Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hello Larry,

 

E-com 2 edition is more developed and therefore more interesting than 1. 

 
I have a connection problem with the login. Registration and works well in the database. But if I want to log, I get an error as if the password db could not be read. 
Can you give me a track for research. 
Thank you in advance 
 
Congratulations for your work
 
 

see my file, so it looks like yours.

 

The message is 

"The email address and password1" so it's the password problem

<?php
$login_errors = array();
//validation
if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
	$e = escape_data($_POST['email'], $dbc);
	}else{
	$login_errors['email'] = 'SVP, email valide';
	}
	
if(!empty($_POST['pass'])){
	$p = $_POST['pass'];
	}else{
	$login_errors['pass'] = 'SVP, password valide';
	}

if(empty($login_errors)){
// Query the database:
	$q = "SELECT id, username, type, pass, IF(date_expires >= NOW(), true, false) AS expired FROM users WHERE email='$e'";
	$r = mysqli_query($dbc, $q);

	if (mysqli_num_rows($r) === 1) { // A match was made.

		// Get the data:
		$row = mysqli_fetch_array($r, MYSQLI_ASSOC); 
		
		// Validate the password:
		 		include('./is/lib/password.php');		 		
			if(password_verify($p,$row['pass'])) { // Correct!
			
			// If the user is an administrator, create a new session ID to be safe:
			// This code is created at the end of Chapter 4:
			if ($row['type'] === 'admin') {
				session_regenerate_id(true);
				$_SESSION['user_admin'] = true;
			}
		
			// Store the data in a session:
			$_SESSION['user_id'] = $row['id'];
			$_SESSION['username'] = $row['username'];

			// Only indicate if the user's account is not expired:
			//if ($row['expired'] == true) $_SESSION['user_not_expired'] = true;
			if ($row['expired'] ===1) $_SESSION['user_not_expired'] = true;
			
			} else { // Right email address, invalid password.
			$login_errors['login'] = 'The email address and password1.';
			
		}
	
	} else { // No match was made. (technically, only the email address failed)
		$login_errors['login'] = 'The email address and password do not match those on file2.';
	}
	
} // End of $login_errors IF.

Share this post


Link to post
Share on other sites

Laurent,

 

This is Larry's code verbatim, and I know it works, so the problem could be with how the password is originally stored.  Do you have the pass field set up as a varchar (255)?  Are you using Larry's code (i.e. the BCRYPT algorithm) to store the password?

 

Also, what version of php are you running?

 

Matt

  • Upvote 2

Share this post


Link to post
Share on other sites

Hello Matt,

Thanks for help 

 

yes, I am sure that this code should work, but I do not understand where is the problem

 

for the pass i use in table:

varbinary(32)

 

so i test a view of the query with a wrong file path for BCRYPT function and i see 

 

my sql-pass in the table is well

$2y$10$X7Op3wr8KrHpuW/RYh85zue6U

 

and the password for login is that: CODEadmin111

 

email also 

admin admin@admin.fr

I don't understand where is the bug ? 

 

i think that my php version is fine : 5.4.4

 

the totality of the error :

An error occurred in script '/Applications/MAMP/htdocs/originalr/html/is/login.inc.php' on line 27:
include(): Failed opening '../is/lib/password.php' for inclusion (include_path='.:/Applications/MAMP/bin/php/php5.4.4/lib/php')
Array

(

    [0] => Array

        (

            [file] => /Applications/MAMP/htdocs/originalr/html/is/login.inc.php

            [line] => 27

            [function] => my_error_handler_lv

            [args] => Array

                (

                    [0] => 2

                    [1] => include(): Failed opening '../is/lib/password.php' for inclusion (include_path='.:/Applications/MAMP/bin/php/php5.4.4/lib/php')

                    [2] => /Applications/MAMP/htdocs/originalr/html/is/login.inc.php

                    [3] => 27

                    [4] => Array

                        (

                            [_GET] => Array

                                (

                                )



                            [_POST] => Array

                                (

                                    [email] => admin@admin.fr

                                    [pass] => CODEadmin111

                                )



                            [_COOKIE] => Array

                                (

                                    [PHPSESSID] => f9360bd0ea36577e4e07d3ecb21f374a

                                    [SQLiteManager_currentLangue] => 1

                                )



                            [_FILES] => Array

                                (

                                )



