[J9710]

Hi guys

So im getting a problem with my login script. My registration works fine and the details are stored properly in the database, but im getting a problem when i try to login using them. Basically i get the following error when i hit login:

The following error(s) occurred:
- The username and password entered do not match those on file.
-

Query: SELECT user_id, username FROM Users WHERE username='test' AND password=SHA('testing')


Please try again.

Below is my code, any help would be appreciated.

<?php # Script  - login.php


if (isset($_POST['submitted'])) {

	require_once ('../includes/mysql_connect.php');
		
	$errors = array(); 
	

	if (empty($_POST['username'])) {
		$errors[] = 'You forgot to enter your username.';
	} else {
		$u = $_POST['username'];
	}
	

	if (empty($_POST['password'])) {
		$errors[] = 'You forgot to enter your password.';
	} else {
		$p = $_POST['password'];
	}
if (empty($errors)) {

		$query = "SELECT user_id, username FROM Users WHERE username='$u' AND password=SHA('$p')";		
		$result = @mysql_query ($query);
		$row = mysql_fetch_array ($result, MYSQL_NUM);  
if ($row) {
				
		
			setcookie ('user_id', $row[0]);
			setcookie ('username', $row[1]);

	
			$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
		
			if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
				$url = substr ($url, 0, -1); 
			}
	
			$url .= '/loggedin.php';
			
			header("Location: $url");
			exit(); 
} else {
			$errors[] = 'The username and password entered do not match those on file.'; 
			$errors[] = mysql_error() . '<br /><br />Query: ' . $query;
		}
		
	} 
		
	mysql_close();
} else {

	$errors = NULL;

} 

$page_title = 'Login';
include ('../includes/header.html');

if (!empty($errors)) {
	echo '<h1 id="mainhead">Error!</h1>
	<p class="error">The following error(s) occurred:<br />';
	foreach ($errors as $msg) {
		echo " - $msg<br />\n";
	}
	echo '</p><p>Please try again.</p>';
}


?>
<h2>Login</h2>
<form action="login.php" method="post">
	<p>Username: <input type="text" name="username" size="20" maxlength="40" /> </p>
	<p>Password: <input type="password" name="password" size="20" maxlength="20" /></p>
	<p><input type="submit" name="submit" value="Login" /></p>
	<input type="hidden" name="submitted" value="TRUE" />
</form>
<?php
include ('../includes/footer.html');
?>

[noorahmad]

try this:
login.php

$u = $_POST['username'];
$p = $_POST['password'];
$query = mysql_query("SELECT * FROM users WHERE Username='$u' AND Password='$p'")or die(mysql_error());
if(mysql_num_rows($query)>0)
{
header("Location: yourpage.php");
}
else
{
header("Location: index.php?msg=Login+Faild");
}

[J9710]

So can this code replace all of mine, or does it just go in the center where im getting the error message from?

and the "header("Location: index.php?msg=Login+Faild");"
would this take me back to index.php and display a message?

Sorry im new to php.

[noorahmad]

i commented some of your codes,
if it doesn't work then past your header and footer pages.

Note: Change Table Name, Usename, Password to your database table and fields

<?php # Script  - login.php

if (isset($_POST['submitted'])) {

//	require_once ('../includes/mysql_connect.php');

	$errors = array();
   

	if (empty($_POST['username'])) {
		$errors[] = 'You forgot to enter your username.';
	} else {
		$u = $_POST['username'];
	}
   

	if (empty($_POST['password'])) {
		$errors[] = 'You forgot to enter your password.';
	} else {
		$p = $_POST['password'];
	}
if (empty($errors)) {

		$query = "SELECT Username,Password FROM users WHERE Username='$u' AND Password='$p'";		
		$result = mysql_query ($query) or die(mysql_error());
		$row = mysql_fetch_assoc($result);
if ($row) {
			   
	   
		   // setcookie ('user_id', $row[0]);
		   // setcookie ('username', $row[1]);

   
			$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
	   
			if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
				$url = substr ($url, 0, -1);
			}
   
		   // $url .= '/loggedin.php';
		   
		   // header("Location: $url");
		   echo "Done";
			exit();
} else {
			$errors[] = 'The username and password entered do not match those on file.';
			$errors[] = mysql_error() . '<br /><br />Query: ' . $query;
			echo 'Invalid Password or Username';
		}
	   
	}
	   
	mysql_close();
} else {

	$errors = NULL;

}
/*
$page_title = 'Login';
include ('../includes/header.html');

if (!empty($errors)) {
	echo '<h1 id="mainhead">Error!</h1>
	<p class="error">The following error(s) occurred:<br />';
	foreach ($errors as $msg) {
		echo " - $msg<br />\n";
	}
	echo '</p><p>Please try again.</p>';
}
*/

?>

This post has been edited by noorahmad: 10 May 2009 - 05:09 AM

[J9710]

I keep getting the error saying my username or password are incorrect, even though they aren't.

