laurent vignaux Posted March 12, 2014 Share Posted March 12, 2014 Hello Larry, E-com 2 edition is more developed and therefore more interesting than 1. I have a connection problem with the login. Registration and works well in the database. But if I want to log, I get an error as if the password db could not be read. Can you give me a track for research. Thank you in advance Congratulations for your work see my file, so it looks like yours. The message is "The email address and password1" so it's the password problem <?php $login_errors = array(); //validation if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){ $e = escape_data($_POST['email'], $dbc); }else{ $login_errors['email'] = 'SVP, email valide'; } if(!empty($_POST['pass'])){ $p = $_POST['pass']; }else{ $login_errors['pass'] = 'SVP, password valide'; } if(empty($login_errors)){ // Query the database: $q = "SELECT id, username, type, pass, IF(date_expires >= NOW(), true, false) AS expired FROM users WHERE email='$e'"; $r = mysqli_query($dbc, $q); if (mysqli_num_rows($r) === 1) { // A match was made. // Get the data: $row = mysqli_fetch_array($r, MYSQLI_ASSOC); // Validate the password: include('./is/lib/password.php'); if(password_verify($p,$row['pass'])) { // Correct! // If the user is an administrator, create a new session ID to be safe: // This code is created at the end of Chapter 4: if ($row['type'] === 'admin') { session_regenerate_id(true); $_SESSION['user_admin'] = true; } // Store the data in a session: $_SESSION['user_id'] = $row['id']; $_SESSION['username'] = $row['username']; // Only indicate if the user's account is not expired: //if ($row['expired'] == true) $_SESSION['user_not_expired'] = true; if ($row['expired'] ===1) $_SESSION['user_not_expired'] = true; } else { // Right email address, invalid password. $login_errors['login'] = 'The email address and password1.'; } } else { // No match was made. (technically, only the email address failed) $login_errors['login'] = 'The email address and password do not match those on file2.'; } } // End of $login_errors IF. Link to comment Share on other sites More sharing options...
Matt Posted March 12, 2014 Share Posted March 12, 2014 Laurent, This is Larry's code verbatim, and I know it works, so the problem could be with how the password is originally stored. Do you have the pass field set up as a varchar (255)? Are you using Larry's code (i.e. the BCRYPT algorithm) to store the password? Also, what version of php are you running? Matt 2 Link to comment Share on other sites More sharing options...
laurent vignaux Posted March 12, 2014 Author Share Posted March 12, 2014 Hello Matt, Thanks for help yes, I am sure that this code should work, but I do not understand where is the problem for the pass i use in table: varbinary(32) so i test a view of the query with a wrong file path for BCRYPT function and i see my sql-pass in the table is well $2y$10$X7Op3wr8KrHpuW/RYh85zue6U and the password for login is that: CODEadmin111 email also admin admin@admin.fr I don't understand where is the bug ? i think that my php version is fine : 5.4.4 the totality of the error : An error occurred in script '/Applications/MAMP/htdocs/originalr/html/is/login.inc.php' on line 27: include(): Failed opening '../is/lib/password.php' for inclusion (include_path='.:/Applications/MAMP/bin/php/php5.4.4/lib/php') Array ( [0] => Array ( [file] => /Applications/MAMP/htdocs/originalr/html/is/login.inc.php [line] => 27 [function] => my_error_handler_lv [args] => Array ( [0] => 2 [1] => include(): Failed opening '../is/lib/password.php' for inclusion (include_path='.:/Applications/MAMP/bin/php/php5.4.4/lib/php') [2] => /Applications/MAMP/htdocs/originalr/html/is/login.inc.php [3] => 27 [4] => Array ( [_GET] => Array ( ) [_POST] => Array ( [email] => admin@admin.fr [pass] => CODEadmin111 ) [_COOKIE] => Array ( [PHPSESSID] => f9360bd0ea36577e4e07d3ecb21f374a [SQLiteManager_currentLangue] => 1 ) [_FILES] => Array ( ) [_SERVER] => Array ( [HTTP_HOST] => localhost:8888 [HTTP_ORIGIN] => http://localhost:8888 [HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10 [CONTENT_TYPE] => application/x-www-form-urlencoded [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 [HTTP_CACHE_CONTROL] => max-age=0 [HTTP_REFERER] => http://localhost:8888/originalr/html/index.php [HTTP_DNT] => 1 [HTTP_ACCEPT_LANGUAGE] => fr-fr [HTTP_ACCEPT_ENCODING] => gzip, deflate [HTTP_COOKIE] => PHPSESSID=f9360bd0ea36577e4e07d3ecb21f374a; SQLiteManager_currentLangue=1 [CONTENT_LENGTH] => 40 [HTTP_CONNECTION] => keep-alive [PATH] => /usr/bin:/bin:/usr/sbin:/sbin [SERVER_SIGNATURE] => [SERVER_SOFTWARE] => Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8y DAV/2 PHP/5.4.4 [SERVER_NAME] => localhost [SERVER_ADDR] => 127.0.0.1 [SERVER_PORT] => 8888 [REMOTE_ADDR] => 127.0.0.1 [DOCUMENT_ROOT] => /Applications/MAMP/htdocs [SERVER_ADMIN] => you@example.com [SCRIPT_FILENAME] => /Applications/MAMP/htdocs/originalr/html/index.php [REMOTE_PORT] => 52357 [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.1 [REQUEST_METHOD] => POST [QUERY_STRING] => [REQUEST_URI] => /originalr/html/index.php [SCRIPT_NAME] => /originalr/html/index.php [PHP_SELF] => /originalr/html/index.php [REQUEST_TIME_FLOAT] => 1394641095.98 [REQUEST_TIME] => 1394641095 [argv] => Array ( ) [argc] => 0 ) [_SESSION] => Array ( [user_not_expired] => 1 ) [dbc] => mysqli Object ( [affected_rows] => -1 [client_info] => 5.5.25 [client_version] => 50525 [connect_errno] => 0 [connect_error] => [errno] => 0 [error] => [error_list] => Array ( ) [field_count] => 5 [host_info] => Localhost via UNIX socket [info] => [insert_id] => 0 [server_info] => 5.5.25 [server_version] => 50525 [stat] => Uptime: 2151 Threads: 1 Questions: 154 Slow queries: 0 Opens: 51 Flush tables: 1 Open tables: 44 Queries per second avg: 0.071 [sqlstate] => 00000 [protocol_version] => 10 [thread_id] => 30 [warning_count] => 0 ) [login_errors] => Array ( ) [e] => admin@admin.fr [p] => CODEadmin111 [q] => SELECT id, username, type, pass, IF(date_expires >= NOW(), true, false) AS expired FROM users WHERE email='admin@admin.fr' [r] => mysqli_result Object ( [current_field] => 0 [field_count] => 5 [lengths] => Array ( [0] => 2 [1] => 5 [2] => 5 [3] => 32 [4] => 1 ) [num_rows] => 1 [type] => 0 ) [row] => Array ( [id] => 11 Link to comment Share on other sites More sharing options...
laurent vignaux Posted March 12, 2014 Author Share Posted March 12, 2014 Re hello Matt, After your post, I review the user table for row "pass" and I turned to VARCHAR (255), i rewrite the register for users and now it works. Perfect, not any problem, login function works perfectly. Thank you for the check up. cordially Link to comment Share on other sites More sharing options...
Matt Posted March 13, 2014 Share Posted March 13, 2014 Laurent, Glad you were able to figure it out! I have been through the same frustrating situations as you many times and it always comes down to some careless oversight (and it's usually the last place you think the problem is too). Setting the correct column type and length for a field storing a hashed password is very important if you want to get back the same value that you originally put in the database. Enjoy the rest of the book! Matt 1 Link to comment Share on other sites More sharing options...
Recommended Posts