I've created a new member for a website (that I'm making for myself) to see if it works and when I register, I can get in, but when I go to log in after, it won't let me log in and I can re-create the same member multiple times.
The code that I have that's giving me the error is:
do_html_header('Warning:');
echo 'You have not filled the form out correctly. Please go back and try again.';
I can get in, but when I go to log in after, it won't let me log in
What you posted doesn't help. You need to post what you are doing before it gets to that point.
and I can re-create the same member multiple times.
If you are using a database (as opposed to a file), it sounds like you are missing a unique index on the username field.
The full if statement is
if ($username && $passwd) {
// they have just tried logging in
try {
login($username, $passwd);
// if they are in the database register the user id
$_SESSION['valid_user'] = $username;
}
catch(Exception $e) {
// unsuccessful login
do_html_header('Warning:');
echo 'You have not filled the form out correctly. Please go back and try again.';
//do_html_url('login.php', 'Login');
do_html_footer();
exit;
}
}
And I am using a database with a username field and I am using a unique index on it
OK, so clearly the login() function is throwing an exception. Print out the exception message within the catch clause so you know why the login is failing, and then inspect your login() function to see why it is throwing the error. It would help if you posted your login() function.
My login() function is
<p><a href="register_form.php">Not a member?</a></p>
<form method="post" action="member.php">
<table bgcolor="#cccccc">
<tr>
<td colspan="2">Members log in here:</td>
<tr>
<td>Username:</td>
<td><input type="text" name="username"/></td></tr>
<tr>
<td>Password:</td>
<td><input type="password" name="passwd"/></td></tr>
<tr>
<td colspan="2" align="center">
<input type="submit" value="Log in"/></td></tr>
<tr>
<td colspan="2"><a href="forgot_form.php">Forgot your password?</a></td>
</tr>
</table></form>
and the exception message is shown above
That is your login form (not your login() function), which is sending/submitting the username and password to member.php. So, in member.php you should have function login(...){...}. Based on one of your other posts, my guess is that it is defined in require_fns.php.
The login() function is
function login($username, $password) {
// check username and password with db
// if yes, return true
// else throw exception
// connect to db
$conn = db_connect();
// check if username is unique
$result = mysqli_query($conn, "select * from table where username='".$username."'and passwd = sha1('".$password."')");
if (!$result) {
throw new Exception('Could not log you in.');
}
if (mysqli_num_rows($result)>0) {
return true;
} else {
throw new Exception('Could not log you in.');
}
}
Try:
<?php
function login($username, $password)
{
// check username and password with db
// if yes, return true
// else throw exception
// connect to db
$conn = db_connect();
// check if username is unique
$result = mysqli_query($conn, "select * from table where `username`='" . mysqli_real_escape_string($username) . "' and `passwd` = sha1('" . mysqli_real_escape_string($password) . "')");
if (!$result)
{
// email yourself the error details
$to = 'yourUsername@domain.com';
$subject ='db error';
$message = 'DB Error: ' . mysqli_error($conn);
mysqli_close($conn);
mail($to, $subject, $message, "From: webmaster@yourDomain.com");
throw new Exception('Could not log you in.', __LINE__ );
}
if (mysqli_num_rows($result)>0)
{
return true;
}
else
{
throw new Exception( 'Could not log you in.', __LINE__);
}
}
If you update it to include your email address, it should email the details of the error. Your select statement needs an actual table name. You currently have table as the table name. You probably meant user (or something similar).
I've tried that, and it's given me Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given on line 47 twice which is the $result = mysqli_query($conn, "select * from table where username='" . mysqli_real_escape_string($username) . "' and passwd = sha1('" . mysqli_real_escape_string($password) . "')");
Ah, yes. The procedural style needs the connection handle. Try:
$result = mysqli_query($conn, "select * from table where `username`='" . mysqli_real_escape_string($conn,$username) . "' and `passwd` = sha1('" . mysqli_real_escape_string($conn,$password) . "')");
What do I do about the "From: webmaster@yourDomain.com" bit?
You can put your email address.
So I put it in twice? Because it's not sending me anything
Did you check your spam folder? If in fact it is not sending emails, then it's most likely a server configuration problem. If you are on a linux machine, try executing the following from a command line:
sudo setsebool -P httpd_can_sendmail 1
if you just want to see the error message (for purposes of troubleshooting your login() function, try:
...
$message = 'DB Error: ' . mysqli_error($conn);
die($message);
...
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.