Below is my header file

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Home</title>
<LINK REL=stylesheet Type ="text/css" href = "../includes/style1.css" />


 


</head>

<body>
<div id = "Wrap">
<div id = "SiteName">

<img src = "../images/header.gif" />

</div>

And here is my footer:

<div id="copyright">
<p>&copy; Copyright - </p>
</div>
</div>
</div>
</body>
</html>

[BGDeveloper]

Try this:

<?php
	require_once('../includes/mysql_connect.php');
	
	if(isset($_POST['submitted']))
	{
		$myerros = array();
		
		$username = htmlspecialchars($_POST['username']);
		$password = htmlspecialchars($_POST['password']);
		
		if(empty($username))
		{
			$myerrors[] = 'Username is empty!';
		}
		
		if(empty($password))
		{
			$myerrors[] = 'Password is empty!';
		}
		
		if(empty($myerrors))
		{
			$sql = "SELECT `user_id`,`username`,`password` 
				FROM `users`
					WHERE `username` = '{$username}' AND `password` = SHA1('{$password}')";
				
			$query = mysql_query($sql) or die(mysql_error());
			$numrows = mysql_num_rows($query);
			
			if(($numrows) > 0)
			{
				$result = mysql_fetch_array($query);
				
				set_cookie('user_id', $result['user_id']);
				set_cookie('username', $username);
				
				header('Location: loggedin.php'); die();
			}
			else
			{
				$myerrors[] = 'Username and/or password not match!';
			}
		}
	}
	else
	{
		$myerros[] = null;
	}
	
	if(!empty($myerrors))
	{
		foreach($myerrors as $message):
			print $message . '<br/>';
		endforeach;
	}
?>
<form action = "" method = "post">
	username: <br/>
	<input type="text" name="username" /><br/>
	password: <br/>
	<input type="password" name="password" /><br/>
	<input type="submit" name="submitted" value="submit" />
</form>

[J9710]

BGDeveloper, on 10 May, 2009 - 04:52 AM, said:

Try this:

<?php
	require_once('../includes/mysql_connect.php');
	
	if(isset($_POST['submitted']))
	{
		$myerros = array();
		
		$username = htmlspecialchars($_POST['username']);
		$password = htmlspecialchars($_POST['password']);
		
		if(empty($username))
		{
			$myerrors[] = 'Username is empty!';
		}
		
		if(empty($password))
		{
			$myerrors[] = 'Password is empty!';
		}
		
		if(empty($myerrors))
		{
			$sql = "SELECT `user_id`,`username`,`password` 
				FROM `users`
					WHERE `username` = '{$username}' AND `password` = SHA1('{$password}')";
				
			$query = mysql_query($sql) or die(mysql_error());
			$numrows = mysql_num_rows($query);
			
			if(($numrows) > 0)
			{
				$result = mysql_fetch_array($query);
				
				set_cookie('user_id', $result['user_id']);
				set_cookie('username', $username);
				
				header('Location: loggedin.php'); die();
			}
			else
			{
				$myerrors[] = 'Username and/or password not match!';
			}
		}
	}
	else
	{
		$myerros[] = null;
	}
	
	if(!empty($myerrors))
	{
		foreach($myerrors as $message):
			print $message . '<br/>';
		endforeach;
	}
?>
<form action = "" method = "post">
	username: <br/>
	<input type="text" name="username" /><br/>
	password: <br/>
	<input type="password" name="password" /><br/>
	<input type="submit" name="submitted" value="submit" />
</form>

I've tried this and im afraid im still getting the username/password incorrect error. I would have to guess that there is some sort of problem retrieving data from the database? Although i have no problems registering new users to it. The table in my database contains the following fields:

user_id
username
password
registration_date

p.s thanks for the help so far guys

[BGDeveloper]

Show me register.php or whatever the file name is.

