registrationform.php seems fine send data to registration.php registration.php seems fine checks all data then send it to function.php connection.php does its job and connects to database also calls function.php function.php puts data into database and send confirmation email link in email if pressed sends data to database
ok so far so good everything doing what i wanted it to do
loginform.php seems fine sends data to login.php
heres the code of login.php Code: <?php include 'Connect.php';
if(!isset($_POST[submit])) { include 'index.php'; exit; } else { if (empty($_POST['username']) || empty($_POST['password']))// Check if any of the fields are missing { $loginempty_error = 'One or more fields missing'; include 'index.php'; exit; } //CHECKS USERNAME if(!preg_match("/^[a-zd]{5,12}$/i", $_POST[username])) { $userlogin_error = "Invalid username please check and type carefully!<br />"; include 'index.php'; exit; } //CHECKS PASSWORD if(!preg_match("/^[a-zd]{5,12}$/i", $_POST[password])) { $passlogin_error = "Invalid password please check and type carefully!<br />"; include 'index.php'; exit; }
// Try and login with the given username & pass $result = user_login($_POST['username'], $_POST['password']);
if ($result != 'Correct') { // Reshow the form with the error $login_error = $result; include 'index.php'; } else { // direct to homepage include 'index.php'; exit; } }
?>
heres my function.php Code: <?php // Salt Generator function user_login($username, $password) { // Try and get the salt from the database using the username $query = "select salt from members where username='$username' limit 1"; $result = mysql_query($query); $user = mysql_fetch_array($result);
// Using the salt, encrypt the given password to see if it // matches the one in the database $encrypted_pass = md5(md5($password).$user['salt']);
// Try and get the user using the username & encrypted pass $query = "select id, username from members where username='$username' and password='$encrypted_pass'"; $result = mysql_query($query); $user = mysql_fetch_array($result); $numrows = mysql_num_rows($result);
// Now encrypt the data to be stored in the session $encrypted_id = md5($user['id']); $encrypted_name = md5($user['username']);
// Store the data in the session $_SESSION['id'] = $id; $_SESSION['username'] = $username; $_SESSION['encrypted_id'] = $encrypted_id; $_SESSION['encrypted_name'] = $encrypted_name;
function user_logout() { // End the session and unset all vars session_unset (); session_destroy (); }
function is_authed() { // Check if the encrypted username is the same // as the unencrypted one, if it is, it hasn't been changed if (isset($_SESSION['username']) && (md5($_SESSION['username']) == $_SESSION['encrypted_name'])) { return true; } else { return false; } }
?>
when i type a username and password that i know is in database and is correct it shows index.php with $login_error why is this?