                            [_SERVER] => Array

                                (

                                    [HTTP_HOST] => localhost:8888

                                    [HTTP_ORIGIN] => http://localhost:8888

                                    [HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10

                                    [CONTENT_TYPE] => application/x-www-form-urlencoded

                                    [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

                                    [HTTP_CACHE_CONTROL] => max-age=0

                                    [HTTP_REFERER] => http://localhost:8888/originalr/html/index.php

                                    [HTTP_DNT] => 1

                                    [HTTP_ACCEPT_LANGUAGE] => fr-fr

                                    [HTTP_ACCEPT_ENCODING] => gzip, deflate

                                    [HTTP_COOKIE] => PHPSESSID=f9360bd0ea36577e4e07d3ecb21f374a; SQLiteManager_currentLangue=1

                                    [CONTENT_LENGTH] => 40

                                    [HTTP_CONNECTION] => keep-alive

                                    [PATH] => /usr/bin:/bin:/usr/sbin:/sbin

                                    [SERVER_SIGNATURE] => 

                                    [SERVER_SOFTWARE] => Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8y DAV/2 PHP/5.4.4

                                    [SERVER_NAME] => localhost

                                    [SERVER_ADDR] => 127.0.0.1

                                    [SERVER_PORT] => 8888

                                    [REMOTE_ADDR] => 127.0.0.1

                                    [DOCUMENT_ROOT] => /Applications/MAMP/htdocs

                                    [SERVER_ADMIN] => you@example.com

                                    [SCRIPT_FILENAME] => /Applications/MAMP/htdocs/originalr/html/index.php

                                    [REMOTE_PORT] => 52357

                                    [GATEWAY_INTERFACE] => CGI/1.1

                                    [SERVER_PROTOCOL] => HTTP/1.1

                                    [REQUEST_METHOD] => POST

                                    [QUERY_STRING] => 

                                    [REQUEST_URI] => /originalr/html/index.php

                                    [SCRIPT_NAME] => /originalr/html/index.php

                                    [PHP_SELF] => /originalr/html/index.php

                                    [REQUEST_TIME_FLOAT] => 1394641095.98

                                    [REQUEST_TIME] => 1394641095

                                    [argv] => Array

                                        (

                                        )



                                    [argc] => 0

                                )



                            [_SESSION] => Array

                                (

                                    [user_not_expired] => 1

                                )



                            [dbc] => mysqli Object

                                (

                                    [affected_rows] => -1

                                    [client_info] => 5.5.25

                                    [client_version] => 50525

                                    [connect_errno] => 0

                                    [connect_error] => 

                                    [errno] => 0

                                    [error] => 

                                    [error_list] => Array

                                        (

                                        )



                                    [field_count] => 5

                                    [host_info] => Localhost via UNIX socket

                                    [info] => 

                                    [insert_id] => 0

                                    [server_info] => 5.5.25

                                    [server_version] => 50525

                                    [stat] => Uptime: 2151  Threads: 1  Questions: 154  Slow queries: 0  Opens: 51  Flush tables: 1  Open tables: 44  Queries per second avg: 0.071

                                    [sqlstate] => 00000

                                    [protocol_version] => 10

                                    [thread_id] => 30

                                    [warning_count] => 0

                                )



                            [login_errors] => Array

                                (

                                )



                            [e] => admin@admin.fr

                            [p] => CODEadmin111

                            [q] => SELECT id, username, type, pass, IF(date_expires >= NOW(), true, false) AS expired FROM users WHERE email='admin@admin.fr'

                            [r] => mysqli_result Object

                                (

                                    [current_field] => 0

                                    [field_count] => 5

                                    [lengths] => Array

                                        (

                                            [0] => 2

                                            [1] => 5

                                            [2] => 5

                                            [3] => 32

                                            [4] => 1

                                        )



                                    [num_rows] => 1

                                    [type] => 0

                                )



                            [row] => Array

                                (

                                    [id] => 11

Share this post


Link to post
Share on other sites

Re hello Matt,

 

 

After your post, I review the user table for row "pass" and I turned to VARCHAR (255), i rewrite the register for users and now it works.
Perfect, not any problem, login function works perfectly. 
Thank you for the check up. 
cordially

Share this post


Link to post
Share on other sites

Laurent,

 

Glad you were able to figure it out!  I have been through the same frustrating situations as you many times and it always comes down to some careless oversight (and it's usually the last place you think the problem is too).

 

Setting the correct column type and length for a field storing a hashed password is very important if you want to get back the same value that you originally put in the database.

 

Enjoy the rest of the book!

 

Matt

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...