SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Member
    Join Date
    Oct 2013
    Posts
    7
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    access control with password and email [from kevin yank book]

    I followed everything that explains the book, I also used the ready files that gives you the book,
    well my problem is that when I enter email and password
    I get always the error "The specified email address or password was incorrect."
    it is nevertheless quite correct.
    this is code
    access.inc.php
    Code:
    <?php
    
    function userIsLoggedIn()
    {
      if (isset($_POST['action']) and $_POST['action'] == 'login')
      {
        if (!isset($_POST['email']) or $_POST['email'] == '' or
          !isset($_POST['password']) or $_POST['password'] == '')
        {
          $GLOBALS['loginError'] = 'Please fill in both fields';
          return FALSE;
        }
    
        $password = md5($_POST['password'] . 'ijdb');
    
        if (databaseContainsAuthor($_POST['email'], $password))
        {
          session_start();
          $_SESSION['loggedIn'] = TRUE;
          $_SESSION['email'] = $_POST['email'];
          $_SESSION['password'] = $password;
          return TRUE;
        }
        else
        {
          session_start();
          unset($_SESSION['loggedIn']);
          unset($_SESSION['email']);
          unset($_SESSION['password']);
          $GLOBALS['loginError'] =
              'The specified email address or password was incorrect.';
          return FALSE;
        }
      }
    
      if (isset($_POST['action']) and $_POST['action'] == 'logout')
      {
        session_start();
        unset($_SESSION['loggedIn']);
        unset($_SESSION['email']);
        unset($_SESSION['password']);
        header('Location: ' . $_POST['goto']);
        exit();
      }
    
      session_start();
      if (isset($_SESSION['loggedIn']))
      {
        return databaseContainsAuthor($_SESSION['email'], $_SESSION['password']);
      }
    }
    
    function databaseContainsAuthor($email, $password)
    {
      include 'db.inc.php';
    
      try
      {
        $sql = 'SELECT COUNT(*) FROM author
            WHERE email = :email AND password = :password';
        $s = $pdo->prepare($sql);
        $s->bindValue(':email', $email);
        $s->bindValue(':password', $password);
        $s->execute();
      }
      catch (PDOException $e)
      {
        $error = 'Error searching for author.';
        include 'error.html.php';
        exit();
      }
    
      $row = $s->fetch();
    
      if ($row[0] > 0)
      {
        return TRUE;
      }
      else
      {
        return FALSE;
      }
    }
    
    function userHasRole($role)
    {
      include 'db.inc.php';
    
      try
      {
        $sql = "SELECT COUNT(*) FROM author
            INNER JOIN authorrole ON author.id = authorid
            INNER JOIN role ON roleid = role.id
            WHERE email = :email AND role.id = :roleId";
        $s = $pdo->prepare($sql);
        $s->bindValue(':email', $_SESSION['email']);
        $s->bindValue(':roleId', $role);
        $s->execute();
      }
      catch (PDOException $e)
      {
        $error = 'Error searching for author roles.';
        include 'error.html.php';
        exit();
      }
    
      $row = $s->fetch();
    
      if ($row[0] > 0)
      {
        return TRUE;
      }
      else
      {
        return FALSE;
      }
    }

  2. #2
    SitePoint Member
    Join Date
    Oct 2013
    Posts
    7
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

  3. #3
    SitePoint Member
    Join Date
    Dec 2010
    Location
    UK
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello phpita, i am getting the same error in my code, have you been able to get round the problem? If so, can you please help me resolve this error. With kind regards, Sahidus

  4. #4
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,227
    Mentioned
    194 Post(s)
    Tagged
    2 Thread(s)
    That error message is coming from the else for this conditional
    PHP Code:
    if (databaseContainsAuthor($_POST['email'], $password)) 
    which means that for some reason databaseContainsAuthor is not returning TRUE
    Code PHP:
    function databaseContainsAuthor($email, $password)
    {
      include 'db.inc.php';
     
      try
      {
        $sql = 'SELECT COUNT(*) FROM author
            WHERE email = :email AND password = :password';
        $s = $pdo->prepare($sql);
        $s->bindValue(':email', $email);
        $s->bindValue(':password', $password);
        $s->execute();
      }
      catch (PDOException $e)
      {
        $error = 'Error searching for author.';
        include 'error.html.php';
        exit();
      }
     
      $row = $s->fetch();
     
      if ($row[0] > 0)
      {
        return TRUE;
      }
      else
      {
        return FALSE;
      }
    }
    If you are not getting "Error searching for author" then it seems the query is running OK.
    But for some reason the count is not greater than 0

    I suspect it's a password related problem, if you temporarily try this does it work?
    PHP Code:
    //    $sql = 'SELECT COUNT(*) FROM author
    //        WHERE email = :email AND password = :password';
        
    $sql 'SELECT COUNT(*) FROM author
            WHERE email = :email'
    ;
        
    $s $pdo->prepare($sql);
        
    $s->bindValue(':email'$email);
    //    $s->bindValue(':password', $password);
        
    $s->execute(); 

  5. #5
    SitePoint Member
    Join Date
    Dec 2010
    Location
    UK
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    The specified email address or password was incorrect

    I am building a new php application and i have got to a point where i want to build the content management pages. I have two databases on my wamp server. The ijdb database and a new one for my application. I have modified all the code supplied in this course to match my table names in the database, however when i try to login, i get the error message saying:- "The specified email address or password was incorrect". I am sure that the email and passwords are typed in correctly as they are entered in the database. Can someone please point me where i am going wrong. Your help will be very much appreciated.
    Regards,
    Sahidus
    Last edited by Mittineague; Dec 28, 2013 at 19:34.

