login form can you find my error?

Posted on 16th Feb 2014 07:03 pm by admin

registrationform.php seems fine send data to registration.php
registration.php seems fine checks all data then send it to function.php
connection.php does its job and connects to database also calls function.php
function.php puts data into database and send confirmation email
link in email if pressed sends data to database

ok so far so good everything doing what i wanted it to do

loginform.php seems fine sends data to login.php

heres the code of login.php
Code: <?php
include 'Connect.php';

if(!isset($_POST[submit]))
{
include 'index.php';
exit;
}
else
{
if (empty($_POST['username']) || empty($_POST['password']))// Check if any of the fields are missing
{
$loginempty_error = 'One or more fields missing';
include 'index.php';
exit;
}
//CHECKS USERNAME
if(!preg_match("/^[a-zd]{5,12}$/i", $_POST[username]))
{
$userlogin_error = "Invalid username please check and type carefully!<br />";
include 'index.php';
exit;
}
//CHECKS PASSWORD
if(!preg_match("/^[a-zd]{5,12}$/i", $_POST[password]))
{
$passlogin_error = "Invalid password please check and type carefully!<br />";
include 'index.php';
exit;
}

// Try and login with the given username & pass
$result = user_login($_POST['username'], $_POST['password']);

if ($result != 'Correct')
{
// Reshow the form with the error
$login_error = $result;
include 'index.php';
}
else
{
// direct to homepage
include 'index.php';
exit;
}
}

?>

heres my function.php
Code: <?php
// Salt Generator
function user_login($username, $password)
{
// Try and get the salt from the database using the username
$query = "select salt from members where username='$username' limit 1";
$result = mysql_query($query);
$user = mysql_fetch_array($result);

// Using the salt, encrypt the given password to see if it
// matches the one in the database
$encrypted_pass = md5(md5($password).$user['salt']);

// Try and get the user using the username & encrypted pass
$query = "select id, username from members where username='$username' and password='$encrypted_pass'";
$result = mysql_query($query);
$user = mysql_fetch_array($result);
$numrows = mysql_num_rows($result);

// Now encrypt the data to be stored in the session
$encrypted_id = md5($user['id']);
$encrypted_name = md5($user['username']);

// Store the data in the session
$_SESSION['id'] = $id;
$_SESSION['username'] = $username;
$_SESSION['encrypted_id'] = $encrypted_id;
$_SESSION['encrypted_name'] = $encrypted_name;

if ($numrows == 1)
{
return 'Correct';
}
else
{
return false;
}
}

function user_logout()
{
// End the session and unset all vars
session_unset ();
session_destroy ();
}

function is_authed()
{
// Check if the encrypted username is the same
// as the unencrypted one, if it is, it hasn't been changed
if (isset($_SESSION['username']) && (md5($_SESSION['username']) == $_SESSION['encrypted_name']))
{
return true;
}
else
{
return false;
}
}

?>

when i type a username and password that i know is in database and is correct
it shows index.php with $login_error
why is this?

Your Answer:

Login to answer

Other forums

Php WordPress help
I am writing the following code for making a plugin

<?php
header("Content-Type

Login Functionality Working Different on IE
This is an odd one, I have a site which has an admin section. The admin pages unsurprisingly require

How do I send data using an html link
Hi

If I have
<a href="main_file.php">

How do I send data t

Redistributing dependent dlls
Hai all ,

I have created an application in VC++ using VS2008 in a development machine which r

Delete Client 066 Earlywatch
Hi all,

in former times client earlywatch was required for SAPs remote access to SAP inst

breaking a text file into paragraphs based on strings
I have a text file of email addresses that is all squished together. It looks like this:

abc

Text file to .Dat file Conversion in PHP
Hi All,
Could anybody provide code for Text file to .Dat file Conversion in PHP.

Tha

pagination numbering pattern
Hello,

I have following code which works great for pagination. but i have small issue now.

Web Application Recipe
Hi Guys!

I am working with the Web Application recipes. I am currently working on the sen

Problem executing bash script using shell_exec
Hi there,
I created a bash script file using following code to convert doc documents to pdf using