php not recognizing password
Posted: Tue Mar 30, 2010 5:48 pm
Ive had to make a couple of changes to my database and ive had to implement these changes in my code. Now (for some reason) when I run my old working script it checks the database for the user name and password...passes for the username but has trouble resolving the password...i feel its a simple fix just need a fresh pair of eyes...when it runs it says that the username is correct but i have an incorrect password(even when i entered a new password or fresh record) many thanks in advance devnet!
the username field in sql is user_id
the password field in sql is user_pass
here is the array
here is the login script
the username field in sql is user_id
the password field in sql is user_pass
here is the array
Code: Select all
$fields_1 = array("fusername" => "User Name",
"fpassword" => "Password"
);
$length_1 = array("fusername" => "10",
"fpassword" => "10"
);
here is the login script
Code: Select all
<?php
/* Program: Login.php
*/
session_start();
include("functions_main.inc");
$table_name = "users";
$next_program = "home.php";
switch (@$_POST['Button'])
{
case "Login":
$cxn = Connect_to_db("Vars.inc");
$sql = "SELECT user_id FROM $table_name
WHERE user_id='$_POST[fusername]'";
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute query 1");
$num = mysqli_num_rows($result);
if($num == 1)
{
$sql = "SELECT user_id FROM $table_name
WHERE user_id='".mysqli_real_escape_string($cxn,$_POST['fusername'])."'
AND user_pass=md5('$_POST[fpassword]')";
$result2 = mysqli_query($cxn,$sql)
or die("Couldn't execute query 2.");
$row = mysqli_fetch_assoc($result2);
if($row)
{
$_SESSION['auth']="yes";
$_SESSION['logname'] = mysqli_real_escape_string($cxn,$_POST['fusername']);
header("Location: $next_program");
}
else
{
/*this is the message that keeps displaying even though the password is correct*/
$message_1="The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.<br>";
extract($_POST);
include("fields_login.inc");
include("double_form.inc");
}
}
elseif ($num == 0) // login name not found
{
$message_1 = "The User Name you entered does not
exist! Please try again.<br>";
include("fields_login.inc");
include("double_form.inc");
}
break;
case "Register":
/* Check for blanks */
foreach($_POST as $field => $value)
{
if ($field != "fax")
{
if ($value == "")
{
$blanks[] = $field;
}
}
}
if(isset($blanks))
{
$message_2 = "The following fields are blank.
Please enter the required information: ";
foreach($blanks as $value)
{
$message_2 .="$value, ";
}
extract($_POST);
include("fields_login.inc");
include("double_form.inc");
exit();
}
/* validate data */
foreach($_POST as $field => $value)
{
if(!empty($value))
{
if(eregi("name",$field) and
!eregi("user",$field) and !eregi("log",$field))
{
if (!ereg("^[A-Za-z' -]{1,50}$",$value))
{
$errors[] = "$value is not a valid name.";
}
}
if(eregi("street",$field)or eregi("addr",$field) or
eregi("city",$field))
{
if(!ereg("^[A-Za-z0-9.,' -]{1,50}$",$value))
{
$errors[] = "$value is not a valid address
or city.";
}
}
if(eregi("state",$field))
{
if(!ereg("[A-Za-z]",$value))
{
$errors[] = "$value is not a valid state.";
}
}
if(eregi("email",$field))
{
if(!ereg("^.+@.+\\..+$",$value))
{
$errors[] = "$value is not a valid email
address.";
}
}
if(eregi("zip",$field))
{
if(!ereg("^[0-9]{5,5}(\-[0-9]{4,4})?$",$value))
{
$errors[] = "$value is not a valid zipcode.";
}
}
if(eregi("phone",$field) or eregi("fax",$field))
{
if(!ereg("^[0-9)(xX -]{7,20}$",$value))
{
$errors[] = "$value is not a valid phone
number. ";
}
}
}
}
foreach($_POST as $field => $value)
{
if($field != "Button")
{
if($field == "password")
{
$password = strip_tags(trim($value));
}
else
{
$fields[]=$field;
$value = strip_tags(trim($value));
$values[] = addslashes($value);
$$field = $value;
}
}
}
if(@is_array($errors))
{
$message_2 = "";
foreach($errors as $value)
{
$message_2 .= $value." Please try again<br />";
}
include("fields_login.inc");
include("double_form.inc");
exit();
}
$user_name = $_POST['user_name'];
/* check to see if user name already exists */
$cxn = Connect_to_db("Vars.inc");
$sql = "SELECT user_id FROM $table_name
WHERE user_id='$user_name'";
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute query.");
$num = mysqli_num_rows($result);
if ($num > 0)
{
$message_2 = "$user_name already used. Select another
User Name.";
include("fields_login.inc");
include("double_form.inc");
exit();
}
else
{
$today = date("Y-m-d");
$fields_str = implode(",",$fields);
$values_str = implode('","',$values);
$fields_str .=",create_date";
$values_str .='"'.",".'"'.$today;
$fields_str .=",password";
$values_str .= '"'.","."md5"."('".$password."')";
$sql = "INSERT INTO $table_name ";
$sql .= "(".$fields_str.")";
$sql .= " VALUES ";
$sql .= "(".'"'.$values_str.")";
mysqli_query($cxn,$sql) or die(mysqli_error($cxn));
$_SESSION['auth']="yes";
$_SESSION['logname'] = $user_name;
/* send email to new Customer */
$emess = "You have successfully registered. ";
$emess .= "Your new user name and password are: ";
$emess .= "\n\n\t$user_name\n\t";
$emess .= "password\n\n";
$emess .= "We appreciate your interest. \n\n";
$emess .= "If you have any questions or problems,";
$emess .= " email service@ourstore.com";
$subj = "Your new customer registration";
#$mailsend=mail("$email","$subj","$emess");
header("Location: $next_program?user='.$user_name");
}
break;
default:
include("fields_login.inc");
include("double_form.inc");
}
?>