Jump to content

Login Code


ChidoriSoul
 Share

Recommended Posts

Hey, I am making a Login code, and everything is complete, but it is not working properly. The error is this: Even though I enter everything correctly, it always says that the password is incorrect? My code is this:

<?phpsession_start();require_once 'db.php';$page_mode = isset($_POST['page_mode']) ? $_POST['page_mode'] : '';$error_string = '';if ($page_mode == 'login'){  $name = $_POST['name'];  $password = $_POST['password'];  if (trim($name) == '' || trim($password) == '')	$error_string .= 'Please enter your username and password.<br>';  else  {		$result = db_query("SELECT id, name, password FROM users WHERE name='" . mysql_real_escape_string($name) . "'");	if (!($row = mysql_fetch_assoc($result)))	  $error_string .= 'The username was not found.<br>';	else if ($row['password'] != sha1($password))	  $error_string .= 'The password does not match the username provided.<br>';	else	{	  $_SESSION['user_id'] = $row['id'];	  $_SESSION['user_name'] = $row['name'];	  header('Location: index.php');	  exit();	}  }}?><html><center><head><title>Pokemon Planet - Version 0.1</title><link rel='stylesheet' type='text/css' href='stylesheet.css'><body><div class="error_text"><?php echo $error_string; ?></div><div id="container">	<div id="banner"></div>	<div id="frame">		<div id="leftmenu"><div style="padding: 3px;">			<center><b>General Options</b><br/><a href='index.php'>Index</a><br/><a href='register.php'>Register</a><br/><a href='login.php'>Login</a></center>		</div></div>		<div id="content"><div style="padding: 3px;">			<center><u>Login!</u><br/>Here you can login to access the RPG, but you have to have already <a href='register.php'>registered</a>.<br/><br/><form action="login.php" method="post"><input type="hidden" name="page_mode" value="login"><b>Username:</b><br/><input type="text" name="name" size="20" maxlength="255" value="<?php if (isset($name)) echo $name; ?>"><br/><br/><b>Password:</b><br/><input type="password" name="password" size="20"><br/><input type="submit" value="Log In" size="30"></center>		</div></div>		<div id="rightmenu"><div style="padding: 3px;">			<center><b>General Options</b><br/><a href='index.php'>Index</a><br/><a href='register.php'>Register</a><br/><a href='login.php'>Login</a></center>		</div></div>	</div>	<div id="footer"><center><font color='#000000'>Pokemon Planet is © 2009 by Shadow. This site is created and coded by Shadow. Pokemon Planet is in no way affiliated with Nintendo, Pokémon Company, Game Freak, Creatures, or any related organizations. Most Pokémon images (sprites, icons, map tiles, etc.) are © Nintendo and their publishers. Images are slightly modified in order to meet certain needs upon this website.</font></center></div></div></body></center></html>

Link to comment
Share on other sites

If you want to set session variables before redirecting, you need to use the session_write_close() function:

$_SESSION['user_id'] = $row['id'];$_SESSION['user_name'] = $row['name'];session_write_close();header('Location: index.php');

Link to comment
Share on other sites

If it says the password is not the same as in the database, then the password is not the same as in the database. If you don't believe it, then print out the 2 things you're comparing:else if ($row['password'] != sha1($password))If you print $row['password'] and sha1($password), they aren't going to match. If they did match, it wouldn't tell you that they don't.

Link to comment
Share on other sites

My Register Page is this:

