funbinod Posted April 20, 2014 Share Posted April 20, 2014 i got problem somewhere while trying to authenticate users while loging in. what i wrote to authenticate in classuser file is this-- // start authentication $safeUser = $mysqli->real_escape_string($username); $incomingPass = $mysqli->real_escape_string($password); $query = "SELECT * FROM user WHERE username = '{$safeUser}'"; if (!$result = $mysqli->query($query)) { error_log("Cannot retrieve account record for {$username}"); return false; } // no while loop for single row $row = $result->fetch_assoc(); $dbPass = $row['password']; if (crypt($incomingPass, $dbPass) != $dbPass) { error_log("Wrong Password for {$username}!"); return false; } i've mysql table 'user' and columns 'username' & 'password'. while trying loging in with valid username & password also it gives username & password related error. both username & password are recorded in CHAR(10) type..... Link to comment Share on other sites More sharing options...
Ingolme Posted April 20, 2014 Share Posted April 20, 2014 That's not exactly how crypt() works. The crypt function uses a salt. To compare a password with another one they have to be encrypted with the same salt. you can read about crypt() in the PHP manual. Link to comment Share on other sites More sharing options...
funbinod Posted April 25, 2014 Author Share Posted April 25, 2014 thank u i made it done with something different // start authentication $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM user WHERE username = '{$username}'"; $result = mysqli_query($mysqli, $query); if (!$result) { error_log("Cannot retrieve account record for {$username}"); return false; } // no while loop for single row $row = mysqli_fetch_array($result); $dbPass = $row['password']; $type = $row['type']; $count = mysqli_num_rows($result); if ($password == $dbPass && $type == "1") { error_log("Welcome {$username}!"); return true; } else { error_log("Wrong password!"); return false; } $this->uid = $row['uid']; $this->name = $row['name']; $this->username = $row['username']; $this->password = $row['password']; $this->type = $row['type']; $this->isLoggedIn = true; $this->_setSession(); return true; } but session couldn't be started. it failed load authenticated page when i added this line to top of it.... <?phprequire_once('functions.php');$user = new User;if (!$user->isLoggedIn) { die(header("location: login.php"));}?> and went back to login page. Link to comment Share on other sites More sharing options...
justsomeguy Posted April 25, 2014 Share Posted April 25, 2014 Maybe you're not starting the session. Link to comment Share on other sites More sharing options...
funbinod Posted April 25, 2014 Author Share Posted April 25, 2014 uhh! i've not thought about that. but after setting session start also there is same problem..... Link to comment Share on other sites More sharing options...
justsomeguy Posted April 25, 2014 Share Posted April 25, 2014 Verify the data that is in the session. Link to comment Share on other sites More sharing options...
funbinod Posted April 25, 2014 Author Share Posted April 25, 2014 sorry i couldnt understand what u suggested but below the authentication function there is session start function like this --- private function _setSession() { if (session_id() == '') { session_start(); } $_SESSION['uid'] = $this->uid; $_SESSION['name'] = $this->name; $_SESSION['address'] = $this->address; $_SESSION['phone'] = $this->phone; $_SESSION['username'] = $this->username; $_SESSION['password'] = $this->password; $_SESSION['type'] = $this->type; $_SESSION['isLoggedIn'] = $this->isLoggedIn; } // end function setSession and init user function like this private function _initUser() { $this->uid = $_SESSION['uid']; $this->name = $_SESSION['name']; $this->address = $_SESSION['address']; $this->phone = $_SESSION['phone']; $this->username = $_SESSION['username']; $this->password = $_SESSION['password']; $this->type = $_SESSION['type']; $this->isLoggedIn = $_SESSION['isLoggedIn']; } // end function initUser Link to comment Share on other sites More sharing options...
justsomeguy Posted April 25, 2014 Share Posted April 25, 2014 On the page where it's not working, print the session out.print_r($_SESSION); Link to comment Share on other sites More sharing options...
funbinod Posted April 25, 2014 Author Share Posted April 25, 2014 oh i did it. thank u for the company. i changed this-- if ($password == $dbPass && $type == "1") { error_log("Welcome {$username}!"); return true;}else { error_log("Wrong password!"); return false; } to-- if ($password != $dbPass) { error_log("Wrong password!"); return false; } and its done. but i need one more help. this successful login redirects to admin.php (as i've defined on login-precess file). but i want to change the page to redirect to different pages according to user types. how can i do that? please guide... Link to comment Share on other sites More sharing options...
justsomeguy Posted April 25, 2014 Share Posted April 25, 2014 What part are you missing? Get the type of the user, and use an if structure or switch statement to redirect based on the type. Link to comment Share on other sites More sharing options...
funbinod Posted April 25, 2014 Author Share Posted April 25, 2014 thank u very very much! i was confused on if it should be applied on classUser.php file. so i failed. now i tried it on login-process.php file and it is done..... thank u again.... Link to comment Share on other sites More sharing options...
davej Posted April 26, 2014 Share Posted April 26, 2014 Of course you shouldn't actually store the password. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now