Hi there i have already posted asking for help but so far no responses. All of code is zipped in my other post but i will include my PHP code in this one, I am following the user_authentication tutorial from this site, so far i have it so it saves to the database but it doesnt recognise the user and wont let me log in using the correct details. Can someone please help me, ive been staring at this code for so long now that my head is going to explode.
User.php
<?
require_once(‘conf.inc.php’);
require_once(‘functions.php’);
// —
// register new user
// —
function register($username,$pass,$email,$question,$answer)
{
GLOBAL $db, $table;
$username = trim($username);
$pass = trim($pass);
$email = trim($email);
$question = addslashes(trim($question));
$answer = addslashes(trim($answer));
$validEmail = valid_email($email);
$validName = valid_userName($username);
$validPass = valid_password($pass);
if(!$validName) return “error=invalid name”;
if(!$validPass) return “error=invalid password”;
if(!$validEmail) return “error=invalid email”;
// all checks ok
$query = mysql_query(“INSERT INTO tutorial_user_auth (userName,userPassword,userMail,userQuestion,userAnswer) VALUES "
.”(’".$username."’,’".$pass."’,’".$email."’,’".$question."’,’".$answer."’)");
if(!$query)
{
return “error=” . mysql_error();
} else {
return “user=ok”;
}
}
// —
// login, check user
// —
function login($username,$pass)
{
GLOBAL $db,$table;
$username = trim($username);
$pass = md5(trim($pass));
$query = “SELECT * FROM tutorial_user_auth WHERE userName = '”.$username."’ AND userPassword = ‘".$pass."’";
$result = mysql_query( $query ) or die (“didn’t query”);
//see if there's an EXACT match
$num = mysql_num_rows( $result );
if ($num == 1){
print "status=You're in&checklog=1";
} else {
print "status=Sorry, but your user name and password did not match a user name/password combination in our database. Usernames and passwords are entered in from a different file.&checklog=2"
}
// —
// forget password
// —
function forget($email)
{
GLOBAL $db,$table;
$email = trim($email);
$query = mysql_query(“SELECT userName, userQuestion from tutorial_user_auth WHERE userMail = '”.$email."’");
if(mysql_num_rows($query)<1)
{
return “error=email not present into database”;
}
$row = mysql_fetch_array($query);
return “userName=$row[userName]&userQuestion=” . stripslashes($row[‘userQuestion’]);
}
// —
// generate new password
// —
function new_password($username,$email,$answer)
{
GLOBAL $db,$table;
$username = trim($username);
$email = trim($email);
$answer = addslashes(trim($answer));
$query = mysql_query(“SELECT * FROM tutorial_user_auth WHERE userName = '”.$username."’ AND userMail = ‘".$email."’ AND userAnswer = ‘".$answer."’");
if(mysql_num_rows($query) < 1)
{
return “error=wrong answer”;
}
$rand_string = ‘’;
// —
// generating a random 8 chars lenght password
// —
for($a=0;$a<7;$a++)
{
do
{
$newrand = chr(rand(0,256));
} while(!eregi("^[a-z0-9]$",$newrand));
$rand_string .= $newrand;
}
$pwd_to_insert = md5($rand_string);
$new_query = mysql_query(“UPDATE tutorial_user_auth SET userPassword = '”.$pwd_to_insert."’ WHERE userName = ‘".$username."’ AND userMail = ‘".$email."’");
if(!$new_query)
{
return “error=unable to update value”;
}
return “userName=$username&new_pass=$rand_string”;
}
// —
// decisional switch
// —
if(isset($HTTP_POST_VARS[“action”]))
{
switch($HTTP_POST_VARS[“action”])
{
case “register”:
$result = register($HTTP_POST_VARS[‘username’],$HTTP_POST_VARS[‘pass’],$HTTP_POST_VARS[‘email’],$HTTP_POST_VARS[‘question’],$HTTP_POST_VARS[‘answer’]);
print $result;
break;
case “login”:
$result = login($HTTP_POST_VARS[‘username’],$HTTP_POST_VARS[‘pass’]);
print “user=” . $result;
break;
case “forget”:
$result = forget($HTTP_POST_VARS[‘email’]);
print $result;
break;
case “new_password”:
$result = new_password($HTTP_POST_VARS[‘username’],$HTTP_POST_VARS[‘email’],$HTTP_POST_VARS[‘answer’]);
print $result;
break;
}
}
?>
Functions.php
<?
error_reporting(E_ALL);
function valid_email($email)
{
// check if email is valid
if( !eregi("^[a-z0-9]+([_\.-][a-z0-9]+)"
."@([a-z0-9]+([.-][a-z0-9]+))$",$email, $regs))
{
return false;
} else if( gethostbyname($regs[2]) == $regs[2] )
{
// if host is invalid
return false;
} else {
return true;
}
}
function valid_userName($name)
{
// check valid input name
if(!eregi("^[a-z0-9]{8,15}$",$name))
{
return false;
} else {
return true;
}
}
function valid_password($pwd)
{
// check valid password
if(!eregi("^[a-z0-9]{6,8}$",$pwd))
{
return false;
} else {
return true;
}
}
?>
config.php
<?php
header(“Expires: Mon, 26 Jul 1997 05:00:00 GMT”); // Data passata
header(“Last-Modified: " . gmdate(“D, d M Y H:i:s”) . " GMT”);
// sempre modificato
header(“Cache-Control: no-store, no-cache, must-revalidate”); // HTTP/1.1
header(“Cache-Control: post-check=0, pre-check=0”, false);
header(“Pragma: no-cache”); // HTTP/1.0
error_reporting(E_ALL);
$host = ‘localhost’;
$dbuser = ‘root’;
$dbpass = ‘’;
$dbname = ‘login’;
$table = ‘tutorial_user_auth’;
$db = mysql_connect($host,$dbuser,$dbpass) or die(“error=could not connect to $host”);
$db = mysql_select_db($dbname);
if(!$db)
{
print “error=could not connect to $dbname table”;
exit;
}
?>
any help would be much appreciated, i am new to the world of PHP and MySQl but i do have flash knowledge.
steve
