convo2k3 Posted October 27, 2011 Share Posted October 27, 2011 Hi Larry and all, I've been stumped by this for several days now and I don't know why it's not working properly. Please excuse my lack of expertise with php, I've just started! The problem is I cannot get the last line of code to show up properly. I'm talking about $login_errors['login'] = 'The email address and password do not match those on file.'; When I test and I purposely enter a wrong password, the warning does not show up. Can you please help me find out why??? Much appreciated! if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (preg_match ('/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,6}$/', $trimmed['email'])) { $uemail = mysqli_real_escape_string ($dbc, $trimmed['email']); } else { $login_errors['email'] = '<br /><small class="errors">Please enter a valid email address!</small>'; } if (preg_match ('/^\w{4,20}$/', $trimmed['upword'])) { $p = mysqli_real_escape_string($dbc, $trimmed['upword']); } else { $login_errors['upword'] = '<br /><small class="errors">Please enter your password! (Must be at least 4 characters long)</small>'; } if (empty($login_errors)) { $q1 = "SELECT user_id, user_level, username, salt, pass FROM users WHERE (email='$uemail')"; $r1 = mysqli_query($dbc, $q1); if (mysqli_num_rows($r1)) { $row = mysqli_fetch_assoc($r1); $login_p = sha1($p . $row['salt']); if ($login_p === $row['pass']){ if ($row[1] == 1) { session_regenerate_id(true); $_SESSION['user_admin'] = true; } $_SESSION['user_id'] = $row[0]; $_SESSION['username'] = $row[2]; header ("Location: index.php"); } else { // No match was made. $login_errors['login'] = 'The email address and password do not match those on file.'; } } } } include('admin/includes/form_functions.inc.php'); Link to comment Share on other sites More sharing options...
Larry Posted October 27, 2011 Share Posted October 27, 2011 First of all, if you've just started using PHP, this is not the book for you. The book assumes complete comfort with standard PHP and MySQL. I just want to make that clear. Second, per the forums rules, it really helps if you provide all the requisite information, such as the versions in use. As for the particular problem, this is the kind of thing that will be hard for outsiders to debug, but to start, what debugging steps have you taken and what were the results? Link to comment Share on other sites More sharing options...
convo2k3 Posted October 27, 2011 Author Share Posted October 27, 2011 Hi Larry, thank you for the prompt reply and sorry about not reading the guidelines earlier. I am using php version 5.3.1. I was following the Logging In script in chapter 4 of Effortless E-commerce. I made slight changes to the script you provided. The changes were: 1. Instead of using the create_password_hash function in your script, I replaced it with my own function which would create a salt based on the time of registration for each user. For that reason, I had to fetch the salt from my database before I could verify the password. 2. I switched the user_level format in the database from enum to tinyint and planned on using '0' and '1' for user levels. The logic of the code changes I made, at least to me, was to check if there were if login_errors was empty. If it was, then I would fetch the salt and password in the database if the user's email existed. Then I compared the database password to the hashed password the user just inputted. If the passwords didn't match, then that error would be logged into the array login_errors. I hope that helps! Link to comment Share on other sites More sharing options...
convo2k3 Posted October 27, 2011 Author Share Posted October 27, 2011 Nevermind Larry! I made a stupid mistake and wrongly named the element in my login_error array. Thanks anyway! You made me look at the code again when I was trying to describe it to you and it provided a lot of help! Link to comment Share on other sites More sharing options...
Recommended Posts