PHP login error

Question

lukwagomedia 0 web devoloper

9 Years Ago

Hi everyone!
I know this problem has already been discussed but I use MYSQLI so I have different issue here.

My problem is:
I have coded a login page (my testing page) för a forum that I am creating.
But it doesn't work.
I have spent 4 days going through everything and have now scratched off all of my hair from my head ;)
Could anyone take a look and se what the problem is
Thank you very much.

<?php
// This section processes submissions from the login form
// Check if the form has been submitted:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//connect to database
require('dbconnection.php');
// Validate the email address
if (!empty($_POST['email'])) {
$e = mysqli_real_escape_string($dbcon, $_POST['email']);
} else {
$e = FALSE;
echo '<p class="error">You forgot to enter your email address.</p>';
}
// Validate the password
if (!empty($_POST['psword'])) {
$p = mysqli_real_escape_string($dbcon, $_POST['psword']);
} else {
$p = FALSE;
echo '<p class="error">You forgot to enter your password.</p>';
}
if ($e && $p){//if no problems
// Retrieve the user_id, first_name and user_level for that email/password combination
$q = "SELECT user_id, fname, user_level FROM members WHERE (email='$e' AND psword=SHA1('$p'))";
// Run the query and assign it to the variable $result
$result = mysqli_query ($dbcon, $q);
// Count the number of rows that match the email/password combination
if (@mysqli_num_rows($result) == 1) {//if one database row (record) matches the input:-
// Start the session, fetch the record and insert the three values in an array
session_start();
$_SESSION = mysqli_fetch_array ($result, MYSQLI_ASSOC);
// Ensure that the user level is an integer.
$_SESSION['user_level'] = (int) $_SESSION['user_level'];
// Use a ternary operation to set the URL
$url = ($_SESSION['user_level'] === 1) ? 'home.php' : 'member.php';
header('Location: ' . $url); // Make the browser load either the members’ or the admin page
exit(); // Cancel the rest of the script
mysqli_free_result($result);
mysqli_close($dbcon);
} else { // No match was made.
echo '<p class="error">The e-mail address and password entered do not match our records 
<br>Perhaps you need to register, just click the Register button on the header menu</p>';
}
} else { // If there was a problem.
echo '<p class="error">Please try again.</p>';
}
mysqli_close($dbcon);
} // End of SUBMIT conditional.
?>

And here is the login fields' table

<?php require ('dbconnection.php'); ?>
<form action="index.php" method="post">
<table cellpadding="1" cellspacing="1">
    <tr>
        <td>
            <label class="under_title">
        Your e-mail address 
            </label>
        </td>
        <td>
            <label class="under_title">
        Password
            </label>
        </td>
    </tr>
    <tr>
        <td>
            <input class="login_fields" type="text" id="email" name="email" value="<?php if(isset($_SESSION['email'])); echo $_POST['email']; ?>"
        </td>
        <td>
            <input class="login_fields" type="password" name="psword" value=""
        </td>
    </tr>
    <tr>
        <td colspan="2">
            <input class="login_button" name="login" id="login" type="submit" value="Login now">
        </td>
    </tr>
    <tr>
        <td>
            <a href="index.php" target="_self"> Forgot password?</a>
        </td>
        <td>
            <a href="register.php" target="_self"> Create account.</a>
        </td>
    </tr>
</table>
</form>

php

6 Contributors
11 Replies
302 Views
3 Months Discussion Span
Latest Post 9 Years Ago Latest Post by diafol

diafol

9 Years Ago

any chance you can indent yur php code. That is almost impossible to read.

phfilly 26 Junior Poster

9 Years Ago

Do you get any php/db/js error? You can switch it on by adding this to the php file you're using -> error_reporting(E_ALL); ini_set('display_errors', '0');

Edited 9 Years Ago by phfilly

Gideon_1 15 Junior Poster

9 Years Ago

What is the real error you are having? and If not a real error echo your sessions out and see whether they are working.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

lukwagomedia 0 web devoloper · Answer 1 · 2015-06-16T18:57:49+00:00

I have now cleaned up the code and hop it's readable, if that is what you meant!

