Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post

    Login script(cant get logged in)

    I am having trouble with a login script, i cant same to get logged in using it. I have the script working that looks up a table called "users". I need to script to look up a table called "employers", the script is the same accept for the table it is looking up. The script just outputs the error "Username and Password incorrect".

    Can anyone help

    PHP Code:
    <?php

    $validation 
    "";

    /**
     * Checks whether or not the given username is in the
     * database, if so it checks if the given password is
     * the same password in the database for that user.
     * If the user doesn't exist or if the passwords don't
     * match up, it returns an error code (1 or 2). 
     * On success it returns 0.
     */
    function confirmUser($username$password){
       global 
    $conn;
       
    /* Add slashes if necessary (for query) */
       
    if(!get_magic_quotes_gpc()) {
        
    $username addslashes($username);
       }

       
    /* Verify that user is in database */
       
    $q "select password from employers where username = '$username'";
       
    $result mysql_query($q,$conn);
       if(!
    $result || (mysql_numrows($result) < 1)){
          return 
    1//Indicates username failure
       
    }

       
    /* Retrieve password from result, strip slashes */
       
    $dbarray mysql_fetch_array($result);
       
    $dbarray['password']  = stripslashes($dbarray['password']);
       
    $password stripslashes($password);

       
    /* Validate that password is correct */
       
    if($password == $dbarray['password']){
          return 
    0//Success! Username and password confirmed
       
    }
       else{
          return 
    2//Indicates password failure 
       

       }
       
    /**
     * checkLogin - Checks if the user has already previously
     * logged in, and a session with the user has already been
     * established. Also checks to see if user has been remembered.
     * If so, the database is queried to make sure of the user's 
     * authenticity. Returns true if the user has logged in.
     */
    function checkLogin(){
       
    /* Check if user has been remembered */
       
    if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
          
    $_SESSION['username'] = $_COOKIE['cookname'];
          
    $_SESSION['password'] = $_COOKIE['cookpass'];
       }

       
    /* Username and password have been set */
       
    if(isset($_SESSION['username']) && isset($_SESSION['password'])){
          
    /* Confirm that username and password are valid */
          
    if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
             
    /* Variables are incorrect, user not logged in */
             
    unset($_SESSION['username']);
             unset(
    $_SESSION['password']);
             return 
    false;
          }
          return 
    true;
       }
       
    /* User not logged in */
       
    else{
          return 
    false;
       }
    }



    /**
     * Determines whether or not to display the login
     * form or to show the user that he is logged in
     * based on if the session variables are set.
     */
    function displayLoginemployer(){
    global 
    $validation;
       global 
    $logged_in;
       if(
    $logged_in){
          echo 
    "Welcome <b>$_SESSION[username]</b>
              <br>
            <br><a href=\"viewemployeedetails.php\">User Account Details</a>
            <br>
            <br><a href=\"viewcv.php\">CV Page</a></li>
            <br>
            <br><a href=\"logout.php\">Logout</a>"
    ;
       }
       else{
       
    include 
    "employerloginform.php";
    echo 
    "<p>$validation</p>";

       }

    }


    /**
     * Checks to see if the user has submitted his
     * username and password through the login form,
     * if so, checks authenticity in database and
     * creates session.
     */
    if(isset($_POST['sublogin'])){
    $_POST['user'] = trim($_POST['user']);
       
    /* Checks that username is in database and password is correct */
       
    $md5pass md5($_POST['pass']);
       
    $result confirmUser($_POST['user'], $md5pass);

       
    /* Check that all fields were typed in */
       
    if(!$_POST['user'] || !$_POST['pass']){
        
    $validation "You didn't fill in a required field";
       }
       
       
    /* Check that all fields were typed in */
       
    if(!$_POST['user']){
        
    $validation "Please enter a username";
       }
       
       
    /* Check that all fields were typed in */
       
    if(!$_POST['pass']){
        
    $validation "Please enter a password";
       }
         
        if(
    $result == || ($result == 2)){
        
    $validation "Incorrect username and password";
        }

       
    /* Check error codes */
       
    else if($result == 1){
        
    $validation "Username doesn't exist";
            }
       else if(
    $result == 2){
        
    $validation "Incorrect Password";
           }    
           

       
    /* Username and password correct, register session variables */
       
    $_POST['user'] = stripslashes($_POST['user']);
       
    $_SESSION['username'] = $_POST['user'];
       
    $_SESSION['password'] = $md5pass;

     
       if(isset(
    $_POST['remember'])){
          
    setcookie("cookname"$_SESSION['username'], time()+60*60*24*100"/");
          
    setcookie("cookpass"$_SESSION['password'], time()+60*60*24*100"/");
       }


    }

    /* Sets the value of the logged_in variable, which can be used in your code */
    $logged_in checkLogin();

    ?>
    Last edited by PRodgers4284; 02-14-2008 at 11:49 AM.

