0

Hello you all, first time posting and I am new to php. My question is regarding my registration and log in script. I have successfully added new users to my database, however I am having a problem signing in. Below is my script for handling my login page, Below that is the actual login page. When entering correct information, no matter what, I am returning the invalid username/password function. I'm definitely stumped but I did try to figure it out.

Any help would be tremendous. Thank you.

<?php

class Login
{
  private $_id;
  private $_username;
  private $_password;
  private $_passmd5;

  private $_errors;
  private $_access;
  private $_login;
  private $_token;

  public function __construct()
  {
    $this->_errors = array();
    $this->_login  = isset($_POST['login'])? 1 : 0;
    $this->_access = 0;
    $this->_token  = $_POST['token'];

    $this->_id       = 0;
    $this->_username = ($this->_login)? $this->filter($_POST['username']) : $_SESSION['username'];
    $this->_password = ($this->_login)? $this->filter($_POST['password']) : '';
    $this->_passmd5  = ($this->_login)? md5($this->_password) : $_SESSION['password'];
  }

  public function isLoggedIn()
  {
    ($this->_login)? $this->verifyPost() : $this->verifySession();

    return $this->_access;
  }

  public function filter($var)
  {
    return preg_replace('/[^a-zA-Z0-9]/','',$var);
  }

  public function verifyPost()
  {
    try
    {
      if(!$this->isTokenValid())
         throw new Exception('Invalid Form Submission');

      if(!$this->isDataValid())
       throw new Exception('Invalid Form Data');

      if(!$this->verifyDatabase())
         throw new Exception('Invalid Username/Password');

    $this->_access = 1;
    $this->registerSession();
    }
    catch(Exception $e)
    {
      $this->_errors[] = $e->getMessage();
    }
  }

  public function verifySession()
  {
    if($this->sessionExist() && $this->verifyDatabase())
       $this->_access = 1;
  }

  public function verifyDatabase()
  {
    //Database Connection Data
    mysql_connect("localhost", "root", "") or die(mysql_error());
    mysql_select_db("") or die(mysql_error());

    $data = mysql_query("SELECT ID FROM users WHERE username = '{$this->_username}' AND password = '{$this->_passmd5}'");

    if(mysql_num_rows($data))
      {
        list($this->_id) = @array_values(mysql_fetch_assoc($data));
        return true;
      }
    else
      { return false; }  
  }

  public function isDataValid()
  {
  return (preg_match('/^[a-zA-Z0-9]{5,12}$/',$this->_username) && preg_match('/^[a-zA-Z0-9]{5,12}$/',$this->_password))? 1 : 0;
  }

  public function isTokenValid()
  {
    return (!isset($_SESSION['token']) || $this->_token != $_SESSION['token'])? 0 : 1;
  }

  public function registerSession()
  {
    $_SESSION['ID'] = $this->_id;
    $_SESSION['username'] = $this->_username;
    $_SESSION['password'] = $this->_passmd5;
  }

  public function sessionExist()
  {
    return (isset($_SESSION['username']) && isset($_SESSION['password']))? 1 : 0;
  }

  public function showErrors()
  {
    echo "<h3>Errors</h3>";

    foreach($this->_errors as $key=>$value)
      echo $value."<br>";
  }
}

?>

Here is the login page script.

<?php
session_start();

if(isset($_POST['login']))
{
  include('me-class.login.php');

  $login = new Login();

  if($login->isLoggedIn())
     header('location: /me-index.com');
  else
    $login->showErrors();

}
$token = $_SESSION['token'] = md5(uniqid(mt_rand(),true));
?>
<form method="POST" action="<?php echo $_SERVER['PHP_SELF'];?>">
<table>
 <tr><td>Username:</td><td><input type="text" name="username" /></td></tr>
 <tr><td>Password:</td><td><input type="password" name="password" /></td></tr>
</table>
<input type="hidden" name="token" value="<?php echo $token;?>" />
<input type="submit" name="login" value="Log In" />
</form>

<br/>

<form method="get" action="me-register.php">
	<input type="submit" name="Click To Register" value="Click To Register"/>
</form>

Thank you.

3
Contributors
7
Replies
10
Views
5 Years
Discussion Span
Last Post by hag++
0

try replacing

$data = mysql_query("SELECT ID FROM users WHERE username = '{$this->_username}' AND password = '{$this->_passmd5}'");

with

$data = mysql_query("SELECT ID FROM users WHERE username = '$this->_username' AND password = '$this->_passmd5'");

or

$data = mysql_query("SELECT ID FROM users WHERE username = '".$this->_username."' AND password = '".$this->_passmd5."'");
0

try replacing

$data = mysql_query("SELECT ID FROM users WHERE username = '{$this->_username}' AND password = '{$this->_passmd5}'");

with

$data = mysql_query("SELECT ID FROM users WHERE username = '$this->_username' AND password = '$this->_passmd5'");

or

$data = mysql_query("SELECT ID FROM users WHERE username = '".$this->_username."' AND password = '".$this->_passmd5."'");

Just tried them all, no luck... it triggered isDataValid() function...

0

Just tried them all, no luck... it triggered isDataValid() function...

making that change wouldn't cause isDataValid() to trigger most likely you probably didn't enter a "valid" username and password defined by you as letters or numbers with length 5-12 chars

0

making that change wouldn't cause isDataValid() to trigger most likely you probably didn't enter a "valid" username and password defined by you as letters or numbers with length 5-12 chars

I'm trying to understand what the problem is because my user name and password both satisfy the constraint.

I removed all users from the database and re registered with basic information.

0

I'm trying to understand what the problem is because my user name and password both satisfy the constraint.

I removed all users from the database and re registered with basic information.

what error are you getting

0

what error are you getting

My error is coming from the function:

if(!$this->verifyDatabase())
         throw new Exception('Invalid Username/Password');
0

I know this has been said before but I need to make sure you changed it. This line is incorrect:

$data = mysql_query("SELECT ID FROM users WHERE username = '{$this->_username}' AND password = '{$this->_passmd5}'");

Since the string is surrounded in double quotes you should not have curly brackets around $this->_username and $this->_passmd5. Did you remove those?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.