Authenticatio problem
Posted: Sun Mar 30, 2003 5:39 pm
I have a problem logging into my site. I get an error saying that i have entered in the wrong username and/or password, but they are correct. The username and password are being posted correctly from the login form. the function is called by the following:
this is the class:
thanks in advance
donkey
Code: Select all
<?php
if(isset($_POST['invoke']) == 'Login') {
$auth = new authenticate();
$auth->login($_POST['username'], md5($_POST['password']));
$_POST = array();
echo "You are logged in.<br>You will be redirected shortly.";
echo "<meta http-equiv="refresh" content="3;URL=http://". $_SERVER['SERVER_NAME'] ."/index.php">"; // Go back to main page
} else { // Display login form ?>Code: Select all
<?php
class authenticate extends database {
var $sessionid;
function authenticate() {
parent::database();
$this->sessionid = session_id();
}
//
// Constructor and function that does most of the work
//
function authenticateUser($user, $pass) {
$query = "SELECT * FROM member_data WHERE username='". $user ."' AND password='". $pass ."'";
$result = parent::selectQuery($query, 'numRows');
if($result != 1) { // If the user doesn't exist or the password is incorect (aka if array returns as FALSE)
die("Wrong username and/or password"); // Kill script with message
} else { // If all is OK
$active = authenticate::checkActive($user); // Call checkActive function the see if user is enabled.
if($active == false) { // I user is disabled
die("User account is disabled. Contact Administration"); // Kill script with message
} else { // If user is active
return true; // Function returns TRUE
}
}
}
//
// Checks if the user is active
//
function checkActive($user) {
$query = "SELECT * FROM member_data WHERE username='". $user ."' AND active='enable'";
$numRows = parent::selectQuery($query, 'numRows'); // Call function in parent class 'database'
if($numRows == 1) { // If query returned value '1' (aka If user is active)
return true; // Return TRUE
} else { // If user is disabled
return false; // Return FALSE
}
}
function login($user, $pass) {
$auth = authenticate::authenticateUser($user, $pass);
if($auth == true) { // User authenticated
$query = "UPDATE sessions SET registered=1, reguser='". $user ."', lastAccess=". time() ." WHERE session_id='". $this->sessionid ."'";
mysql_query($query, $this->dblink) or die(mysql_error()); // Insert session into table in db
//
// Update the Cookie
//
sessions::newCookie($user, $pass);
authenticate::sessionVariable($user);
} else {
die(); // Just in case other ones don't work for some reason
}
}
function sessionVariable($user) {
$query = "SELECT username, accessPermitted FROM member_data WHERE username='". $user ."'";
$result = parent::selectQuery($query, 'resultArray');
if($result == false) {
die("Hmm... User doesn't exist!?! While trying to create session variable! Contact Administration");
}
$_SESSION['authdata'] = array("username"=>$username, "access"=>$row['accessPermitted']);
}
}
?>donkey