[J9710]

<?php # Script - register.php



if (isset($_POST['submitted'])) {

	require_once ('../includes/mysql_connect.php');
		
	$errors = array(); 
	

	if (empty($_POST['username'])) {
		$errors[] = 'You forgot to enter your username.';
	} else {
		$u = $_POST['username'];
	}
	

	if (!empty($_POST['password1'])) {
		if ($_POST['password1'] != $_POST['password2']) {
			$errors[] = 'Your password did not match the confirmed password.';
		} else {
			$p = $_POST['password1'];
		}
	} else {
		$errors[] = 'You forgot to enter your password.';
	}
	
	if (empty($errors)) { 
	
			$query = "INSERT INTO Users (username, password, registration_date) VALUES ('$u', SHA('$p'), NOW())";		
			$result = @mysql_query ($query);
			if ($result) { 
			
				
				$body = "Thank you for registering with my site!\nYour Password is '{$_POST['password1']} '.\n\nSincerely, \nYour Name";
				mail ($_POST['email'], 'Thank you for registering!' , $body, 'From: emailhere');

				
				$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
				
			
				if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
					$url = substr ($url, 0, -1); 
				}
				
			
				$url .= '/thanks.php';
				
				header("Location: $url");
				exit();
				
			} else { 
				$errors[] = 'You could not be registered due to a system error. We apologize for any inconvenience.'; 
				$errors[] = mysql_error() . '<br /><br />Query: ' . $query; 
			}
				
	} 

	mysql_close(); 
		
} else { 

	$errors = NULL;

}


$page_title = 'Register';
include ('../includes/header.html');

if (!empty($errors)) {
	echo '<h1 id="mainhead">Error!</h1>
	<p class="error">The following error(s) occurred:<br />';
	foreach ($errors as $msg) { 
		echo " - $msg<br />\n";
	}
	echo '</p><p>Please try again.</p>';
}


?>
<h2>Register</h2>
<form action="register.php" method="post">
	<p>Username: <input type="text" name="username" size="15" maxlength="15" value="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" /></p>
	<p>Password: <input type="password" name="password1" size="10" maxlength="20" /></p>
	<p>Confirm Password: <input type="password" name="password2" size="10" maxlength="20" /></p>
	<p><input type="submit" name="submit" value="Register" /></p>
	<input type="hidden" name="submitted" value="TRUE" />
</form>
<?php
include ('../includes/footer.html');
?>

This post has been edited by J9710: 10 May 2009 - 06:22 AM

[BGDeveloper]

Apparently I'm blind, because I can't see where the problem is.
So... I've write you a new one.

<?php
	# File Name - register.php
	
	require_once('../includes/mysql_connect.php');
	
	if(isset($_POST['register']))
	{
		$username = htmlspecialchars($_POST['username']);
		$password = htmlspecialchars($_POST['password']);
		$reg_date = date();
		
		$error = array();
		
		if(empty($username))
		{
			$error[] = 'username is empty';
		}
		elseif(empty($password))
		{
			$error[] = 'password is empty';
		}
		
		if(empty($error))
		{
			$sql = "INSERT INTO `myusers`
					(`username`,`password`,`reg_date`)
				VALUES
					('{$username}','". md5($password) . "', '{$reg_date}')";
			
			$query = mysql_query($sql) or die (mysql_error());
			
			if($query)
			{
				print 'Register successful';
				
				header('Location: thanks.php');
			}
		}
	}
	
	foreach($error as $message):
		print $message . '<br/>';
	endforeach;
?>
<form action = "" method= "post">
	username:<br/>
		<input type="text" name="username" />
	password:<br/>
		<input type="password" name="password" />
		<input type="submit" name="register" value="register" />
</form>

Login

<?php
	# File Name - Login.php
	
	require_once('../includes/mysql_connect.php');
	
	if(isset($_POST['login']))
	{
		$username = htmlspecialchars($_POST['username']);
		$password = htmlspecialchars($_POST['password']);
		
		$error = array();
		
		if(empty($username))
		{
			$error[] = 'username is empty';
		}
		elseif(empty($password))
		{
			$error[] = 'password is empty';
		}
		
		if(empty($error))
		{
			$sql = "SELECT * FROM `myusers`
						WHERE
							`username` = '{$username}'
						AND
							`password` = '". md5($password) ."'";
			
