[Gsirtak]

Hi,

I have a forum I'm implementing. I can register and post while registered but I cannot login when logged out. It continues to not login.

That username-password combination does not appear to match our records. Please try again.

The username and pass are correct when I try to relog in. Here is my codes login and forum.inc codes.

<?php

// this function is called to set up each of the pages in the website.
// it shows the site's logo, and gives as the page title whatever it's passed
// as its first argument .. the other argument it uses as the header text of the
// page. there is also a javascript function included in the title; this is used as
// a confirm on the post.php and main.php pages, for deleting posts and threads,
// respectively. an internal style sheet is set up to ensure stylistic coherence.
function setup_page ($title, $headtext) {
	echo "<HTML>
		<HEAD>
		<TITLE>".$title."</TITLE>
		<script LANGUAGE=Javascript TYPE='TEXT/Javascript'>
		<!--
			function areYouSure (msg) {
				var bool = window.confirm(msg);
				return bool;
			}
		-->
		</SCRIPT>
		</HEAD>
		<STYLE>
		H1 {color:#CCCCCC; font:bold 16pt 'Verdana', 'Tahoma', 'Arial'}
		H2 {color:#CCCCCC; font:bold 12pt 'Verdana', 'Tahoma', 'Arial'}
		P {color:#CCCCCC; font:10pt 'Verdana', 'Tahoma', 'Arial'}
		A:link {color:#FF0000; font:bold 10pt}
		A:hover {color: #FFFF33; font:bold 10pt}
		A:visited {color:#CC9900; font:bold 10pt}
		</STYLE>
		<BODY BGCOLOR='#000066' TEXT='#CCCCCC'>
		<P ALIGN='center'><IMG SRC='mingle1.jpg' WIDTH='300' HEIGHT='175'></p>
		<H1>".$headtext."<H1>
		<p>";

	// set up a global variable to show that the page has been set up
	global $set_up;
	$set_up = TRUE;
}

// this function shows an error message and some links. the error message is
// passed as the first argument of the function.
function fail ($msg, $serious) {

	// if the page has already been set up, just show a small header
	if ($set_up) {
		echo "<H2>Whoops</H2>";

	// otherwise set up the page to show that an error has occured
	} else {
		setup_page ("Error", "Whoops");
	}
	echo "<p>Sorry. There has been an error (".$msg.").<BR><br>";

	// if 'serious' is true (the second argument passed in a call to this function)
	// then the user must return all the way to the site entrance
	if ($serious) {
		echo "<A HREF='enter.php'>Please click here to return to the site entrance.</A>";

	// if its not a 'serious' error then the user has to go to the main thread listing page
	} else {
		echo "<A HREF='main.php'>Please click here to return to the main page.</A>";
	}

	// show a link to mail the technical help
	echo "<BR><BR><A HREF='mailto:gsirtak@sbcglobal.net'>Click here to inform
		our technical staff of this problem.</A></p>";
	exit;
}

// this function checks to make sure the string that is passed its argument is in valid format
// for an email address
function isValidEmail ($email) {
	return eregi("^[a-z0-9_]+@[a-z0-9\-]+\.[a-z0-9\-\.]+$", $email);
}

// this function connects to MySQL and selects the forum database
function dbConnect () {
	$db = mysql_connect("localhost", "ghouse", "bronzeworks", "forum");
	mysql_select_db("forum", $db);
}
?>

[/br]

<?php

// check for session variables
session_start();

// load the script containing the common functions
require "forum.inc";

// set a string variable to contain some hyperlinks to other parts of the site
$links = "<A HREF='main.php'>Click here to proceed to the Great Debate.</A><BR><BR>
	<A HREF='enter.php'>Click here to log out.</A>";

// if this page has been called by the form on itself
if ($user && $pass) {

	// if the user specified on the form is the user that has already been logged in
	if ($logged_in_user == $user) {

		// inform the user of this, show the links and stop executing this script
		setup_page ("Already logged in!", "Whoops");
		echo $user.", you are already logged in.<BR><BR>";
		echo $links;
		exit;
	}

	// connect to 'forum' database and check the username-password combination
	// submitted on the form
	dbConnect();
	$result = mysql_query("SELECT * FROM users WHERE name = '".$user."'
					AND password = PASSWORD('".$pass."')");

	// if the query doesnt execute, show an error message
	if (!$result) {
		fail("database query failed, login page", true);
	}

	// if the username and password are valid
	if (mysql_num_rows($result) > 0) {

		// find the userID and register it as a session variable
		$record = mysql_fetch_assoc($result);
		$logged_in_user = $user;
		session_register("logged_in_user");
		$logged_userID = $record["userID"];
		session_register("logged_userID");

		// if the user is identified as a moderator on the database,
		// log this fact as a session variable
		if ($record["mod"]) {
			$logged_as_mod = true;
			session_register("logged_as_mod");
		}
		setup_page("Welcome", "Welcome");
		echo "Glad you could make it, ".$logged_in_user." :)<BR><BR>";
		echo $links;
		exit;

	// if the login details did not match the database, show the form again
	} else {
		setup_page("Invalid", "Invalid Login");
		echo "That username-password combination does not appear to match our records.
		Please try again.<BR><BR>";
	}

// or if the user has failed to fill in both fields, show the form again
} else if ($user || $pass) {
	setup_page("Invalid", "Invalid Login");
	echo "Please fill in both fields.<BR><BR>";

// if the user has arrived for the first time on this page, ask them to complete the form
} else {
	setup_page("Login", "Login");
	echo "Please enter your details to log in.";
}
?>
<FORM METHOD=POST ACTION="login.php">
 Your username:
 <INPUT NAME="user" TYPE=TEXT MAXLENGTH=20 SIZE=20>
 <BR>
 Your password:
 <INPUT NAME="pass" TYPE=PASSWORD MAXLENGTH=10 SIZE=20>
 <BR>
 <BR>
 <INPUT TYPE=SUBMIT VALUE="Login">
 </FORM>
<A HREF="enter.php">Click here to return to the site entrance.</A>
</BODY>
</HTML>

