convo2k3

Nevermind Larry! I made a stupid mistake and wrongly named the element in my login_error array. Thanks anyway! You made me look at the code again when I was trying to describe it to you and it provided a lot of help!

Hi Larry, thank you for the prompt reply and sorry about not reading the guidelines earlier. I am using php version 5.3.1. I was following the Logging In script in chapter 4 of Effortless E-commerce. I made slight changes to the script you provided. The changes were: 1. Instead of using the create_password_hash function in your script, I replaced it with my own function which would create a salt based on the time of registration for each user. For that reason, I had to fetch the salt from my database before I could verify the password. 2. I switched the user_level format in the database from enum to tinyint and planned on using '0' and '1' for user levels. The logic of the code changes I made, at least to me, was to check if there were if login_errors was empty. If it was, then I would fetch the salt and password in the database if the user's email existed. Then I compared the database password to the hashed password the user just inputted. If the passwords didn't match, then that error would be logged into the array login_errors. I hope that helps!

Hi Larry and all, I've been stumped by this for several days now and I don't know why it's not working properly. Please excuse my lack of expertise with php, I've just started! The problem is I cannot get the last line of code to show up properly. I'm talking about $login_errors['login'] = 'The email address and password do not match those on file.'; When I test and I purposely enter a wrong password, the warning does not show up. Can you please help me find out why??? Much appreciated! if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (preg_match ('/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,6}$/', $trimmed['email'])) { $uemail = mysqli_real_escape_string ($dbc, $trimmed['email']); } else { $login_errors['email'] = '<br /><small class="errors">Please enter a valid email address!</small>'; } if (preg_match ('/^\w{4,20}$/', $trimmed['upword'])) { $p = mysqli_real_escape_string($dbc, $trimmed['upword']); } else { $login_errors['upword'] = '<br /><small class="errors">Please enter your password! (Must be at least 4 characters long)</small>'; } if (empty($login_errors)) { $q1 = "SELECT user_id, user_level, username, salt, pass FROM users WHERE (email='$uemail')"; $r1 = mysqli_query($dbc, $q1); if (mysqli_num_rows($r1)) { $row = mysqli_fetch_assoc($r1); $login_p = sha1($p . $row['salt']); if ($login_p === $row['pass']){ if ($row[1] == 1) { session_regenerate_id(true); $_SESSION['user_admin'] = true; } $_SESSION['user_id'] = $row[0]; $_SESSION['username'] = $row[2]; header ("Location: index.php"); } else { // No match was made. $login_errors['login'] = 'The email address and password do not match those on file.'; } } } } include('admin/includes/form_functions.inc.php');