			$query = mysql_query($sql) or die (mysql_error());
			$numrows = mysql_num_rows($query);
			
			if(($numrows) > 0)
			{
				$result = mysql_fetch_array($query);
				print 'Login successful';
				
				set_cookie('user_id', $result['user_id']);
				set_cookie('username', $username);
				
				header('Location: loggedin.php');
			}
			else
			{
				$error[] = 'wrong username or/and password';
			}
		}
	}
	
	foreach($error as $message):
		print $message . '<br/>';
	endforeach;
?>
<form action = "" method= "post">
	username:<br/>
		<input type="text" name="username" />
	password:<br/>
		<input type="password" name="password" />
		<input type="submit" name="login" value="login" />
</form>

SQL:

CREATE TABLE IF NOT EXISTS `myusers`
(
	`user_id` MEDIUMINT(6) NOT NULL AUTO_INCREMENT PRIMARY KEY,
	`username` VARCHAR(40) NOT NULL,
	`password` VARCHAR(40) NOT NULL,
	`reg_date` INT(11) NOT NULL
) ENGINE=MyISAM

I have not tested it, so tell me if there is some error.

[J9710]

BGDeveloper, on 10 May, 2009 - 05:39 AM, said:

Apparently I'm blind, because I can't see where the problem is.
So... I've write you a new one.

<?php
	# File Name - register.php
	
	require_once('../includes/mysql_connect.php');
	
	if(isset($_POST['register']))
	{
		$username = htmlspecialchars($_POST['username']);
		$password = htmlspecialchars($_POST['password']);
		$reg_date = date();
		
		$error = array();
		
		if(empty($username))
		{
			$error[] = 'username is empty';
		}
		elseif(empty($password))
		{
			$error[] = 'password is empty';
		}
		
		if(empty($error))
		{
			$sql = "INSERT INTO `myusers`
					(`username`,`password`,`reg_date`)
				VALUES
					('{$username}','". md5($password) . "', '{$reg_date}')";
			
			$query = mysql_query($sql) or die (mysql_error());
			
			if($query)
			{
				print 'Register successful';
				
				header('Location: thanks.php');
			}
		}
	}
	
	foreach($error as $message):
		print $message . '<br/>';
	endforeach;
?>
<form action = "" method= "post">
	username:<br/>
		<input type="text" name="username" />
	password:<br/>
		<input type="password" name="password" />
		<input type="submit" name="register" value="register" />
</form>

Login

<?php
	# File Name - Login.php
	
	require_once('../includes/mysql_connect.php');
	
	if(isset($_POST['login']))
	{
		$username = htmlspecialchars($_POST['username']);
		$password = htmlspecialchars($_POST['password']);
		
		$error = array();
		
		if(empty($username))
		{
			$error[] = 'username is empty';
		}
		elseif(empty($password))
		{
			$error[] = 'password is empty';
		}
		
		if(empty($error))
		{
			$sql = "SELECT * FROM `myusers`
						WHERE
							`username` = '{$username}'
						AND
							`password` = '". md5($password) ."'";
			
			$query = mysql_query($sql) or die (mysql_error());
			$numrows = mysql_num_rows($query);
			
			if(($numrows) > 0)
			{
				$result = mysql_fetch_array($query);
				print 'Login successful';
				
				set_cookie('user_id', $result['user_id']);
				set_cookie('username', $username);
				
				header('Location: loggedin.php');
			}
			else
			{
				$error[] = 'wrong username or/and password';
			}
		}
	}
	
	foreach($error as $message):
		print $message . '<br/>';
	endforeach;
?>
<form action = "" method= "post">
	username:<br/>
		<input type="text" name="username" />
	password:<br/>
		<input type="password" name="password" />
		<input type="submit" name="login" value="login" />
</form>

SQL:

CREATE TABLE IF NOT EXISTS `myusers`
(
	`user_id` MEDIUMINT(6) NOT NULL AUTO_INCREMENT PRIMARY KEY,
	`username` VARCHAR(40) NOT NULL,
	`password` VARCHAR(40) NOT NULL,
	`reg_date` INT(11) NOT NULL
) ENGINE=MyISAM

I have not tested it, so tell me if there is some error.

Well it registers and allows me to login, so i guess it works I do however get two errors

Message on registration:
Warning: Invalid argument supplied for foreach() in (whole directory here)/pages/register.php on line 41

Message on login:
Login successful
Fatal error: Call to undefined function set_cookie() in (whole directory here)/pages/login.php on line 38

[BGDeveloper]

Rename set_cookie to setcookie.

And about foreach.....

if(!empty($error))
{
foreach($error as $message):
		print $message . '<br/>';
	endforeach;

}

Both files.

[J9710]

Ok seems to be working ok, getting page cannot be found errors but i reckon i can fix it myself.

Thanks a lot for the help.