  • #2
    Senior Coder nikos101's Avatar
    Join Date
    Dec 2006
    Location
    London
    Posts
    1,008
    Thanks
    59
    Thanked 10 Times in 10 Posts
    $_SESSION['password'] = $md5pass;

    should be

    $_SESSION['password'] = md5($pass);

    hmm in fact I don't think thats the problem sorry


  • #3
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Quote Originally Posted by nikos101 View Post
    $_SESSION['password'] = $md5pass;

    should be

    $_SESSION['password'] = md5($pass);

    hmm in fact I don't think thats the problem sorry

    nikos101 thanks for that, i still cant get logged in. Im using the same script for the another login for a table called "user" that works fine. I have added a link on the login form for "employer login" which basically goes to another form for the employer login which uses the same code as the "user login" form accept it looks up another table. Could there be a problem with the session?

  • #4
    Senior Coder nikos101's Avatar
    Join Date
    Dec 2006
    Location
    London
    Posts
    1,008
    Thanks
    59
    Thanked 10 Times in 10 Posts
    Have you included session_start in the above script?


  • #5
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Quote Originally Posted by nikos101 View Post
    Have you included session_start in the above script?
    Yeah i have

  • #6
    Senior Coder nikos101's Avatar
    Join Date
    Dec 2006
    Location
    London
    Posts
    1,008
    Thanks
    59
    Thanked 10 Times in 10 Posts
    This is the sort of thing where a debugger really pays off my friend


  • #7
    Regular Coder
    Join Date
    Nov 2006
    Posts
    601
    Thanks
    1
    Thanked 2 Times in 2 Posts
    if im correct you got it from http://www.evolt.org/node/60384

    so you would have copied it fully off the website leaving nothing out?? if so should ork fine... what i would do is register yourself and see if that works.. if so change that account to have admin rights them boom ur in :P

  • #8
    Senior Coder nikos101's Avatar
    Join Date
    Dec 2006
    Location
    London
    Posts
    1,008
    Thanks
    59
    Thanked 10 Times in 10 Posts
    yeah thats a great script


  • #9
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Quote Originally Posted by runnerjp View Post
    if im correct you got it from http://www.evolt.org/node/60384

    so you would have copied it fully off the website leaving nothing out?? if so should ork fine... what i would do is register yourself and see if that works.. if so change that account to have admin rights them boom ur in :P
    Yeah but it has modified the errors etc to appear on one page in the login form. I cant understand way it isnt workin for the "employer" login when it works for the "user" login as its the same code accept it looks up a different table. The registration for the employer works fine, adds everything to the database but it just wont login.

  • #10
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Im using the following code for the "user" login, im looking to use the same code for the "employer" login. I have included my loginform which has a link the the index2 page which it the page the employer will be directed to where the employer login form will be displayed "index2.php". Im using the same code as below for the employer login only it looks up the employers table to check the username and password. Once i try to login as an employer it just keep bringing up username and password incorrect.

    PHP Code:
    <?php

    $validation 
    "";

    /**
     * Checks whether or not the given username is in the
     * database, if so it checks if the given password is
     * the same password in the database for that user.
     * If the user doesn't exist or if the passwords don't
     * match up, it returns an error code (1 or 2). 
     * On success it returns 0.
     */
    function confirmUser($username$password){
       global 
    $conn;
       
    /* Add slashes if necessary (for query) */
       
    if(!get_magic_quotes_gpc()) {
        
    $username addslashes($username);
       }

       
    /* Verify that user is in database */
       
    $q "select password from users where username = '$username'";
       
    $result mysql_query($q,$conn);
       if(!
    $result || (mysql_numrows($result) < 1)){
          return 
    1//Indicates username failure
       
    }

       
    /* Retrieve password from result, strip slashes */
       
    $dbarray mysql_fetch_array($result);
       
    $dbarray['password']  = stripslashes($dbarray['password']);
       
    $password stripslashes($password);

       
    /* Validate that password is correct */
       
    if($password == $dbarray['password']){
          return 
    0//Success! Username and password confirmed
       
    }
       else{
          return 
    2//Indicates password failure 
       

       }
       
    /**
     * checkLogin - Checks if the user has already previously
     * logged in, and a session with the user has already been
     * established. Also checks to see if user has been remembered.
     * If so, the database is queried to make sure of the user's 
     * authenticity. Returns true if the user has logged in.
     */
    function checkLogin(){
       
