
SITE_ROOT.DS.'public'.DS.'layouts'.DS.$template);
}

function 
log_action($action$message="") {
    
$logfile SITE_ROOT.DS.'logs'.DS.'log.txt';
    
$new file_exists($logfile) ? false true;
  if(
$handle fopen($logfile'a')) { // append
    
$timestamp strftime("%Y-%m-%d %H:%M:%S"time());
        
$content "{$timestamp} | {$action}: {$message}\n";
    
fwrite($handle$content);
    
fclose($handle);
    if(
$new) { chmod($logfile0755); }
  } else {
    echo 
"Could not open log file for writing.";
  }
}

function 
datetime_to_text($datetime="") {
  
$unixdatetime strtotime($datetime);
  return 
strftime("%B %d, %Y at %I:%M %p"$unixdatetime);
}

?>
-------------
4)Others.php
-------------

PHP Code:
<?php


//$urlpath = explode('/',$_SERVER['SCRIPT_NAME']);
//count($urlpath) > 2 ? $urlpath= $urlpath[1] : $urlpath="";
//
//$includes_path=$_SERVER['DOCUMENT_ROOT'].'/'.$urlpath.'/includes/';
//$classes_path=$_SERVER['DOCUMENT_ROOT'].'/'.$urlpath.'/classes/';

require_once ('includes/constants.php');
//require_once('includes/FirePHP.class.php'); //must be delete when all prog is finished

//$firephp = FirePHP::getInstance(true);  //must be delete when all prog is finished
//$firephp->log($x,'X');  //must be delete when all prog is finished
//$firephp->log($val);  //must be delete when all prog is finished

 
class Others {
        private 
$conn;
        
        
    function 
__construct() {
        
$this->conn = new mysqli(DB_SERVERDB_USERDB_PASSWORDDB_NAME) or 
                      die(
'There was a problem connecting to the database.');
    }
    
    
     
//Get the greater number from list at table  
    
function get_greater_number($db_table_name$list_field$field_name 0$item_name 0) {
    
        if (isset(
$field_name) && $field_name != "0") {          
            
$query "SELECT $list_field
                      FROM $db_table_name
                      WHERE $field_name = '$item_name'"
;
        }
        else
        {
            
$query "SELECT $list_field
                      FROM $db_table_name"
;            
        }
        if(
$stmt $this->conn->query($query) ) {
                    
                    if ( 
$stmt->num_rows >= ){
                        
            while(
$row $stmt->fetch_row()) { $newarray[] = $row;}  
            
            
            
$val max($newarray);
            
$x $val[0];
            
//$x = settype($val,'int');
            //$x = explode("",$val);

            
            /* free result set */
            
$stmt->close();

                        return 
$x
                    } else {
            
                        return 
0
                    }
            
                }
                
    } 
// End -> Get the greater number from list at table
    
    //Listing Server 
    
function print_server_list() {
    
    
    
    }
//End -> Listing Server 
    

     //Generate Password Randomlly 
    
function generatePassword($length=6$strength=0) {
        
$vowels 'aeuy';
        
$consonants 'bdghjmnpqrstvz';
        if (
$strength 1) {
            
$consonants .= 'BDGHJLMNPQRSTVWXZ';
        }
        if (
$strength 2) {
            
$vowels .= "AEUY";
        }
        if (
$strength 4) {
            
$consonants .= '23456789';
        }
        if (
$strength 8) {
            
$consonants .= '@#$%';
        }
     
        
$password '';
        
$alt time() % 2;
        for (
$i 0$i $length$i++) {
            if (
$alt == 1) {
                
$password .= $consonants[(rand() % strlen($consonants))];
                
$alt 0;
            } else {
                
$password .= $vowels[(rand() % strlen($vowels))];
                
$alt 1;
            }
        }
        return 
$password;
    } 
//End -> Generate Password Randomlly
        
 
        //Generate Token Randomlly 
    
function generateToken($length=12) {
                
$prifix "ABCDEF";
        
$vowels 'aeuy';
        
$consonants '123456789';
             
        
$password '';
                
$password .= $prifix[(rand() % strlen($prifix))];
                
$password .= $prifix[(rand() % strlen($prifix))];
        
$alt time() % 2;
        for (
$i 0$i $length$i++) {
            if (
$alt == 1) {
                
$password .= $consonants[(rand() % strlen($consonants))];
                
$alt 0;
            } else {
                
$password .= $consonants[(rand() % strlen($vowels))];
                
$alt 1;
            }
        }
        return 
$password;
    } 
//End -> Generate Token Randomlly
        
 
    //Dump Data
    
function dump($data) {
        echo 
'<pre style="background:#fff; text-align:left">';
        
var_dump($data);
        echo
'</pre>';
    }
function 
check_username($username) {
      
$username trim($username); // strip any white space
      
$response = array(); // our response
      
      // if the username is blank
      
if (!$username) {
        
$response = array(
          
'ok' => false
          
'msg' => "Please specify a username");
          
