Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New to the CF scene
    Join Date
    Jun 2010
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    My login.php has a result of "Incorect password, Please try again"

    My login.php will not allow me to log in even though I know the password is correct. My register.php allows me to register, and I can even see the information I type into the register page populate in my phpmyadmin. Below is my register.php followed by my login.php.

    REGISTER.PHP

    <?
    session_start();
    include("database.php");

    /**
    * Returns true if the username has been taken
    * by another user, false otherwise.
    */
    function usernameTaken($username){
    global $conn;
    if(!get_magic_quotes_gpc()){
    $username = addslashes($username);
    }
    $q = "select username from users where username = '$username'";
    $result = mysql_query($q,$conn);
    return (mysql_numrows($result) > 0);
    }

    /**
    * Inserts the given (username, password) pair
    * into the database. Returns true on success,
    * false otherwise.
    */
    function addNewUser($username, $password, $firstname, $lastname, $phone, $email){
    global $conn;
    $q = "INSERT INTO users VALUES ('$username', '$password', '$firstname', '$lastname', '$phone', '$email')";
    return mysql_query($q,$conn);
    }

    function displayStatus(){
    $uname = $_SESSION['reguname'];
    if($_SESSION['regresult']){
    ?>

    <h1>Registered!</h1>
    <p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="index1.php" title="Login">log in</a>.</p>

    <?
    }
    else{
    ?>

    <h1>Registration Failed</h1>
    <p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
    Please try again at a later time.</p>

    <?
    }
    unset($_SESSION['reguname']);
    unset($_SESSION['regfirstname']);
    unset($_SESSION['reglastname']);
    unset($_SESSION['regphone']);
    unset($_SESSION['regemail']);
    unset($_SESSION['registered']);
    unset($_SESSION['regresult']);
    }

    if(isset($_SESSION['registered'])){

    ?>

    <html>
    <title>Registration Page</title>
    <body>

    <? displayStatus(); ?>

    </body>
    </html>

    <?
    return;
    }


    if(isset($_POST['subjoin'])){
    /* Make sure all fields were entered */
    if(!$_POST['user'] || !$_POST['pass']){
    die('You didn\'t fill in a required field.');
    }

    /* Spruce up username, check length */
    $_POST['user'] = trim($_POST['user']);
    if(strlen($_POST['user']) > 30){
    die("Sorry, the username is longer than 30 characters, please shorten it.");
    }

    /* Check if username is already in use */
    if(usernameTaken($_POST['user'])){
    $use = $_POST['user'];
    die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
    }

    /* Add the new account to the database */
    $md5pass = md5($_POST['pass']);
    $_SESSION['reguname'] = $_POST['user'];
    $_SESSION['regfirstname'] = $_POST['firstname'];
    $_SESSION['reglastname'] = $_POST['lastname'];
    $_SESSION['regphone'] = $_POST['phone'];
    $_SESSION['regemail'] = $_POST['email'];
    $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass, $_POST['firstname'], $_POST['lastname'], $_POST['phone'], $_POST['email']);
    $_SESSION['registered'] = true;
    echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
    return;
    }
    else{

    ?>

    <html>
    <title>Registration Page</title>
    <body>
    <h1>Register</h1>
    <form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
    <table align="left" border="0" cellspacing="0" cellpadding="3">
    <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>
    <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
    <tr><td>First Name:</td><td><input type="text" name="firstname" maxlength="30"></td></tr>
    <tr><td>Last Name:</td><td><input type="text" name="lastname" maxlength="30"></td></tr>
    <tr><td>Phone:</td><td><input type="text" name="phone" maxlength="30"></td></tr>
    <tr><td>Email:</td><td><input type="text" name="email" maxlength="30"></td></tr>
    <tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
    </table>
    </form>
    </body>
    </html>


    <?
    }
    ?>


    LOGIN.PHP

    <?


    function confirmUser($username, $password){
    global $conn;
    /* Add slashes if necessary (for query) */
    if(!get_magic_quotes_gpc()) {
    $username = addslashes($username);
    }

    /* Verify that user is in database */
    $q = "select password from users where username = '$username'";
    $result = mysql_query($q,$conn);
    if(!$result || (mysql_numrows($result) < 1)){
    return 1; //Indicates username failure
    }

    /* Retrieve password from result, strip slashes */
    $dbarray = mysql_fetch_array($result);
    $dbarray['password'] = stripslashes($dbarray['password']);
    $password = stripslashes($password);

    /* Validate that password is correct */
    if($password == $dbarray['password']){
    return 0; //Success! Username and password confirmed
    }
    else{
    return 2; //Indicates password failure
    }
    }


    function checkLogin(){
    /* Check if user has been remembered */
    if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
    $_SESSION['username'] = $_COOKIE['cookname'];
    $_SESSION['password'] = $_COOKIE['cookpass'];
    }

    /* Username and password have been set */
    if(isset($_SESSION['username']) && isset($_SESSION['password'])){
    /* Confirm that username and password are valid */
    if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
    /* Variables are incorrect, user not logged in */
    unset($_SESSION['username']);
    unset($_SESSION['password']);
    return false;
    }
    return true;
    }
    /* User not logged in */
    else{
    return false;
    }
    }


    function displayLogin(){
    global $logged_in;
    if($logged_in){
    echo "<h1>Logged In!</h1>";
    echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";
    }
    else{
    ?>

    <h1>Login</h1>
    <form action="" method="post">
    <table align="left" border="0" cellspacing="0" cellpadding="3">
    <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>
    <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>
    <tr><td colspan="2" align="left"><input type="checkbox" name="remember">
    <font size="2">Remember me next time</td></tr>
    <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
    <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr>
    </table>
    </form>

    <?
    }
    }



    if(isset($_POST['sublogin'])){
    /* Check that all fields were typed in */
    if(!$_POST['user'] || !$_POST['pass']){
    die('You didn\'t fill in a required field.');
    }
    /* Spruce up username, check length */
    $_POST['user'] = trim($_POST['user']);
    if(strlen($_POST['user']) > 30){
    die("Sorry, the username is longer than 30 characters, please shorten it.");
    }

    /* Checks that username is in database and password is correct */
    $md5pass = md5($_POST['pass']);
    $result = confirmUser($_POST['user'], $md5pass);

    /* Check error codes */
    if($result == 1){
    die('That username doesn\'t exist in our database.');
    }
    else if($result == 2){
    die('Incorrect password, please try again.');
    }

    /* Username and password correct, register session variables */
    $_POST['user'] = stripslashes($_POST['user']);
    $_SESSION['username'] = $_POST['user'];
    $_SESSION['password'] = $md5pass;


    if(isset($_POST['remember'])){
    setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
    setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
    }

    /* Quick self-redirect to avoid resending data on refresh */
    echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
    return;
    }

    /* Sets the value of the logged_in variable, which can be used in your code */
    $logged_in = checkLogin();

    ?>

  • #2
    Master Coder mlseim's Avatar
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,389
    Thanks
    8
    Thanked 1,077 Times in 1,068 Posts
    Do you have this (the red part) at the top of EVERY script that uses PHP SESSIONS?

    <?
    session_start();

  • #3
    New to the CF scene
    Join Date
    Jun 2010
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yes I do have the session starts at the top of every script that needs them. My login.php was working correctly before. I then added FIRSTNAME, LASTNAME, PHONE, EMAIL, to my register.php file. Now when I try to login, I get the incorrect password error.

  • #4
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    What does your users table look like? Is the field order the same as the query?
    PHP Code:
    $q "INSERT INTO users VALUES ('$username', '$password', '$firstname', '$lastname', '$phone', '$email')"
    Have your debugged with var_export/var_dump to confirm the passwords in the login and registration processes really are the same?
    Are you a Help Vampire?

  • #5
    New to the CF scene
    Join Date
    Jun 2010
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    My users table is in the exact order as my query.
    I have never tried to do a var_export/var_dump. I will try and let you know.

  • #6
    New to the CF scene
    Join Date
    Jun 2010
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I over looked my users table in phpmyadmin, I had the password set to VARCHAR(30) when it needed to be VARCHAR(32)

    I can now login withou any problems.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •