Jump to content
Larry Ullman's Book Forums

Login Failing Using Chapter 16 Scripts


Recommended Posts

I'm still at a beginner level of programming with php and mysql but I do have an understanding of how the language works.

 

I keep getting my error message when trying to log in "You have entered and incorrect password or the user name does not exist or has not yet been activated."

 

here is the login.php script

 

<!--

 

<?php # login.php

 

require_once ('includes/config.php');

 

 

if (isset($_POST['submitted'])) {

require_once (MYSQL);

if (!empty($_POST['username'])) {

$u = mysqli_real_escape_string ($dbc, $_POST['username']);

} else {

$u = FALSE;

echo '<p class="error">You did not enter a user name.</p>';

}

if (!empty($_POST['password'])) {

$p = mysqli_real_escape_string ($dbc, $_POST['password']);

} else {

$p = FALSE;

echo '<p class="error">You did not enter a password.</p>';

}

if ($u && $p) {

$q = "SELECT userid, username, email FROM users WHERE (username='$u' AND password=SHA1('$p'))";

$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br/>MySQL Error: " . mysqli_error($dbc));

if (@mysqli_num_rows($r) == 1) {

$_COOKIE = mysqli_fetch_array ($r, MYSQLI_ASSOC);

mysqli_free_result($r);

mysqli_close($dbc);

$url = BASE_URL . 'index.php';

ob_end_clean();

header("Location: $url");

exit();

} else {

echo '<p class="error">You have entered and incorrect password or the user name does not exist or has not yet been activated.</p>';

}

} else {

echo '<p class="error">Please try again.</p>';

}

mysqli_close($dbc);

}

$page_title = 'Connect User Name With The Site';

include ('includes/header.php');

?>

<div id="login">

<h1>Login</h1>

<fieldset>

<form action="login.php" method="post">

<p><b>User Name:</b> <input type="text" name="username" size="20" maxlength="40"/></p>

<p><b>Password:</b> <input type="password" name="password" size="20" maxlength="32"/></p>

<input type="submit" name="submit" value="Go!"/>

<input type="hidden" name="submitted" value="TRUE"/>

</form>

</fieldset>

<?php

include ('includes/footer.html');

?>

 

-->

 

the config file is the same as in the chapter.

 

I have checked the users table in the correct database the username is correct and so is the password by calling a select to match to the password and it returns the user.

 

this is my header file

 

<!--

 

<?php # header.php

ob_start();

?>

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<title><?php echo $page_title; ?></title>

<link rel="stylesheet" href="includes/style.css" type="text/css" media="screen"/>

<meta http-equiv="content-type" content="text/html; charset=utf-8"/>

</head>

<body>

<div id="header">

<h1>Welcome To Site</h1>

<h2>Simple Logo.</h2>

</div>

<div id="navigation1">

<ul>

<li><a href="login.php">Login</a></li>

<li><a href="index.php">Home</a></li>

<li><a href="browse.php">Browse</a></li>

<li><a href="signup.php">Sign Up</a></li>

</ul>

</div>

<div id="adblock">

<ul>

<li>Advertise Here</li>

<li>Advertise Here</li>

<li>Advertise Here</li>

</ul>

</div>

<div id="content">

 

-->

 

footer file closes remaining tags and includes the ob_end_flush() function

 

I've re-written the script multiple times and even tried using the scripts from chapter 11 and still get a similar error, its as if its ignoring the input fields from the forms.

 

If anybody has some insight to my problem any help is very much appreciated :)

 

if it is any help this is my table setup for users

 

(

userid int(10) unsigned not null auto_increment,

email varchar(90) not null,

password char(32) not null,

username varchar(40) not null,

active char(32),

registrationdate datetime not null,

primary key (userid),

unique key (email),

unique key (username),

)

 

would using char instead of varchar for the password column cause a problem with the validation process, I know char will fill in the rest of the assigned characters with blank spaces but should be removed when it is called.

 

also I took out the and if active=null part of the query thinking that could of been a problem still didn't help.

Link to comment
Share on other sites

If you're receiving:

 

echo '<p class="error">You have entered and incorrect password or the user name does not exist or has not yet been activated.</p>';

 

It's the num_rows check that's failing (difficult to see, wrap your code in code tags in future) so easiest thing to do is echo out the value of $q (don't just assume you know what's being run) and run that directly in PHP MyAdmin to see what MySQL related issues are occurring.

 

It could be that you actually have 2 rows with the same details and hence it doesn't equal 1 but 2 etc...

 

Let us know the outcome of that

Link to comment
Share on other sites

I think i figured it out in the chapter 16 the database scheme larry put key (email, pass) I didn't put that key so in the query he had WHERE (email='$e' and pass=SHA1('$p')) since I didn't key my username and password my query should be WHERE username='$u' and password=SHA1('$p') pretty sure thats it I won't be able to check until I get to my laptop. maybe some insite on it before I get home I don't know if this is the cause it just struck me when I was reading through my post.

Link to comment
Share on other sites

Ok guys the problem is in the database, I've run multiple select queries they all turn up empty when I include the password column but if I select other columns from the row without apending the password column to the where clause. (edit) it returns a result (edit)

 

Could this be from using char instead of varchar? maybe because of the encryption of sha1 if its char sha1 uses a 32 character salt would it need an extra character like char(33)?

Link to comment
Share on other sites

  • 2 weeks later...

aaahhh ok still getting the failed to login message for

 

if ($u && $p) {

$q = "SELECT userid, username, email FROM users WHERE (username='$u' AND password=SHA1('$p')) AND active=null";

$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br/>MySQL Error: " . mysqli_error($dbc));

if (mysqli_num_rows($r) == 1) {

$_COOKIE = mysqli_fetch_array ($r, MYSQLI_ASSOC);

mysqli_free_result($r);

mysqli_close($dbc);

$url = BASE_URL . 'index.php';

ob_end_clean();

header("Location: $url");

exit();

} else {

echo '<p class="error">You have entered and incorrect password or the user name does not exist or has not yet been activated.</p>';

}

 

now I've checked the username and password and they are right and active=null in the database, the problem is in the query where it is AND active=null, without that line it works and redirects back to the main page.

Link to comment
Share on other sites

$q = "SELECT userid, username, email FROM users WHERE (username='$u' AND password=SHA1('$p')) AND active=null";

 

From the looks of it you need to change "active=null" to "active IS NULL".

 

$q = "SELECT userid, username, email FROM users WHERE (username='$u' AND password=SHA1('$p')) AND active IS NULL";

Link to comment
Share on other sites

ok still not working in my database the columns show up like this

 

Field-----------Type-----------Null------Key------Default------Extra--

userid---int(10)unsigned-----NO------PRI-------NULL----auto_increment

email-------varchar(90)-------NO------UNI-------NULL-----------------

password---char(40)---------YES-----------------NULL----------------

username---char(40)---------NO------UNI--------NULL---------------

active--------char(32)---------NO------------------NULL----------------

regdate-----datetime---------NO-------------------NULL----------------

Link to comment
Share on other sites

I've admittedly not read all this thread, perhaps I should have. Your problem is with the NULL field though I gather from a quick skim. But your table structure for active doesn't allow for it to be NULL. Which leads me to hazard a guess that you have NULL in your DB as a string not a NULL value. Also I'm not sure why password should be allowed to accept a null value? Apologies if this is not what your looking for, or if i'm incorrect.

Link to comment
Share on other sites

Hello,

 

Your DB structure is:

 

Field-----------Type-----------Null------Key------Default------Extra--

userid---int(10)unsigned-----NO------PRI-------NULL----auto_increment

email-------varchar(90)-------NO------UNI-------NULL-----------------

password---char(40)---------YES-----------------NULL----------------

username---char(40)---------NO------UNI--------NULL---------------

active--------char(32)---------NO------------------NULL----------------

regdate-----datetime---------NO-------------------NULL----------------

 

However, this is what my PHPMyAdmin says when I execute the SQL commands from Larry's file.

 

33z77et.png

 

 

Now that might not be the entire reason your script is failing, as I said I didn't really read the thread properly, which I have apologised for but I have been quite busy, but when I saw your structure it didn't seem right to me. Your SQL command should be more like this I would think. I have taken Larry's script and introduced the username for you with the same parameters and also taken out the first and last names as you seem to have done this also.

 


CREATE TABLE users (
user_id INT UNSIGNED NOT NULL AUTO_INCREMENT,
email VARCHAR(90) NOT NULL,
pass CHAR(40) NOT NULL,
username  CHAR(40) NOT NULL,
active CHAR(32),
registration_date DATETIME NOT NULL,
PRIMARY KEY (user_id),
UNIQUE KEY (email),
INDEX login (email, pass)
);

  • Upvote 1
Link to comment
Share on other sites

 Share

×
×
  • Create New...