      
// if the username does not match a-z or '.', '-', '_' then it's not valid
      
} else if (!preg_match('/^[a-z0-9.-_]+$/'$username)) {
        
$response = array(
          
'ok' => false
          
'msg' => "Your username can only contain alphanumerics and period, dash and underscore (.-_)");
          
      
// this would live in an external library just to check if the username is taken
      
} else if (username_taken($username)) {
        
$response = array(
          
'ok' => false
          
'msg' => "The selected username is not available");
          
      
// it's all good
      
} else {
        
$response = array(
          
'ok' => true
          
'msg' => "This username is free");
      }
    
      return 
$response;        
    }
    
    
    
    
    
//Get time lift for user  = expire - now ; 
    
function timeleft($expire) {
        
      list (
$dayx$monthx$yearx) = explode ("/"$expire);
      
$now mktime (000date ("m"), date ("d"), date ("Y"));
      
$expire mktime (000$monthx$dayx$yearx);
      
$timeleft $expire-$now;
      if (
$timeleft <= 0)
        {
                
$daysleft 0;
        } 
        else
        {
                
$daysleft round((($timeleft/24)/60)/60); //probably...
        
}
      
      
      return array(
timeleft=>$timeleft,daysleft=>$daysleft);
      
    
    }
    
    
//Get time lift for user  = expire - now ;
        
public static function  Statictimeleft($expire) {

      list (
$dayx$monthx$yearx) = explode ("/"$expire);
      
$now mktime (000date ("m"), date ("d"), date ("Y"));
      
$expire mktime (000$monthx$dayx$yearx);
      
$timeleft $expire-$now;
      if (
$timeleft <= 0)
        {
                
$daysleft 0;
        }
        else
        {
                
$daysleft round((($timeleft/24)/60)/60); //probably...
        
}


      return array(
"timeleft" => $timeleft"daysleft" => $daysleft);


    }
and 6 file class
class.phpmailer.php , class.smtp.php ,ClassAbstract.php ,initialize.php,KLogger.php ,paginator.class.php

-----------------
and this login.php
-----------------

PHP Code:
<?php
session_start
();
require_once 
'classes/initialize.php';


// If the user clicks the "Log Out" link on the index page.
if(isset($_GET['status']) && $_GET['status'] == 'loggedout') {
    
$membership->log_User_Out();
    }



// Did the user enter a password/username and click submit?
if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) {
    
$response $membership->validate_User($_POST['username'], $_POST['pwd']);
}
                                                        

?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>CSP User Manager</title>

<link rel="stylesheet" type="text/css" href="css/style.css"/>
<script type="text/javascript" src="js/jquery.js"></script>
<script type="text/javascript" src="js/main.js"></script>
</head>

<body>
<div id="main">
<div id="header">
<div id="headerInfoLeft"><strong>CSP User Manager</strong></div>
    <div id="headerInfo"><img id="busyImg" src="./images/bigrotation.gif" alt="loading" ></div>
  </div>
     
    <div id="subheader">

            <?php if (isset($_SESSION['status']) && $_SESSION['status'] =='authorized' ){ echo "<a id=\"logout\" href=\"login.php?status=loggedout\">logout</a>"; }?>

    </div>
<div id="mainstart"></div>
<div id="mainbody">

<div id="login">
  <form method="post" action="">
        <h2>Login <small>enter your credentials</small></h2>
        <p>
            <label for="name">Username: </label>
            <input type="text" name="username" />
        </p>
        
        <p>
            <label for="pwd">Password: </label>
            <input type="password" name="pwd" />
        </p>
        
        <p>
            <input type="submit" id="submit" value="Login" name="submit" />
        </p>
    </form>
    <?php if(isset($response)) echo "<p class='alert'>" $response "</p>"?>
</div><!--end login-->
</div></div>
<?php include ("includes/footer.php"); ?>
------------------
and this index.php
------------------
PHP Code:
<?php
ob_start
();
session_start();
require_once 
'classes/initialize.php';

$membership->confirm_Member();
$membership->confirm_permision($_SESSION['permission'],3);

// If the user clicks the "Log Out" link on the index page.
if(isset($_GET['status']) && $_GET['status'] == 'loggedout') {
    
$membership->log_User_Out();
    }



// Did the user enter a password/username and click submit?
if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])) {
    ;
}
                                                        

?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>CSP Main</title>

<link rel="stylesheet" type="text/css" href="css/default.css"/>
<link rel="stylesheet" type="text/css" href="css/style.css"/>
<script type="text/javascript" src="./includes/jquery.js"></script>
<script type="text/javascript" src="js/main.js"></script>
<script type="text/javascript" src="js/tablesort.js"></script>

</head>

<body id="everything">

<div id="main">
     
<?php include 'includes/top_menu.php';?>

<div id="mainstart"></div>


<div id="mainbody">

</div></div>

<?php include ("includes/footer.php"); ?>
Sorry this is so lengthy