Hello you all, first time posting and I am new to php. My question is regarding my registration and log in script. I have successfully added new users to my database, however I am having a problem signing in. Below is my script for handling my login page, Below that is the actual login page. When entering correct information, no matter what, I am returning the invalid username/password function. I'm definitely stumped but I did try to figure it out.

Any help would be tremendous. Thank you.

<?php

class Login
{
  private $_id;
  private $_username;
  private $_password;
  private $_passmd5;

  private $_errors;
  private $_access;
  private $_login;
  private $_token;

  public function __construct()
  {
    $this->_errors = array();
    $this->_login  = isset($_POST['login'])? 1 : 0;
    $this->_access = 0;
    $this->_token  = $_POST['token'];

    $this->_id       = 0;
    $this->_username = ($this->_login)? $this->filter($_POST['username']) : $_SESSION['username'];
    $this->_password = ($this->_login)? $this->filter($_POST['password']) : '';
    $this->_passmd5  = ($this->_login)? md5($this->_password) : $_SESSION['password'];
  }

  public function isLoggedIn()
  {
    ($this->_login)? $this->verifyPost() : $this->verifySession();

    return $this->_access;
  }

  public function filter($var)
  {
    return preg_replace('/[^a-zA-Z0-9]/','',$var);
  }

  public function verifyPost()
  {
    try
    {
      if(!$this->isTokenValid())
         throw new Exception('Invalid Form Submission');

      if(!$this->isDataValid())
       throw new Exception('Invalid Form Data');

      if(!$this->verifyDatabase())
         throw new Exception('Invalid Username/Password');

    $this->_access = 1;
    $this->registerSession();
    }
    catch(Exception $e)
    {
      $this->_errors[] = $e->getMessage();
    }
  }

  public function verifySession()
  {
    if($this->sessionExist() && $this->verifyDatabase())
       $this->_access = 1;
  }

  public function verifyDatabase()
  {
    //Database Connection Data
    mysql_connect("localhost", "root", "") or die(mysql_error());
    mysql_select_db("") or die(mysql_error());

    $data = mysql_query("SELECT ID FROM users WHERE username = '{$this->_username}' AND password = '{$this->_passmd5}'");

    if(mysql_num_rows($data))
      {
        list($this->_id) = @array_values(mysql_fetch_assoc($data));
        return true;
      }
    else
      { return false; }  
  }

  public function isDataValid()
  {
  return (preg_match('/^[a-zA-Z0-9]{5,12}$/',$this->_username) && preg_match('/^[a-zA-Z0-9]{5,12}$/',$this->_password))? 1 : 0;
  }

  public function isTokenValid()
  {
    return (!isset($_SESSION['token']) || $this->_token != $_SESSION['token'])? 0 : 1;
  }

  public function registerSession()
  {
    $_SESSION['ID'] = $this->_id;
    $_SESSION['username'] = $this->_username;
    $_SESSION['password'] = $this->_passmd5;
  }

  public function sessionExist()
  {
    return (isset($_SESSION['username']) && isset($_SESSION['password']))? 1 : 0;
  }

  public function showErrors()
  {
    echo "<h3>Errors</h3>";

    foreach($this->_errors as $key=>$value)
      echo $value."<br>";
  }
}

?>

Here is the login page script.

<?php
session_start();

if(isset($_POST['login']))
{
  include('me-class.login.php');

  $login = new Login();

  if($login->isLoggedIn())
     header('location: /me-index.com');
  else
    $login->showErrors();

}
$token = $_SESSION['token'] = md5(uniqid(mt_rand(),true));
?>
<form method="POST" action="<?php echo $_SERVER['PHP_SELF'];?>">
<table>
 <tr><td>Username:</td><td><input type="text" name="username" /></td></tr>
 <tr><td>Password:</td><td><input type="password" name="password" /></td></tr>
</table>
<input type="hidden" name="token" value="<?php echo $token;?>" />
<input type="submit" name="login" value="Log In" />
</form>

<br/>

<form method="get" action="me-register.php">
	<input type="submit" name="Click To Register" value="Click To Register"/>
</form>

Thank you.

Recommended Answers

All 7 Replies

try replacing

$data = mysql_query("SELECT ID FROM users WHERE username = '{$this->_username}' AND password = '{$this->_passmd5}'");

with

$data = mysql_query("SELECT ID FROM users WHERE username = '$this->_username' AND password = '$this->_passmd5'");

or

$data = mysql_query("SELECT ID FROM users WHERE username = '".$this->_username."' AND password = '".$this->_passmd5."'");

try replacing

$data = mysql_query("SELECT ID FROM users WHERE username = '{$this->_username}' AND password = '{$this->_passmd5}'");

with

$data = mysql_query("SELECT ID FROM users WHERE username = '$this->_username' AND password = '$this->_passmd5'");

or

$data = mysql_query("SELECT ID FROM users WHERE username = '".$this->_username."' AND password = '".$this->_passmd5."'");

Just tried them all, no luck... it triggered isDataValid() function...

Just tried them all, no luck... it triggered isDataValid() function...

making that change wouldn't cause isDataValid() to trigger most likely you probably didn't enter a "valid" username and password defined by you as letters or numbers with length 5-12 chars

making that change wouldn't cause isDataValid() to trigger most likely you probably didn't enter a "valid" username and password defined by you as letters or numbers with length 5-12 chars

I'm trying to understand what the problem is because my user name and password both satisfy the constraint.

I removed all users from the database and re registered with basic information.

I'm trying to understand what the problem is because my user name and password both satisfy the constraint.

I removed all users from the database and re registered with basic information.

what error are you getting

what error are you getting

My error is coming from the function:

if(!$this->verifyDatabase())
         throw new Exception('Invalid Username/Password');

I know this has been said before but I need to make sure you changed it. This line is incorrect:

$data = mysql_query("SELECT ID FROM users WHERE username = '{$this->_username}' AND password = '{$this->_passmd5}'");

Since the string is surrounded in double quotes you should not have curly brackets around $this->_username and $this->_passmd5. Did you remove those?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.