Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Jan 2009
    Posts
    80
    Thanks
    1
    Thanked 0 Times in 0 Posts

    login form can you find my error?

    registrationform.php seems fine send data to registration.php
    registration.php seems fine checks all data then send it to function.php
    connection.php does its job and connects to database also calls function.php
    function.php puts data into database and send confirmation email
    link in email if pressed sends data to database

    ok so far so good everything doing what i wanted it to do

    loginform.php seems fine sends data to login.php

    heres connection.php
    Code:
    <?php 
    // Start the session
    session_start();
    
    // MySQL Settings
    $db_host = ???.net';
    $db_user = '???';
    $db_pass = '???';
    $db_database = '???';
    
    // Connect to the database
    mysql_connect ($db_host, $db_user, $db_pass) or die ('Could not connect to the database.');
    mysql_selectdb ($db_database) or die ('Could not select database.');
    
    // Send the random number generator
    srand();
    
    // Include functions
    include 'Functions.php';
    ?>
    heres the code of login.php
    Code:
    <?php
    include 'Connect.php';
    
    if(!isset($_POST[submit]))
    {
         include 'index.php';
         exit;
    }
    else
    {
    if (empty($_POST['username']) || empty($_POST['password']))// Check if any of the fields are missing
    	{
        	$loginempty_error = 'One or more fields missing';
        	include 'index.php';
        	exit;
    	}
    //CHECKS USERNAME
    	if(!preg_match("/^[a-z\d]{5,12}$/i", $_POST[username]))
    	{
        	$userlogin_error = "Invalid username please check and type carefully!<br />";
    		include 'index.php';
        	exit;  
    	}
    //CHECKS PASSWORD
    	if(!preg_match("/^[a-z\d]{5,12}$/i", $_POST[password]))
    	{
        	$passlogin_error = "Invalid password please check and type carefully!<br />";
    		include 'index.php';
        	exit;  
    	}
    
    // Try and login with the given username & pass
         $result = user_login($_POST['username'], $_POST['password']);
    
         if ($result != 'Correct')
         {
              // Reshow the form with the error
              $login_error = $result;
              include 'index.php';
         }
         else
         {
             // direct to homepage
              include 'index.php';
    		  exit;
         } 
    }
    
    ?>
    heres my function.php
    Code:
    <?php
    // Salt Generator
    
    <?php
    // Salt Generator
    function generate_salt ()
    { 
         $salt = '';// Declare $salt
    
         // And create it with random chars
         for ($i = 0; $i < 3; $i++)
         { 
              $salt .= chr(rand(35, 126)); 
         } 
              return $salt;
    }
    
    function user_login($username, $password)
    {
         // Try and get the salt from the database using the username
         $query = "select salt from members where username='$username' limit 1";
         $result = mysql_query($query);
         $user = mysql_fetch_array($result);
    
         // Using the salt, encrypt the given password to see if it 
         // matches the one in the database
         $encrypted_pass = md5(md5($password).$user['salt']);
    
         // Try and get the user using the username & encrypted pass
         $query = "select id, username from members where username='$username' and password='$encrypted_pass'";
         $result = mysql_query($query);
         $user = mysql_fetch_array($result);
         $numrows = mysql_num_rows($result);
    
         // Now encrypt the data to be stored in the session
         $encrypted_id = md5($user['id']);
         $encrypted_name = md5($user['username']);
    
         // Store the data in the session
         $_SESSION['id'] = $id;
         $_SESSION['username'] = $username;
         $_SESSION['encrypted_id'] = $encrypted_id;
         $_SESSION['encrypted_name'] = $encrypted_name;
    
        if ($numrows == 1)
        {
            return 'Correct';
        }
        else
        {
            return false;
        }
    }
    
    function user_logout()
    {
         // End the session and unset all vars
         session_unset ();
         session_destroy ();
    }
    
    function is_authed()
    {
         // Check if the encrypted username is the same
         // as the unencrypted one, if it is, it hasn't been changed
         if (isset($_SESSION['username']) && (md5($_SESSION['username']) == $_SESSION['encrypted_name']))
         {
              return true;
         }
         else
         {
              return false;
         }
    }
    
    ?>
    when i type a username and password that i know is in database and is correct
    it shows index.php with $login_error
    why is this?

    instead when everything is ok and the correct login details are enter to be directed to home.php

    home.php
    Code:
    <?php
    include 'Connect.php';
    if (!is_authed()) 
    {
         die ('You are not permitted to view this page, <a href="index.php">click here</a> to go back.');
    }
    else
    {
    // Restricted articles code here
    echo "welcome";
    }
    ?>
    Last edited by chris_s_22; 11-06-2009 at 11:41 AM.

  • #2
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    Try dumping out the $encrypted_pass in user_login() and see if it actually matches the field in the database.
    Are you a Help Vampire?

  • #3
    New Coder
    Join Date
    Jan 2009
    Posts
    80
    Thanks
    1
    Thanked 0 Times in 0 Posts
    here is my database
    Code:
    id                  = 49 
    username        =  chris
    email              =   myemail@ntlworld.com
    dob                =   1981-04-05               
    password        =    c11d10c2ebbf10488f2f        
    salt                = ekq
    registereddate  = 2009-11-05         
    registered        = 1
    confirmation     = 921f59d358ab1a8ee7000a8345a52a88
    Last edited by chris_s_22; 11-06-2009 at 11:16 AM.

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    You're password field is only a char(20) or varchar(20). You'll need to bring that up to at least a char(32) in order to save an md5 encrypted password.
    Edit:
    btw, the _s in you're username doesn't stand for Storla by chance? I had a buddy way way back and I think that you're dob happens to match his...
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #5
    New Coder
    Join Date
    Jan 2009
    Posts
    80
    Thanks
    1
    Thanked 0 Times in 0 Posts
    OMG i dont believe i missed that. just goes to show what a wonder a fresh pair of eyes does. thx

    my date of birth for that entry was completly random so sorry im not the person you thought.

    The login in now being successful if details are correct. The problem i am having now is that

    it directs to this home.php
    Code:
    	<?php
    include 'Connect.php';
    if (!is_authed()) 
    {
         die ('You are not permitted to view this page, <a href="index.php">click here</a> to go back.');
    }
    else
    {
    // Restricted articles code here
    echo "welcome";
    }
    ?>
    correct me if im wrong but doesnt this do a simple check if not autherised/logged in view the message
    but if logged in echo welcome

    however i get the following
    Code:
    Fatal error: Cannot redeclare generate_salt() (previously declared in Functions.php:5) in Functions.php on line 13
    i do declare generate_salt at the top of my function.php

    ive never come across this error message before

  • #6
    New Coder
    Join Date
    Jan 2009
    Posts
    80
    Thanks
    1
    Thanked 0 Times in 0 Posts
    im guessing because $salt is already made.

    And on home.php i ask it include connect.php

    this is obviously conecting to database but that page calls for functions.php and that would be then asking it to generate $salt again causing the error.

    am i right and whats the solution? does home.php need to include connection.php ???

  • #7
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    It doesn't care whether the variable is re-declared. It's complaining about the function. You can't re-declare them. This often happens when including the same file from multiple locations. A workaround is to change the include/require statements to their *_once versions. Then if an include is come across more than once, PHP ignores it and carries on processing. See include_once/require_once.
    Are you a Help Vampire?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •