Cannot Login

  • (3 Pages)
  • +
  • 1
  • 2
  • 3

44 Replies - 1039 Views - Last Post: 28 June 2014 - 11:29 AM Rate Topic: -----

#1 Viper2KX  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 195
  • Joined: 25-January 09

Cannot Login

Posted 22 April 2014 - 08:56 PM

I'm following a series of tutorials for a registration/login system with $_SESSION.

The tutorials can be found in the following links.


I am taking the Object-Oriented approach, and will work on switching to the prepare statements when I can get this working. My issue is on the 2nd link, I am aware that the author didn't fully use OOP - but I've switched what was Procedural over on my own.

And the 3rd link I have realized that isn't exactly what I'm doing, it is a backbone that won't need to be dealt with now. And I hope once I can sign myself in because the registration script works like a charm, the $_SESSION[''] will work like a charm.

How I know it doesn't work is because I've tried to sign in countless times, thinking that the redirect doesn't work. So on the page that I am protecting I refresh hoping to see the protected content - but I don't.

My code is 99% the same as what is written in the tutorials, except for the connection script - that is in a different file, and the query statement (different db names) and instead of using sha256 with $salt, I am using sha512 with $salt - and the $hash is matched on both the registration and login page. Just so all the readers and who all helps knows.

Is This A Good Question/Topic? 0
  • +

Replies To: Cannot Login

#2 astonecipher  Icon User is offline

  • Major DIC Head
  • member icon

Reputation: 609
  • View blog
  • Posts: 2,738
  • Joined: 03-December 12

Re: Cannot Login

Posted 22 April 2014 - 09:09 PM

Can you see a session variable in your browser console?
Was This Post Helpful? 0
  • +
  • -

#3 Viper2KX  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 195
  • Joined: 25-January 09

Re: Cannot Login

Posted 22 April 2014 - 09:15 PM

I didn't think of that, I just checked and I do not.

I got a 404 error to 2 JS files I had deleted that are still linked.
But that is irrelevant.
Was This Post Helpful? 0
  • +
  • -

#4 astonecipher  Icon User is offline

  • Major DIC Head
  • member icon

Reputation: 609
  • View blog
  • Posts: 2,738
  • Joined: 03-December 12

Re: Cannot Login

Posted 22 April 2014 - 10:12 PM

Start by commenting out the header redirect. Then print the session id.

It would also be helpful if you post the code you have so people do not have to look at three pages of tutorials and guess what is different or incorrect in the tutorial, some of those can be quite out of date.

This post has been edited by astonecipher: 22 April 2014 - 10:12 PM

Was This Post Helpful? 0
  • +
  • -

#5 cyberCardinal  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 6
  • Joined: 20-April 14

Re: Cannot Login

Posted 22 April 2014 - 11:55 PM

Is session_start() at the beginning of the code? Try print_R($_SESSION) to see if your session is created.

Make sure the salt you add on registration and the general way you create the password hash on registration is the same with what you do on the login page otherwise the two hashes shall never match.

If you want to post the code around here I could take a better look.

As another solution I would send you to our blog http://makingbrowsergames.com where the first 3 tutorials or so are dedicated to creating a register and login page, and with salt as well.

They might be simpler and better explained than what you tried?
Was This Post Helpful? 0
  • +
  • -

#6 Viper2KX  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 195
  • Joined: 25-January 09

Re: Cannot Login

Posted 23 April 2014 - 07:49 AM

Here is the code now astonecipher

<?php
    if(isset($_POST['submit'])) {
        $email = $_POST['email']; $pass = $_POST['pass'];

        // db connection
        include 'mysqli_connect.php';

        $email = $mysqli->real_escape_string($email);

        $query = "SELECT * FROM admin WHERE email = '" . $email . "'";
        $result = $mysqli->query($query);

        if($mysqli->num_rows($result) == 0) {
            header('Location: login.php');
        }

        $adminData = $mysqli->fetch_assoc($result);
        $hash = hash('sha512', $adminData['salt'] . hash('sha512', $pass));

        if($hash != $adminData['pass']) {
            header('Location: login.php');
        } else {
            session_regenerate_id();
            $_SESSION['adminId'] = $adminData['adminId'];
            $_SESSION['email'] = $adminData['email'];
            session_write_close();
            header('Location: panel.php');
        }
    }
?>



And the form:
<form action="" method="post" enctype="application/x-www-form-urlencoded">
            <div>
                <label for="email">Email:</label>
                <input type="email" name="email">
            </div>
            <div>
                <label for="pass">Password:</label>
                <input type="password" name="pass">
            </div>
            <div>
                <label for="submit"></label>
                <input type="submit" name="submit" value="Login">
            </div>
        </form>



And now I'm getting a HTTP 500 Internal Server Error.

This post has been edited by Viper2KX: 23 April 2014 - 08:07 AM

Was This Post Helpful? 0
  • +
  • -

#7 ArtificialSoldier  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 357
  • View blog
  • Posts: 1,289
  • Joined: 15-January 14

Re: Cannot Login

Posted 23 April 2014 - 08:39 AM

That means there is a fatal PHP error. Add this to the top of your PHP code to make sure error messages are showing up:

ini_set('display_errors', 1);
error_reporting(E_ALL);

Was This Post Helpful? 0
  • +
  • -

#8 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6051
  • View blog
  • Posts: 23,483
  • Joined: 23-August 08

Re: Cannot Login

Posted 23 April 2014 - 08:46 AM

Quote

As another solution I would send you to our blog http://makingbrowsergames.com where the first 3 tutorials or so are dedicated to creating a register and login page, and with salt as well.


Using md5...

Posted Image
Was This Post Helpful? 0
  • +
  • -

#9 Viper2KX  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 195
  • Joined: 25-January 09

Re: Cannot Login

Posted 23 April 2014 - 08:59 AM

View PostArtificialSoldier, on 23 April 2014 - 10:39 AM, said:

That means there is a fatal PHP error. Add this to the top of your PHP code to make sure error messages are showing up:
ini_set('display_errors', 1);error_reporting(E_ALL);


That helps, error is on line 18. Undefined method mysqli::num_rows().
I have already started doing research. I think I should be able to figure it out now.

Will post again if I can't.
Was This Post Helpful? 0
  • +
  • -

#10 ArtificialSoldier  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 357
  • View blog
  • Posts: 1,289
  • Joined: 15-January 14

Re: Cannot Login

Posted 23 April 2014 - 09:24 AM

I'll give you a hint. The number of rows is a property of the result set, not the database connection.
Was This Post Helpful? 1
  • +
  • -

#11 astonecipher  Icon User is offline

  • Major DIC Head
  • member icon

Reputation: 609
  • View blog
  • Posts: 2,738
  • Joined: 03-December 12

Re: Cannot Login

Posted 23 April 2014 - 10:19 AM

You are also missing

session_start()

Then trying to create session variables. session_start should be the first thing send, literally the next thing after your opening Php tag. And every page that uses the session variables, member content, should also include it.


The next thing is to use prepared statements, without them, someone could do something as simple as logging in without having access, to deleting your database.

This post has been edited by astonecipher: 23 April 2014 - 10:21 AM

Was This Post Helpful? 0
  • +
  • -

#12 Viper2KX  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 195
  • Joined: 25-January 09

Re: Cannot Login

Posted 23 April 2014 - 05:00 PM

In the midst of my research, I'm seeing Session control with cookies tutorial.
Like this link: PHP Tutorial: Session Control and Cookies

I know its up to me, but what benefit does this give?
I know that cookies keep data of being logged in on your computer after you close the window... but is it worth the extra code?
Was This Post Helpful? 0
  • +
  • -

#13 astonecipher  Icon User is offline

  • Major DIC Head
  • member icon

Reputation: 609
  • View blog
  • Posts: 2,738
  • Joined: 03-December 12

Re: Cannot Login

Posted 23 April 2014 - 06:02 PM

Cookies are a client side remembrance where as sessions are server side. Cookies can be manipulated, sessions are more secure.

Not to say they are not sessions can not be tampered with, but they are stored on the server
Was This Post Helpful? 0
  • +
  • -

#14 Viper2KX  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 195
  • Joined: 25-January 09

Re: Cannot Login

Posted 23 April 2014 - 06:18 PM

View Postastonecipher, on 23 April 2014 - 08:02 PM, said:

Cookies are a client side remembrance where as sessions are server side. Cookies can be manipulated, sessions are more secure.

Not to say they are not sessions can not be tampered with, but they are stored on the server


That's all I needed to know. Thanks.
Was This Post Helpful? 0
  • +
  • -

#15 Viper2KX  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 195
  • Joined: 25-January 09

Re: Cannot Login

Posted 23 April 2014 - 07:39 PM

Ok, this is really frustrating.

All Google is throwing at me is PDO and MySQL extension - oh and super long tutorials that use MD5 for encryption.

The closest I got to any actual help was mention of my query wrong. What the guy and I had were identical, as well as
if($mysqli->num_rows($result) == 0) {
    header('Location: login.php');
}



I've changed mine to what was posted and marked as 'SOLVED', the code didn't work for me so I hit Ctrl-Z a few times.
I can't post the link because it was opened with incognito.

I've posted my code, and its only a few line that I need to change tops.
Could I please get the modifications I need to do?
Was This Post Helpful? 0
  • +
  • -

  • (3 Pages)
  • +
  • 1
  • 2
  • 3