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
require('dbconnection.php');
if (!empty($_POST['email']))
{
$e = mysqli_real_escape_string($dbcon, $_POST['email']);
} else {
$e = FALSE;
echo '<p class="error">You forgot to enter your email address.</p>';
}
if (!empty($_POST['psword'])) {
$p = mysqli_real_escape_string($dbcon, $_POST['psword']);
} else {
$p = FALSE;
echo '<p class="error">You forgot to enter your password.</p>';
}
if ($e && $p)
{
$q = "SELECT user_id, fname, user_level FROM members WHERE (email='$e' AND psword=SHA1('$p'))";
$result = mysqli_query ($dbcon, $q);
if (@mysqli_num_rows($result) == 1)
{
session_start();
$_SESSION = mysqli_fetch_array ($result, MYSQLI_ASSOC);
$_SESSION['user_level'] = (int) $_SESSION['user_level'];
$url = ($_SESSION['user_level'] === 1) ? 'home.php' : 'member.php';
header('Location: ' . $url);
exit();
mysqli_free_result($result);
mysqli_close($dbcon);
} else {
echo '<p class="error">The e-mail address and password entered do not match our records ?
<br>Perhaps you need to register, just click the Register button on the header menu</p>';
}
}else{
echo '<p class="error">Please try again.</p>';
}
mysqli_close($dbcon);
}
?>

lukwagomedia 0 web devoloper · Answer 2 · 2015-06-16T20:48:20+00:00

I added the string you gave and no error shows up.
The main problems is these:

(The e-mail address and password entered do not match our records
Perhaps you need to register, just click the Register button on the header menu)

{
session_start();
$_SESSION = mysqli_fetch_array ($result, MYSQLI_ASSOC);
$_SESSION['user_level'] = (int) $_SESSION['user_level'];
$url = ($_SESSION['user_level'] === 1) ? 'home.php' : 'member.php';
header('Location: ' . $url);
exit();
mysqli_free_result($result);
mysqli_close($dbcon);
} else {
echo '<p class="error">The e-mail address and password entered do not match our records ?
<br>Perhaps you need to register, just click the Register button on the header menu</p>';
}
}else{
echo '<p class="error">Please try again.</p>';
}

This error show up even if I use the correct login data!

pixelsoul 272 Red Pill Featured Poster · Answer 3 · 2015-06-16T21:25:24+00:00

This error show up even if I use the correct login data!

Well, to be fair, that really isn't an error message.
It's a message that you're echoing when @mysqli_num_rows($result) does not return a value of 1.

So you know that it is at least making it up to that point. The next thing I would do is output the data in the query that is being sent to the DB, and also the data that the query is returning. Looking at the session at this point won't do anything for you, because we know it isn't even making it to setting the session.

Edit: Also make sure you're not just copying and pasting the code from that book and expecting it to work, without understanding what each piece of the code is doing. It would completely defeat the purpose for the book altogether.

diafol · Answer 4 · 2015-06-16T21:59:43+00:00

I have now cleaned up the code and hop it's readable, if that is what you meant!

Well look at what you posted. Is it indented? No. You just took out the comments. This is indented:

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
    require('dbconnection.php');
    if (!empty($_POST['email']))
    {
        $e = mysqli_real_escape_string($dbcon, $_POST['email']);
    } else {
        $e = FALSE;
        echo '<p class="error">You forgot to enter your email address.</p>';
    }
    if (!empty($_POST['psword'])) {
        $p = mysqli_real_escape_string($dbcon, $_POST['psword']);
    } else {
        $p = FALSE;
        echo '<p class="error">You forgot to enter your password.</p>';
    }

Gideon_1 15 Junior Poster · Answer 5 · 2015-06-17T05:45:39+00:00

$q = "SELECT user_id, fname, user_level FROM members WHERE (email='$e' AND psword=SHA1('$p'))";

Why don't you hash psword separately and try again.

so
$psword = SHA1($p);

before

$q = "SELECT user_id, fname, user_level FROM members WHERE (email='$e' AND psword=$psword";

lukwagomedia 0 web devoloper · Answer 6 · 2015-06-22T21:00:55+00:00

Hej guys!
Thank you very much that you took your time and looked through my code.
I managed to detect the error and corrected it and now I can login to.
It was just one letter too many. ;)

Thank you anyway for your effort guys!

Brandon_12 0 Newbie Poster · Answer 7 · 2015-10-15T20:05:27+00:00

Hey, please i got thesane problem,
Can u tell me where the problem is ?

Thanks in advance

diafol · Answer 8 · 2015-10-15T20:48:05+00:00

You post your code and state your problem clearly. I doubt very much that your markup and code is identical to luk.