[Auzzie]

Bit rusty without caffeine atm but i believe your SQL query is your problem, try changing this:

$result = mysql_query("SELECT * FROM users WHERE name = '".$user."'
					AND password = PASSWORD('".$pass."')");

to this:

$result = mysql_query("SELECT * FROM users WHERE name = '".$user."'
					AND password = '".$pass."'");

[Gsirtak]

Auzzie, on 21 Aug, 2009 - 12:59 AM, said:

Bit rusty without caffeine atm but i believe your SQL query is your problem, try changing this:

$result = mysql_query("SELECT * FROM users WHERE name = '".$user."'
					AND password = PASSWORD('".$pass."')");

to this:

$result = mysql_query("SELECT * FROM users WHERE name = '".$user."'
					AND password = '".$pass."'");

I'm still getting this error: That username-password combination does not appear to match our records. Please try again.

[Wimpy]

You said it was working when you were first registered right? Can you provide with the code you use for registering a user, there must be some weird difference between the two (probably how the password is stored)!

[TeeJ]

Isnt this wrong?

else { <---A goes to...
		setup_page("Invalid", "Invalid Login");
		echo "That username-password combination does not appear to match our records.
		Please try again.<BR><BR>";
	} <----A

// or if the user has failed to fill in both fields, show the form again
} <---OOPS LONG BRACKET else if ($user || $pass) {<-----B to...
	setup_page("Invalid", "Invalid Login");
	echo "Please fill in both fields.<BR><BR>";

// if the user has arrived for the first time on this page, ask them to complete the form
}<---B else { <---C
	setup_page("Login", "Login");
	echo "Please enter your details to log in.";
} <---C
?>

There seems to be an extra }

[Gsirtak]

Wimpy, on 22 Aug, 2009 - 06:00 AM, said:

You said it was working when you were first registered right? Can you provide with the code you use for registering a user, there must be some weird difference between the two (probably how the password is stored)!

Yes, I can register and post threads and edit threads but can't login after. Here is the register.php code.

<?php

// check for session variables
session_start();

// load the common functions
require "forum.inc";

// if all fields have been filled in
if ($user && $pass && $email) {

	// escape problem characters in all user input fields
	$user = addslashes($user);
	$pass = addslashes($pass);
	$email = addslashes($email);

	// if the email can be validated
	if (isValidEmail ($email)) {

		// connect to the database and make sure the username does NOT already exist
		dbConnect();
		$result = mysql_query("SELECT * FROM users WHERE name = '".$user."'");
		if (mysql_num_rows ($result) == 0) {

			// add the new details to the database
			$result = mysql_query ("INSERT INTO users (name, password, email, showemail)
							VALUES ('".$user."', PASSWORD('".$pass."'), '".$email."', '".$showemail."')");
			if ($result) {

				// register the new user and their userID
				$logged_in_user = $user;
				session_register ("logged_in_user");
				$result = mysql_query ("SELECT userID FROM users WHERE name = '".$user."'");
				if (!$result) fail ("select query failed on register page", true);
				$record = mysql_fetch_assoc($result);
				$logged_userID = $record["userID"];
				session_register ("logged_userID");
				setup_page("Registration", "Registration Complete");
				echo "Your details have been added to the database, ".$logged_in_user.".<BR><BR>
					<A HREF='main.php'>Click here to go to Our Forum.</A><BR><BR>
					<A HREF='enter.php'>Click here to log out.</A>";
				exit;
			} else {
				fail("database query failed, registration page", true);
			}
		} else {
			setup_page("Registration", "Invalid registration");
			echo "Sorry, that username has been taken. Please try another.<BR>";
		}
	} else {
		setup_page("Registration", "Invalid registration");
		echo "Please submit a valid email address.";
	}

// if less than all three fields have been filled up ..
} else if ($user || $pass || $email) {
	setup_page("Registration", "Invalid registration");
	echo "Please fill in all fields.";

// greeting for new users
} else {
	setup_page("Registration", "Registration");
	echo "Please enter your details to register.";
}
?>
 <BR>
 <FORM METHOD=POST ACTION="register.php">
  Enter a username:
  <INPUT NAME="user" TYPE=TEXT MAXLENGTH=20 SIZE=20>
  <BR>
  Enter a password:
  <INPUT NAME="pass" TYPE=PASSWORD MAXLENGTH=10 SIZE=20>
  <BR>
  <BR>
  Your email:
  <INPUT TYPE=TEXT NAME="email" MAXLENGTH=40 SIZE=40>
  <BR>
  <BR>
  Should we allow other users to email you?
  <INPUT NAME="showemail" TYPE=RADIO VALUE="1" CHECKED>Yes
  <INPUT NAME="showemail" TYPE=RADIO VALUE="0">No
  <BR>
  <BR>
  <INPUT TYPE=SUBMIT VALUE="Register">
 </FORM>
<A HREF="enter.php">Click here to return to the site entrance.</A>
</BODY>
</HTML>

[musacj]

Gsirtak, on 20 Aug, 2009 - 06:55 PM, said:

Hi,

I have a forum I'm implementing. I can register and post while registered but I cannot login when logged out. It continues to not login.

That username-password combination does not appear to match our records. Please try again.

What would help is that you do an echo on the SELECT statement before you execute it...
after that, copy the query and run it in your database management tool.

e.g.

$loginSQL = "SELECT * FROM users WHERE name='". $name ."' AND PASSWORD('". $pwd ."')";

Hope this helps