Login script not working

watson100

Hello,

Im trying to code a login script but when i click login it doesnt display any of my coded error messages or anything and im not sure where im going wrong.
It stops on the login.php and im not sure why.

Here the login.php code -

<?php
include 'core/init.php';

if (empty($_POST) === false) {
	$username = $_POST['username'];
	$password = $_POST['password'];

if(empty($username) === true || empty($password) === true) {
	$errors[] = 'You need to enter a username and password';
} else if (user_exists($username) === false) {
	$errors[] = 'Incorrect Username';
} else {
	$login = login($username, $password);
	if ($login === false) { 
		$errors[] = 'Your username or password is incorrect';
	} else {
		$_SESSION['user_id'] = $login;
		header('Location: system/backend.php');
		exit();
	}
}
} else {
	header ('Location: http://system.pictogate.co.uk');
}
?>

If you want to test it out go to system.pictogate.co.uk.

bradgrafelman

watson100;11028945 wrote:
it doesnt display any of my coded error messages

That's because you never told PHP to do such a thing. You have instances where you add a string to an array called $errors, but you never do anything with that array (such as output all of its strings to the user).

watson100

I have, here is the index.php page and the functions.php page -

functions.php -

<?php
function sanitize($data) {
	return mysql_real_escape_string($data);
}

function output_errors($errors) {
	return '<ul><li>' . implode('</li><li>', $errors) . '</li></ul>';
} 
?>

index.php

<?php
include 'core/init.php';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Login To Systems</title>
<link rel="stylesheet" href="css/login.css" type="text/css" />
</head>

<body>
<?php
if (empty($errors) === false) {
	echo output_errors($errors);
}
?>
<div id="login_form">
<table id="login">
	<form action="login.php" method="post">
		<tr><td colspan="3" align="center"><div id="login_title">Login to Systems</div></td></tr>
		<tr><td align="center">Username</td><td align="center">:</td><td align="right"><input type="text" name="username" id="username" /></td></tr>
		<tr><td align="center">Password</td><td align="center">:</td><td align="right"><input type="password" name="password" id="password" /></td></tr>
		<tr><td>&nbsp;</td><td>&nbsp;</td><td align="right"><input type="submit" id="submit" value="Login" /></td></tr>	
	</form>
</table>
</div>
</body>
</html>

As you can see i have told it to output the errors.

bradgrafelman

watson100;11028951 wrote:
As you can see i have told it to output the errors.

I see you've told it to output any errors that occur on the index.php page... even though no errors could have possibly occurred there... but I don't see where you ever try to do the same for the login.php page.

watson100

So do you know how i can correct this code, because im trying various things but its still not working for me, so i believe i have to combine it into the login.php page but where about would i put it?

Strider64

The following code is incomplete and probably doesn't work as is, but it should get where you want to go? Maybe? ---->

<?php

/* Using PDO to connect to database */
$db_options = array(
		   PDO::ATTR_EMULATE_PREPARES => false                     // important! use actual prepared statements (default: emulate prepared statements)
		   , PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION           // throw exceptions on errors (default: stay silent)
		   , PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC      // fetch associative arrays (default: mixed arrays)
	   ); 		 
$pdo = new PDO('mysql:host=localhost;dbname=cms;charset=utf8', 'root', '*****', $db_options);
/* This can be your init.php - just a suggestion */

require ('core/init.php');

// A nice password hashing library:
// Find it here: https://github.com/ircmaxell/password_compat/blob/master/lib/password.php
// Read the Documentation for further help:
// Another suggestion...

include('includes/password.php');


if (isset($_POST['action']) && $_POST['action'] == 'register') {

$username = $_POST['username'];
$password = $_POST['password'];

// Using Regex to check username:
if (preg_match("/^[0-9a-zA-Z_]{5,}$/", $username) === 0) {
    $errMsg = '<p>Username must be bigger that 5 chars and contain only digits, letters and underscore<p>';
}

/* 
 *   You can sanitized your user's input here, but remember always validate the data first,
 *   before you santize your data.
 */	

// Using Regex to check password ( I use this on the registration portion, it might be overkill for login page???: 
if (preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $password) === 0) {
    $errMsg .= '<p>Password must be at least 8 characters, and must contain at least one lower case letter, one upper case letter and one digit.</p>';	    
}		       

// Login here, if form data is validated:
if(!$errMsg) {
	// Login if there are no errors code goes here:   			     
}

}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Login To Systems</title>
<link rel="stylesheet" href="css/login.css" type="text/css" />
</head>

<body>
<?php echo (isset($errMsg)) ? $errMsg : '<h1>User Login Page:</h1>'; ?>
<div id="login_form">
<table id="login">
    <form action="user_login" method="post">
        <input type="hidden" name="action" value="login" />
        <tr><td colspan="3" align="center"><div id="login_title">Login to Systems</div></td></tr>
        <tr><td align="center">Username</td><td align="center">:</td><td align="right"><input type="text" name="username" id="username" /></td></tr>
        <tr><td align="center">Password</td><td align="center">:</td><td align="right"><input type="password" name="password" id="password" /></td></tr>
        <tr><td>&nbsp;</td><td>&nbsp;</td><td align="right"><input type="submit" id="submit" value="Login" /></td></tr>    

    </form>
</table>
</div>
</body>
</html>

Bonesnap

watson100;11028955 wrote:
So do you know how i can correct this code, because im trying various things but its still not working for me, so i believe i have to combine it into the login.php page but where about would i put it?

Put the code you have on your index.php to output errors in your login.php page but after you do your error checking, otherwise it's not going to be of much use.