  6. #6
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,065
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    Can you please post the code as it currently is?
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  7. #7
    SitePoint Member
    Join Date
    Dec 2010
    Location
    UK
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your reply. Here is the code below. Please note that the database field in the author table are authorname and authoremail. Code is below. Let me know if you willl need the code for other pages. Regards
    access.inc.php
    Code PHP:
    <?php  
    function userIsLoggedIn()  
    {  
      if (isset($_POST['action']) and $_POST['action'] == 'login')  
      {  
        if (!isset($_POST['authoremail']) or $_POST['authoremail'] == '' or  
            !isset($_POST['password']) or $_POST['password'] == '')  
        {  
          $GLOBALS['loginError'] = 'Please fill in both fields';  
          return FALSE;  
        }  
        $password = md5($_POST['password'] . 'sps');  
        if (databaseContainsAuthor($_POST['authoremail'], $password))  
        {  
          session_start();  
          $_SESSION['loggedIn'] = TRUE;  
          $_SESSION['authoremail'] = $_POST['authoremail'];  
          $_SESSION['password'] = $password;  
          return TRUE;  
        }  
        else  
        {  
          session_start();  
          unset($_SESSION['loggedIn']);  
          unset($_SESSION['authoremail']);  
          unset($_SESSION['password']);  
          $GLOBALS['loginError'] =  
              'The specified email address or password was incorrect.';  
          return FALSE;  
        }  
      }  
      if (isset($_POST['action']) and $_POST['action'] == 'logout')  
      {  
        session_start();  
        unset($_SESSION['loggedIn']);  
        unset($_SESSION['authoremail']);  
        unset($_SESSION['password']);  
        header('Location: ' . $_POST['goto']);  
        exit();  
      }  
      session_start();  
      if (isset($_SESSION['loggedIn']))  
      {  
        return databaseContainsAuthor($_SESSION['authoremail'],   
            $_SESSION['password']);  
      }  
      else  
      {  
        return FALSE;  
      }  
    }  
    function databaseContainsAuthor($authoremail, $password)  
    {  
      include 'db.inc.php';  
      $authoremail = mysqli_real_escape_string($link, $authoremail);  
      $password = mysqli_real_escape_string($link, $password);  
      $sql = "SELECT COUNT(*) FROM author  
          WHERE authoremail='$authoremail' AND password='$password'";  
      $result = mysqli_query($link, $sql);  
      if (!$result)  
      {  
        $error = 'Error searching for author.';  
        include 'error.html.php';  
        exit();  
      }  
      $row = mysqli_fetch_array($result);  
      if ($row[0] > 0)  
      {  
        return TRUE;  
      }  
      else  
      {  
        return FALSE;  
      }  
    }  
    function userHasRole($role)  
    {  
      include 'db.inc.php';  
      $authoremail = mysqli_real_escape_string($link, $_SESSION['authoremail']);  
      $role = mysqli_real_escape_string($link, $role);  
      $sql = "SELECT COUNT(*) FROM author  
          INNER JOIN authorrole ON author.id = authorid  
          INNER JOIN role ON roleid = role.id  
          WHERE authoremail = '$authoremail' AND role.id='$role'";  
      $result = mysqli_query($link, $sql);  
      if (!$result)  
      {  
        $error = 'Error searching for author roles.';  
        include 'error.html.php';  
        exit();  
      }  
      $row = mysqli_fetch_array($result);  
      if ($row[0] > 0)  
      {  
        return TRUE;  
      }  
      else  
      {  
        return FALSE;  
      }  
    }  
    ?>
    Last edited by Mittineague; Dec 29, 2013 at 13:23. Reason: reformatting bbcode tags

  8. #8
    SitePoint Member
    Join Date
    Dec 2010
    Location
    UK
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your reply. I have tried the code you provided above but no joy. I ran into the following error:- Notice: Undefined variable: pdo in C:\wamp\www\test\includes\access.inc.php on line 62
    The line in question is:- $s = $pdo->prepare($sql);

  9. #9
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,227
    Mentioned
    194 Post(s)
    Tagged
    2 Thread(s)
    Sorry. Mea Culpa.

    I thought you were using the same book and code as phpita
    phpita is using PDO
    you are using mysqli

    Temporarily try
    PHP Code:
    //  $sql = "SELECT COUNT(*) FROM author  
    //      WHERE authoremail='$authoremail' AND password='$password'";
       
    $sql "SELECT COUNT(*) FROM author  
          WHERE authoremail='
    $authoremail'"


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •