Page 1 of 1

Cannot login to access details

Posted: Sat Mar 15, 2008 7:57 am
by khushbush
I'm trying to create a login part of my system and although the details are entered into MySQL...I can't seem to get it to login to the system to view my details. The error shown is 'Password not entered'.

I'm attaching the code below.

Where could I be going wrong?

/**
* login - The user has submitted his username and password
* through the login form, this function checks the authenticity
* of that information in the database and creates the session.
* Effectively logging in the user if all goes well.
*/
function login($subuser, $subpass, $subremember){
global $database, $form; //The database and form object

/* Username error checking */
$field = "username"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered");
}
else{
/* Check if username is not alphanumeric */
if(!eregi("^([0-9a-z])*$", $subuser)){
$form->setError($field, "* Username not alphanumeric");
}
}

/* Password error checking */
$field = "userPassword"; //Use field name for password
if(!$subpass){
$form->setError($field, "* Password not entered");
}

/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}

/* Checks that username is in database and password is correct */
$subuser = stripslashes($subuser);
$result = $database->confirmUserPass($subuser, md5($subpass));

/* Check error codes */
if($result == 1){
$field = "username";
$form->setError($field, "* Username not found");
}
else if($result == 2){
$field = "userPassword";
$form->setError($field, "* Invalid password");
}

/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}

/* Username and password correct, register session variables */
$this->userinfo = $database->getUserInfo($subuser);
$this->username = $_SESSION['username'] = $this->userinfo['username'];
$this->userid = $_SESSION['userid'] = $this->generateRandID();
$this->userlevel = $this->userinfo['userLevel'];

/* Insert userid into database and update active users table */
$database->updateUserField($this->username, "userid", $this->userid);
$database->addActiveUser($this->username, $this->time);
$database->removeActiveGuest($_SERVER['REMOTE_ADDR']);

/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his random value userid. It expires by the time
* specified in constants.php. Now, next time he comes to our site, we will
* log him in automatically, but only if he didn't log out before he left.
*/
if($subremember){
setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH);
}

/* Login completed successfully */
return true;
}

Re: Cannot login to access details

Posted: Sat Mar 15, 2008 8:37 am
by Chalks
khushbush wrote:

Code: Select all

 
      /* Username error checking */
      $field = "username";  //Use field name for username
      if(!$subuser || strlen($subuser = trim($subuser)) == 0){
         $form->setError($field, "* Username not entered");
      }
      else{
         /* Check if username is not alphanumeric */
         if(!eregi("^([0-9a-z])*$", $subuser)){
            $form->setError($field, "* Username not alphanumeric");
         }
      }
 
      /* Password error checking */
      $field = "userPassword";  //Use field name for password
      if(!$subpass){
         $form->setError($field, "* Password not entered");
      }
 
What are you trying to check with "!$subpass" and "!$subuser"? Are you trying to check if they are set and/or empty? If so, try using isset() and/or empty(). Also, try putting a few echos through your code to see how far you get, and which if statements you enter.