login form can you find my error?

Posted on 16th Feb 2014 07:03 pm by admin

registrationform.php seems fine send data to registration.php
registration.php seems fine checks all data then send it to function.php
connection.php does its job and connects to database also calls function.php
function.php puts data into database and send confirmation email
link in email if pressed sends data to database

ok so far so good everything doing what i wanted it to do

loginform.php seems fine sends data to login.php

heres the code of login.php
Code: <?php
include 'Connect.php';

if(!isset($_POST[submit]))
{
include 'index.php';
exit;
}
else
{
if (empty($_POST['username']) || empty($_POST['password']))// Check if any of the fields are missing
{
$loginempty_error = 'One or more fields missing';
include 'index.php';
exit;
}
//CHECKS USERNAME
if(!preg_match("/^[a-zd]{5,12}$/i", $_POST[username]))
{
$userlogin_error = "Invalid username please check and type carefully!<br />";
include 'index.php';
exit;
}
//CHECKS PASSWORD
if(!preg_match("/^[a-zd]{5,12}$/i", $_POST[password]))
{
$passlogin_error = "Invalid password please check and type carefully!<br />";
include 'index.php';
exit;
}

// Try and login with the given username & pass
$result = user_login($_POST['username'], $_POST['password']);

if ($result != 'Correct')
{
// Reshow the form with the error
$login_error = $result;
include 'index.php';
}
else
{
// direct to homepage
include 'index.php';
exit;
}
}

?>

heres my function.php
Code: <?php
// Salt Generator
function user_login($username, $password)
{
// Try and get the salt from the database using the username
$query = "select salt from members where username='$username' limit 1";
$result = mysql_query($query);
$user = mysql_fetch_array($result);

// Using the salt, encrypt the given password to see if it
// matches the one in the database
$encrypted_pass = md5(md5($password).$user['salt']);

// Try and get the user using the username & encrypted pass
$query = "select id, username from members where username='$username' and password='$encrypted_pass'";
$result = mysql_query($query);
$user = mysql_fetch_array($result);
$numrows = mysql_num_rows($result);

// Now encrypt the data to be stored in the session
$encrypted_id = md5($user['id']);
$encrypted_name = md5($user['username']);

// Store the data in the session
$_SESSION['id'] = $id;
$_SESSION['username'] = $username;
$_SESSION['encrypted_id'] = $encrypted_id;
$_SESSION['encrypted_name'] = $encrypted_name;

if ($numrows == 1)
{
return 'Correct';
}
else
{
return false;
}
}

function user_logout()
{
// End the session and unset all vars
session_unset ();
session_destroy ();
}

function is_authed()
{
// Check if the encrypted username is the same
// as the unencrypted one, if it is, it hasn't been changed
if (isset($_SESSION['username']) && (md5($_SESSION['username']) == $_SESSION['encrypted_name']))
{
return true;
}
else
{
return false;
}
}

?>

when i type a username and password that i know is in database and is correct
it shows index.php with $login_error
why is this?

Your Answer:

Login to answer

Other forums

Serial number of exernal hard disk/Thumbdrive
Hi guys, I am new tio java networking concepts.Please tel me how to get Serial number of exernal

News script
Hi ...

I am not sure if this is the rite place to post this but if its not sorry

i am

getting Vars to pass to next page.
Hello all,
I have a confusing situation on my hands, i am a member of a gaming community and we

multipart emiail forms
Hi All,

I am new to the boards and I've been working on a form (which is rather massive, imo

All possible combinations of Strings from table in PL/SQL
Hi,

I am trying to figure out how to build a list of all possible string combinations fro

eregi to preg
Im converting my regex for php 5.3 and I am stuck on the following

Code: [Select]if((eregi(&q

PHP Tab Control
Hi All,

I would like to have PHP tab control with/without Javascript.

But I want to r

[Need Help] php timing issues
I don't know what is going wrong. I need some help with being able to set an image at 9:00am Colorad

Executing an exe
Hi. I have some bizarre problem with exec (other any other method) to launch exe's. I am making a ga

Create comparison matrix?
I want to create a comparison script for forum software and was wondering is there any tutorial or b