Authenticatio problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
bionicdonkey
Forum Contributor
Posts: 132
Joined: Fri Jan 31, 2003 2:28 am
Location: Sydney, Australia
Contact:

Authenticatio problem

Post by bionicdonkey »

I have a problem logging into my site. I get an error saying that i have entered in the wrong username and/or password, but they are correct. The username and password are being posted correctly from the login form. the function is called by the following:

Code: Select all

<?php
if(isset($_POST['invoke']) == 'Login') {
	$auth = new authenticate();
	$auth->login($_POST['username'], md5($_POST['password']));
	$_POST = array();
	echo "You are logged in.<br>You will be redirected shortly.";
	echo "<meta http-equiv="refresh" content="3;URL=http://". $_SERVER['SERVER_NAME'] ."/index.php">"; // Go back to main page
} else { // Display login form ?>
this is the class:

Code: Select all

<?php
class authenticate extends database {

	var $sessionid;
	
	function authenticate() {
		parent::database();
		$this->sessionid = session_id();
	}
	
	//
	// Constructor and function that does most of the work
	//
	function authenticateUser($user, $pass) {
		$query = "SELECT * FROM member_data WHERE username='". $user ."' AND password='". $pass ."'";
		$result = parent::selectQuery($query, 'numRows');
		if($result != 1) { // If the user doesn't exist or the password is incorect (aka if array returns as FALSE)
			die("Wrong username and/or password"); // Kill script with message
		} else { // If all is OK
			$active = authenticate::checkActive($user); // Call checkActive function the see if user is enabled.
			if($active == false) { // I user is disabled
				die("User account is disabled. Contact Administration"); // Kill script with message
			} else { // If user is active
				return true; // Function returns TRUE
			}
		}
	}
	
	//
	// Checks if the user is active
	//
	function checkActive($user) {
		$query = "SELECT * FROM member_data WHERE username='". $user ."' AND active='enable'";
		$numRows = parent::selectQuery($query, 'numRows'); // Call function in parent class 'database'
		if($numRows == 1) { // If query returned value '1' (aka If user is active)
			return true; // Return TRUE
		} else { // If user is disabled
			return false; // Return FALSE
		}
	}
	
	function login($user, $pass) {
		$auth = authenticate::authenticateUser($user, $pass);
		if($auth == true) { // User authenticated
			$query = "UPDATE sessions SET registered=1, reguser='". $user ."', lastAccess=". time() ." WHERE session_id='". $this->sessionid ."'";
			mysql_query($query, $this->dblink) or die(mysql_error()); // Insert session into table in db
			//
			// Update the Cookie
			//
			sessions::newCookie($user, $pass);
			authenticate::sessionVariable($user);
		} else {
			die(); // Just in case other ones don't work for some reason
		}
	}
	
	function sessionVariable($user) {
		$query = "SELECT username, accessPermitted FROM member_data WHERE username='". $user ."'";
		$result = parent::selectQuery($query, 'resultArray');
		if($result == false) {
			die("Hmm... User doesn't exist!?! While trying to create session variable! Contact Administration");
		}
		$_SESSION['authdata'] = array("username"=>$username, "access"=>$row['accessPermitted']);
	}
}

?>
thanks in advance
donkey
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

$result = parent::selectQuery($query, 'numRows');
is it possible to trace database/sql-errors that might occur, like mysql_error()?
Maybe the script should print the query for debug purposes.
The usual printf-debugger and 'try to get more error descriptions' stuff ;)
bionicdonkey
Forum Contributor
Posts: 132
Joined: Fri Jan 31, 2003 2:28 am
Location: Sydney, Australia
Contact:

Post by bionicdonkey »

i have used mysql_error() in all my main db operations. i did have echo $query; and also echo $user."-".$pass; but they were working properly. i'll add them back in and see what happens.
Post Reply