    /* Check if user has been remembered */
       
    if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
          
    $_SESSION['username'] = $_COOKIE['cookname'];
          
    $_SESSION['password'] = $_COOKIE['cookpass'];
       }

       
    /* Username and password have been set */
       
    if(isset($_SESSION['username']) && isset($_SESSION['password'])){
          
    /* Confirm that username and password are valid */
          
    if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
             
    /* Variables are incorrect, user not logged in */
             
    unset($_SESSION['username']);
             unset(
    $_SESSION['password']);
             return 
    false;
          }
          return 
    true;
       }
       
    /* User not logged in */
       
    else{
          return 
    false;
       }
    }



    /**
     * Determines whether or not to display the login
     * form or to show the user that he is logged in
     * based on if the session variables are set.
     */
    function displayLogin(){
    global 
    $validation;
       global 
    $logged_in;
       if(
    $logged_in){
          echo 
    "Welcome <b>$_SESSION[username]</b>
              <br>
            <br><a href=\"viewemployeedetails.php\">User Account Details</a>
            <br>
            <br><a href=\"viewcv.php\">CV Page</a></li>
            <br>
            <br><a href=\"logout.php\">Logout</a>"
    ;
       }
       else{
       
    include 
    "loginform.php";
    echo 
    "<p>$validation</p>";

       }

    }


    /**
     * Checks to see if the user has submitted his
     * username and password through the login form,
     * if so, checks authenticity in database and
     * creates session.
     */
    if(isset($_POST['sublogin'])){
    $_POST['user'] = trim($_POST['user']);
       
    /* Checks that username is in database and password is correct */
       
    $md5pass md5($_POST['pass']);
       
    $result confirmUser($_POST['user'], $md5pass);

       
    /* Check that all fields were typed in */
       
    if(!$_POST['user'] || !$_POST['pass']){
        
    $validation "You didn't fill in a required field";
       }
       
       
    /* Check that all fields were typed in */
       
    if(!$_POST['user']){
        
    $validation "Please enter a username";
       }
       
       
    /* Check that all fields were typed in */
       
    if(!$_POST['pass']){
        
    $validation "Please enter a password";
       }
         
        if(
    $result == || ($result == 2) || ($result == 3)){
        
    $validation "Incorrect username and password";
        }

       
    /* Check error codes */
       
    else if($result == 1){
        
    $validation "Username doesn't exist";
            }
       else if(
    $result == 2){
        
    $validation "Incorrect Password";
           }
           
       else if(
    $result == 3){
        
    $validation "Inactive account";
           }
        
           

       
    /* Username and password correct, register session variables */
       
    $_POST['user'] = stripslashes($_POST['user']);
       
    $_SESSION['username'] = $_POST['user'];
       
    $_SESSION['password'] = $md5pass;

       
    /**
        * This is the cool part: the user has requested that we remember that
        * he's logged in, so we set two cookies. One to hold his username,
        * and one to hold his md5 encrypted password. We set them both to
        * expire in 100 days. Now, next time he comes to our site, we will
        * log him in automatically.
        */
       
    if(isset($_POST['remember'])){
          
    setcookie("cookname"$_SESSION['username'], time()+60*60*24*100"/");
          
    setcookie("cookpass"$_SESSION['password'], time()+60*60*24*100"/");
       }


    }

    /* Sets the value of the logged_in variable, which can be used in your code */
    $logged_in checkLogin();

    ?>
    The form im using is:

    PHP Code:
    <form action="" method="post">

    <p><label>Username:</label>
    <input input tabindex="1" class="txtBox" type="text" name="user" maxlength="30" size="20" value="<?php echo $_POST['user']; ?>" />
    </p>
    <p><label>Password: </label>
    &nbsp;<input input tabindex="2" class="txtBox" type="password" name="pass" maxlength="30" value="<?php echo $_POST['pass']; ?>" />
    </p>
    <p><label><input tabindex="3" type="checkbox" class='chkbox' name="remember">Remember Me</label>
    <p>
    <input tabindex="4" class="go" accesskey="l" type="submit" name="sublogin" value="Login" /><br class="spacer" />
    <p>
    <a href="register.php">Register</a>
    </p>
    <p><a href="Index2.php">Employer Login</a> </p>
    </form>

  • #11
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    why keep the password in a session?

  • #12
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    Quote Originally Posted by rafiki View Post
    why keep the password in a session?
    Would it make a difference if i didnt have it as a session? Im really struggling with this, i tried everythin i can think of.

  • #13
    Regular Coder
    Join Date
    Jan 2008
    Posts
    216
    Thanks
    10
    Thanked 1 Time in 1 Post
    i got this workin, thanks guys


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •