Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    New Coder
    Join Date
    Oct 2012
    Posts
    44
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Forum signin help

    I am having trouble with this sign-in portion of my forum:

    Code:
    <?php
    //signin.php
    require('header.php');
    
    echo '<h3>Sign in</h3><br />';
    
    //first, check if the user is already signed in. If that is the case, there is no need to display this page
    if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
    {
    	echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
    }
    else
    {
    	if($_SERVER['REQUEST_METHOD'] != 'POST')
    	{
    		/*the form hasn't been posted yet, display it
    		  note that the action="" will cause the form to post to the same page it is on */
    		echo '<form method="post" action="">
    			Username: <input type="text" name="user_name" /><br />
    			Password: <input type="password" name="user_pass"><br />
    			<input type="submit" value="Sign in" />
    		 </form>';
    	}
    	else
    	{
    		/* so, the form has been posted, we'll process the data in three steps:
    			1.	Check the data
    			2.	Let the user refill the wrong fields (if necessary)
    			3.	Varify if the data is correct and return the correct response
    		*/
    		$errors = array(); /* declare the array for later use */
    		
    		if(!isset($_POST['user_name']))
    		{
    			$errors[] = 'The username field must not be empty.';
    		}
    		
    		if(!isset($_POST['user_pass']))
    		{
    			$errors[] = 'The password field must not be empty.';
    		}
    		
    		if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
    		{
    			echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />';
    			echo '<ul>';
    			foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
    			{
    				echo '<li>' . $value . '</li>'; /* this generates a nice error list */
    			}
    			echo '</ul>';
    		}
    		else
    		{
    			//the form has been posted without errors, so save it
    			//notice the use of mysql_real_escape_string, keep everything safe!
    			//also notice the sha1 function which hashes the password
    			$sql = "SELECT 
    						user_id,
    						user_name,
    						user_level
    					FROM
    						users
    					WHERE
    						user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'
    					AND
    						user_pass = '" . sha1($_POST['user_pass']) . "'";
    						
    			$result = mysql_query($sql);
    			if(!$result)
    			{
    				//something went wrong, display the error
    				echo 'Something went wrong while signing in. Please try again later.';
    				echo mysql_error(); //debugging purposes, uncomment when needed
    			}
    			else
    			{
    				//the query was successfully executed, there are 2 possibilities
    				//1. the query returned data, the user can be signed in
    				//2. the query returned an empty result set, the credentials were wrong
    				if(mysql_num_rows($result) == 0)
    				{
    					echo 'You have supplied a wrong user/password combination. Please try again.';
    				}
    				else
    				{
    					//set the $_SESSION['signed_in'] variable to TRUE
    					$_SESSION['signed_in'] = true;
    					
    					//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
    					while($row = mysql_fetch_assoc($result))
    					{
    						$_SESSION['user_id'] 	= $row['user_id'];
    						$_SESSION['user_name'] 	= $row['user_name'];
    						$_SESSION['user_level'] = $row['user_level'];
    					}
    					
    					echo 'Welcome, ' . $_SESSION['user_name'] . '. <br /><a href="index.php">Proceed to the forum overview</a>.';
    				}
    			}
    		}
    	}
    }
    
    include 'footer.php';
    ?>
    When I sign in I am getting the message: You have supplied a wrong user/password combination. Please try again. I have checked over and voer and I am providing the right password and username.

  • #2
    Senior Coder
    Join Date
    Jan 2011
    Location
    Missouri
    Posts
    3,763
    Thanks
    23
    Thanked 548 Times in 547 Posts
    The first line in your php for ALL php page has to be session_start(), that goes for your other post also.
    http://php.net/manual/en/function.session-start.php
    Evolution - The non-random survival of random variants.

  • #3
    New Coder
    Join Date
    Oct 2012
    Posts
    44
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by sunfighter View Post
    The first line in your php for ALL php page has to be session_start(), that goes for your other post also.
    http://php.net/manual/en/function.session-start.php
    Okay but that did not change anything

  • #4
    Banned
    Join Date
    Mar 2013
    Posts
    139
    Thanks
    0
    Thanked 9 Times in 9 Posts
    Quote Originally Posted by logepoge1 View Post
    I am getting the message: You have supplied a wrong user/password combination. Please try again.
    That's because according to your code there are no rows in $result after you ran the query $sql.

    The 1st thing you should do is check the query beinng run.

    Just before $result = mysql_query($sql); type

    Code:
    echo $sql; die();
    to see the actual query you are running and make sure the syntax and passed values are correct.

  • #5
    New Coder
    Join Date
    Oct 2012
    Posts
    44
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by knightCoder View Post
    That's because according to your code there are no rows in $result after you ran the query $sql.

    The 1st thing you should do is check the query beinng run.

    Just before $result = mysql_query($sql); type

    Code:
    echo $sql; die();
    to see the actual query you are running and make sure the syntax and passed values are correct.
    Think I found the problem. I had the username as test which worked, but password was entered as 12 but the query had password as: 7b52009b64fd0a2a49e6d8a939753077792b0554 possibly because of encryption? How do I get it descrypted?

  • #6
    New Coder
    Join Date
    Oct 2012
    Posts
    44
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Sorry I meant decrypted

  • #7
    Senior Coder
    Join Date
    Jan 2011
    Location
    Missouri
    Posts
    3,763
    Thanks
    23
    Thanked 548 Times in 547 Posts
    You can not get it decrypted. The best that can be done is to change it via phpMyAdmin.
    Evolution - The non-random survival of random variants.

  • #8
    New Coder
    Join Date
    Oct 2012
    Posts
    44
    Thanks
    3
    Thanked 0 Times in 0 Posts
    I changed the password field from typeassword to type:text and it is still not working right

  • #9
    New Coder
    Join Date
    Oct 2012
    Posts
    44
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Changed to:
    PHP Code:
    user_pass '" . mysql_real_escape_string($_POST['user_pass']) . "'"; 
    in code now it works. Closing thread now

  • #10
    New Coder
    Join Date
    Oct 2012
    Posts
    44
    Thanks
    3
    Thanked 0 Times in 0 Posts
    well Im not getting the option is change it


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •