Member Avatar for Djmann1013

I am having trouble with this code:

This is the init.inc.php file

<?php
//init.inc.php file
session_start();

$exceptions = array('signup', 'login', 'index');

$page = substr(end(explode( '/', $_SERVER['SCRIPT_NAME'])), 0, -4);

// SQL stuff.
mysql_connect('SQL host','username','password');
mysql_select_db('database name');

include('user.inc.php');

//$_SESSION['uid'] = 1;

if (isset($_COOKIE['username'], $_COOKIE['password'])){

     if (valid_credentials($_COOKIE['username'], $_COOKIE['password'])){
            $_SESSION['username'] = htmlentities($_COOKIE['username']);

                 setcookie('username', $_COOKIE['username'], time() + 3600);
                 setcookie('password', $_COOKIE['password'], time() + 3600);

     }

}


if (in_array($page, $exceptions) === false){
    if (isset($_SESSION['username']) === false){
     header( 'Location: login.php' );
     die();
}
}

This is the login.php file:

<?php
include('init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])){

   if (empty($_POST['username'])){
     $errors[] = 'The username field is empty.';
   }
   if (empty($_POST['password'])){
     $errors[] = 'The password field is empty.';
   }

  if (valid_credentials($_POST['username'], sha1($_POST['password'])) === false){
     $errors[] = 'Username or password is incorrect.';
   }

   if (empty($errors)){

    setcookie('username', $_POST['username'], time() + 3600);
    setcookie('password', sha1($_POST['password']), time() + 3600);

     $username = $_POST['username'];
     session_register("username");

     header( 'Location: home.php' );

   }
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html>

<body>

<form action="" method="post">
<p>

<?php
if (empty($errors) === false){

?>

<ul>

<?php

foreach ($errors as $error){
   echo "<center><li>[$error]</li></center>";
}

?>

</ul>

<?

}
?>

</p>
<input type="text" name="username" id="username" placeholder="Username" maxlength="40" value="<?php if (isset($_POST['username'])){ echo htmlentities($_POST['username']); } ?>"><br><br>

<input type="password" name="password" placeholder="Password"><br><br>

<input type="submit" value="Login">

</form>

</body>

</html>

The problem with this code is that it says my username/password is incorrect even though it is.......IDK what to do....Be glad if someone helped..

  • 2 Contributors
  • 3 Replies
  • 316 Views
  • 23 Hours Discussion Span
  • Latest Post Latest Post by Djmann1013
Member Avatar for klemme

Ok, it sound like it is your valid_credentials function, which returns that specific error:

if (valid_credentials($_POST['username'], sha1($_POST['password'])) === false){
 $errors[] = 'Username or password is incorrect.';
}

Have you made sure that you are also storing the password as a sha1 in the db, when your comparing the input with it?

=== equals, tjeck for identical values, and also types (int, string). I dont know if it makes a difference using == when you tjeck the return value of your function?

Or maybe post the function here too, as it seems to be the one returning the error :-)

Edited by klemme
Member Avatar for Djmann1013

This is my code on one page (init.inc.php):

if (isset($_COOKIE['username'], $_COOKIE['password'])){

     if (valid_credentials($_POST['username'], $_POST['password'])){
            $_SESSION['username'] = htmlentities($_COOKIE['username']);

                 setcookie('username', $_COOKIE['username'], time() + 3600);
                 setcookie('password', $_COOKIE['password'], time() + 3600);

     }

}

and this is the part of the code on the login.php page:

 if (valid_credentials($_POST['username'], sha1('password'))) === false){
    $errors[] = 'Username or password is incorrect.';
  }

I don't know if that will help....

Member Avatar for Djmann1013

Also this:

function valid_credentials($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);

$total = mysql_query("SELECT COUNT('user_id') FROM `users` WHERE `user_username` = '{$user}' AND `user_password` = '{$pass}'");

return (mysql_result($total, 0) == '1') ? true: false;

}
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.