<?phprequire_once 'db.php';$page_mode = isset($_POST['page_mode']) ? $_POST['page_mode'] : '';$error_string = '';if ($page_mode == 'register'){  $name = trim($_POST['name']);  $password = $_POST['password'];  $conf_password = $_POST['conf_password'];  $email = trim($_POST['email']);  if ($name == '')	$error_string .= 'Please enter your name.<br>';  if (strlen(trim($password)) > 20)	$error_string .= 'Your password extends the allowed amount of 20 characters.<br>';  if ($password != $conf_password)	$error_string .= 'The password and confirmation password do not match.<br>';  if (!isValidEmail($email))	$error_string .= 'Please enter a valid email address.<br>';  if ($_POST['code'] != "Holo") 	die('You entered an incorrect code.');  if ($error_string == '')  {	$result = db_query("SELECT id FROM users WHERE email='" . mysql_real_escape_string($email) . "'");	if (mysql_num_rows($result) > 0)	  $error_string .= 'That email address is already registerd.<br>';	else	{	  $name = mysql_real_escape_string($name);	  $password = sha1($password);	  $email = mysql_real_escape_string($email); 	 	  db_query("INSERT INTO users (name, password, email) VALUES ('{$name}', '{$password}','{$email}')");	  header('Location: complete.php');	  exit();	}  }}function isValidEmail($email = ''){	return preg_match("/^[\d\w\/+!=#|$?%{^&}*`'~-][\d\w\/\.+!=#|$?%{^&}*`'~-]*@[A-Z0-9][A-Z0-9.-]{1,61}[A-Z0-9]\.[A-Z]{2,6}$/ix",$email);}?><html><!--[if IE]>  <link rel="stylesheet" type="text/css" href="allie.css" /><![endif]--><center><head><title>Pokemon Planet - Version 0.1</title><link rel='stylesheet' type='text/css' href='stylesheet.css'><body><div class="error_text"><?php echo $error_string; ?></div><div id="container">	<div id="banner"></div>	<div id="frame">		<div id="leftmenu"><div style="padding: 3px;">			<center><b>General Options</b><br/><a href='index.php'>Index</a><br/><a href='register.php'>Register</a><br/><a href='login.php'>Login</a><br/><br/><b>Miscellaneous</b><br/><a href='chat.php'>Chat</a><br/><a href='donate.php'>Donate</a></center>		</div></div>		<div id="content"><div style="padding: 3px;">			<center><u>Register!</u><br/>Here you can register for the RPG, you just have to fill in these forms.<br/><br/><form action="register.php" method="post"><input type="hidden" name="page_mode" value="register"><b>Username:</b><br/><input type="text" name="name" div id='input' size="20" maxlength="255" value="<?php if (isset($name)) echo $name; ?>"><br/><br/><b>Password:</b><br/><input type='password' div id='input' name='pass' maxlength='20'><br/><br/><b>Repeat Password:</b><br/><input type='password' div id='input' name='reppass' maxlength='20'><br/><br/><b>Email:</b><br/><input type="text" div id='input' name="email" size="20" maxlength="255" value="<?php if (isset($email)) echo $email; ?>"><br/><br/><b>Enter Code:</b><br/><input type='text' div id='input' name='code' size='20'><br/><input type="submit" value="Register" size="30"></center>		</div></div>		<div id="rightmenu"><div style="padding: 3px;">			<center><b>General Options</b><br/><a href='index.php'>Index</a><br/><a href='register.php'>Register</a><br/><a href='login.php'>Login</a><br/><br/><b>Miscellaneous</b><br/><a href='chat.php'>Chat</a><br/><a href='donate.php'>Donate</a></center>		</div></div>	</div>	<div id="footer"><center><font color='#000000'>Pokemon Planet is © 2009 by Shadow. This site is created and coded by Shadow. Pokemon Planet is in no way affiliated with Nintendo, Pokémon Company, Game Freak, Creatures, or any related organizations. Most Pokémon images (sprites, icons, map tiles, etc.) are © Nintendo and their publishers. Images are slightly modified in order to meet certain needs upon this website.</font></center></div></div></body></center></html>

Link to comment
Share on other sites

Look at your form:<b>Password:</b><br/><input type='password' div id='input' name='pass' maxlength='20'><br/><br/><b>Repeat Password:</b><br/><input type='password' div id='input' name='reppass' maxlength='20'>Look at the PHP:$password = $_POST['password'];$conf_password = $_POST['conf_password'];You're also not checking if the password is blank or too short, you're only checking if it's too long. All of your passwords in the database now are blank, the value you see is the SHA-1 hash of the empty string (sha1('')).Also, what the heck is going on with the "div" in all the inputs, and why do they all have the same ID?

Edited by justsomeguy
Link to comment
Share on other sites

What is the word div doing in your inputs? Also, as dsonesuk pointed out, you're searching for a variable name that doesn't match the one on the form, so it'll always be empty.

Link to comment
Share on other sites

Lunch? It's 10 to 2 in the am where I am. Or do you just mean the fact that you're the only guy helping anyone today? You could do with the posts, anyway. You're not even at 14k yet. Slacker.

Link to comment
Share on other sites

Or do you just mean the fact that you're the only guy helping anyone today?
It seems like we're all trying to say the same things at once.
The reason for the div in the input is for my stylesheet code, to do some stuff to the input box.
That's not exactly valid, there's a better way to do it. Edited by justsomeguy
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...