0

I've created a new member for a website (that I'm making for myself) to see if it works and when I register, I can get in, but when I go to log in after, it won't let me log in and I can re-create the same member multiple times.

The code that I have that's giving me the error is:

do_html_header('Warning:');
echo 'You have not filled the form out correctly. Please go back and try again.';
2
Contributors
13
Replies
30
Views
1 Year
Discussion Span
Last Post by hielo
0

I can get in, but when I go to log in after, it won't let me log in

What you posted doesn't help. You need to post what you are doing before it gets to that point.

and I can re-create the same member multiple times.

If you are using a database (as opposed to a file), it sounds like you are missing a unique index on the username field.

0

The full if statement is

if ($username && $passwd) {
// they have just tried logging in
  try  {
    login($username, $passwd);
    // if they are in the database register the user id
    $_SESSION['valid_user'] = $username;
  }
  catch(Exception $e)  {
    // unsuccessful login
    do_html_header('Warning:');
    echo 'You have not filled the form out correctly. Please go back and try again.';
    //do_html_url('login.php', 'Login');
    do_html_footer();
    exit;
  }
}

And I am using a database with a username field and I am using a unique index on it

0

OK, so clearly the login() function is throwing an exception. Print out the exception message within the catch clause so you know why the login is failing, and then inspect your login() function to see why it is throwing the error. It would help if you posted your login() function.

Edited by hielo

0

My login() function is

  <p><a href="register_form.php">Not a member?</a></p>
  <form method="post" action="member.php">
  <table bgcolor="#cccccc">
   <tr>
     <td colspan="2">Members log in here:</td>
   <tr>
     <td>Username:</td>
     <td><input type="text" name="username"/></td></tr>
   <tr>
     <td>Password:</td>
     <td><input type="password" name="passwd"/></td></tr>
   <tr>
     <td colspan="2" align="center">
     <input type="submit" value="Log in"/></td></tr>
   <tr>
     <td colspan="2"><a href="forgot_form.php">Forgot your password?</a></td>
   </tr>
 </table></form>

and the exception message is shown above

Edited by MatthewYeend

0

That is your login form (not your login() function), which is sending/submitting the username and password to member.php. So, in member.php you should have function login(...){...}. Based on one of your other posts, my guess is that it is defined in require_fns.php.

Edited by hielo

0

The login() function is

function login($username, $password) {
// check username and password with db
// if yes, return true
// else throw exception

  // connect to db
  $conn = db_connect();

  // check if username is unique
  $result = mysqli_query($conn, "select * from table where username='".$username."'and passwd = sha1('".$password."')");
  if (!$result) {
     throw new Exception('Could not log you in.');
  }

  if (mysqli_num_rows($result)>0) {
     return true;
  } else {
     throw new Exception('Could not log you in.');
  }
}

Edited by MatthewYeend

0

Try:

<?php
function login($username, $password)
{
    // check username and password with db
    // if yes, return true
    // else throw exception
    // connect to db
    $conn = db_connect();

    // check if username is unique
    $result = mysqli_query($conn, "select * from table where `username`='" . mysqli_real_escape_string($username) . "' and `passwd` = sha1('" . mysqli_real_escape_string($password) . "')");

    if (!$result)
    {
        // email yourself the error details
        $to = 'yourUsername@domain.com';
        $subject ='db error';
        $message = 'DB Error: ' . mysqli_error($conn);
        mysqli_close($conn);

        mail($to, $subject, $message, "From: webmaster@yourDomain.com");

        throw new Exception('Could not log you in.', __LINE__ );
    }

    if (mysqli_num_rows($result)>0)
    {
        return true;
    }
    else
    {
        throw new Exception( 'Could not log you in.', __LINE__);
    }
}

If you update it to include your email address, it should email the details of the error. Your select statement needs an actual table name. You currently have table as the table name. You probably meant user (or something similar).

0

I've tried that, and it's given me Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given on line 47 twice which is the $result = mysqli_query($conn, "select * from table where username='" . mysqli_real_escape_string($username) . "' and passwd = sha1('" . mysqli_real_escape_string($password) . "')");

0

Ah, yes. The procedural style needs the connection handle. Try:

 $result = mysqli_query($conn, "select * from table where `username`='" . mysqli_real_escape_string($conn,$username) . "' and `passwd` = sha1('" . mysqli_real_escape_string($conn,$password) . "')");
0

So I put it in twice? Because it's not sending me anything

Edited by MatthewYeend

0

Did you check your spam folder? If in fact it is not sending emails, then it's most likely a server configuration problem. If you are on a linux machine, try executing the following from a command line:

sudo setsebool -P httpd_can_sendmail 1

if you just want to see the error message (for purposes of troubleshooting your login() function, try:

...
$message = 'DB Error: ' . mysqli_error($conn);
die($message);
...
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.