login form can you find my error?
Posted on
16th Feb 2014 07:03 pm by
admin
registrationform.php seems fine send data to registration.php
registration.php seems fine checks all data then send it to function.php
connection.php does its job and connects to database also calls function.php
function.php puts data into database and send confirmation email
link in email if pressed sends data to database
ok so far so good everything doing what i wanted it to do
loginform.php seems fine sends data to login.php
heres the code of login.php
Code: <?php
include 'Connect.php';
if(!isset($_POST[submit]))
{
include 'index.php';
exit;
}
else
{
if (empty($_POST['username']) || empty($_POST['password']))// Check if any of the fields are missing
{
$loginempty_error = 'One or more fields missing';
include 'index.php';
exit;
}
//CHECKS USERNAME
if(!preg_match("/^[a-zd]{5,12}$/i", $_POST[username]))
{
$userlogin_error = "Invalid username please check and type carefully!<br />";
include 'index.php';
exit;
}
//CHECKS PASSWORD
if(!preg_match("/^[a-zd]{5,12}$/i", $_POST[password]))
{
$passlogin_error = "Invalid password please check and type carefully!<br />";
include 'index.php';
exit;
}
// Try and login with the given username & pass
$result = user_login($_POST['username'], $_POST['password']);
if ($result != 'Correct')
{
// Reshow the form with the error
$login_error = $result;
include 'index.php';
}
else
{
// direct to homepage
include 'index.php';
exit;
}
}
?>
heres my function.php
Code: <?php
// Salt Generator
function user_login($username, $password)
{
// Try and get the salt from the database using the username
$query = "select salt from members where username='$username' limit 1";
$result = mysql_query($query);
$user = mysql_fetch_array($result);
// Using the salt, encrypt the given password to see if it
// matches the one in the database
$encrypted_pass = md5(md5($password).$user['salt']);
// Try and get the user using the username & encrypted pass
$query = "select id, username from members where username='$username' and password='$encrypted_pass'";
$result = mysql_query($query);
$user = mysql_fetch_array($result);
$numrows = mysql_num_rows($result);
// Now encrypt the data to be stored in the session
$encrypted_id = md5($user['id']);
$encrypted_name = md5($user['username']);
// Store the data in the session
$_SESSION['id'] = $id;
$_SESSION['username'] = $username;
$_SESSION['encrypted_id'] = $encrypted_id;
$_SESSION['encrypted_name'] = $encrypted_name;
if ($numrows == 1)
{
return 'Correct';
}
else
{
return false;
}
}
function user_logout()
{
// End the session and unset all vars
session_unset ();
session_destroy ();
}
function is_authed()
{
// Check if the encrypted username is the same
// as the unencrypted one, if it is, it hasn't been changed
if (isset($_SESSION['username']) && (md5($_SESSION['username']) == $_SESSION['encrypted_name']))
{
return true;
}
else
{
return false;
}
}
?>
when i type a username and password that i know is in database and is correct
it shows index.php with $login_error
why is this?
No comments posted yet
Your Answer:
Login to answer
333 
9 
Other forums
UPLOAD IMAGES NOT WORKING!
Hi there i have a upload script in which it uploads the picture to a folder than creates two thumbna
need help with date function
i have following form for date
Code: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01
Redirect not working after making a POST/GET
Hi Everyone,
I am a novice in PHP. Here I have 2 pages, one page with a textbox and button an
ScriptResource.axd gives an error on fresh install of ASP.NET Ajax 1.0
Hello,I have a fresh install of Microsoft ASP.NET Ajax 1.0. When I create an Ajax enabled website in
Need help: how to catch acess of undefined class properties
Hello. I am learning OO with PHP and have hit a problem.
Some code runs as perfectly valid code,
how can we add data from dynamic fields to mysql db in php
i have a script which i found on the internet. i modify that script according to my needs. what is i
help countdown timers
hello every one,
I'd like to know how to insert many countdowns in the same page.
The dura
natcasesort works on one server but not on another
Hi
I have a problem that I was hoping that someone can help me with.
I'm trying to use
Mail form doesn't send Russian/Cyrillic characters correctly?
When someone enters foreign characters (like Cyrillic text, and Japanese/Chinese probably gives the
Getting Resource id #11 while trying to connect..
So i tried using "DEFINE" for the first time and im using the variables i defined to conne
