Login Debugging

User1 · July 8, 2012, 10:36am

I have this code but it always tells me it’s wrong even though the credentials are right. Please help…
This is the login script.
[php]<?php
session_start();
require_once ‘classes/Membership.php’;
$membership = new Membership();

// If the user clicks the “Log Out” link on the index page.
if(isset($_GET[‘status’]) && $_GET[‘status’] == ‘loggedout’) {
$membership->log_User_Out();
}

// Did the user enter a password/username and click submit?
if($_POST && !empty($_POST[‘username’]) && !empty($_POST[‘pwd’])) {
$response = $membership->validate_User($_POST[‘username’], $_POST[‘pwd’]);
}

?>

Login to access the secret files!

Login

Username:

    <p>
    	<label for="pwd">Password: </label>
        <input type="password" name="pwd" />
    </p>
    
    <p>
    	<input type="submit" id="submit" value="Login" name="submit" />
    </p>
</form>
<?php if(isset($response)) echo "<h4 class='alert'>" . $response . "</h4>"; ?>

[/php]. The Membership class code is this: [php]<?php

require ‘Mysql.php’;

class Membership {

function validate_user($un, $pwd) {
	$mysql = New Mysql();
	$ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);
	
	if($ensure_credentials) {
		$_SESSION['status'] = 'authorized';
		header("location: status.php");
	} else return "Please enter a correct username and password";
	
} 

function log_User_Out() {
	if(isset($_SESSION['status'])) {
		unset($_SESSION['status']);
		
		if(isset($_COOKIE[session_name()])) 
			setcookie(session_name(), '', time() - 1000);
			session_destroy();
	}
}

function confirm_Member() {
	session_start();
	if($_SESSION['status'] !='authorized') header("location: login.php");
}

}[/php]
The Mysql class says:
[php]<?php

require_once ‘includes/constants.php’;

class Mysql {
private $conn;

function __construct() {
	$this->conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or 
				  die('There was a problem connecting to the database.');
}

function verify_Username_and_Pass($un, $pwd) {
			
	$query = "SELECT *
			FROM tblProjects
			WHERE Username = ? AND Password = ?
			LIMIT 1";
			
	if($stmt = $this->conn->prepare($query)) {
		$stmt->bind_param('ss', $un, $pwd);
		$stmt->execute();
		
		if($stmt->fetch()) {
			$stmt->close();
			return true;
		}
	}
	
}

}[/php]
What is what I’m doing wrong?

PHP_Person · July 9, 2012, 1:01am

Shouldn’t your query be:
$query = “SELECT *
FROM tblProject
WHERE Username = $VariableName AND Password = &VariableName
LIMIT 1”;
Alternatively, you can use a query like so:
$query = mysql_query(“SELECT *
FROM tblProject
WHERE Username = $VariableName AND Password = &VariableName
LIMIT 1”) or die(mysql_error());

User1 · July 9, 2012, 12:18pm

Are these the variable names: $un, $pwd

User1 · July 9, 2012, 12:22pm

I mean, what are the variable names?

karolis · July 9, 2012, 1:41pm

User1, if I didn’t help write me a message or post here an reply i will search for problem once again. :):
Your code:
[php]$query = “SELECT *
FROM tblProjects
WHERE Username = ? AND Password = ?
LIMIT 1”;[/php]

try to change to this(make a backup of your old version):
[php]$query = “SELECT *
FROM tblProjects
WHERE Username = ‘{$_POST[‘username’]}’ AND Password = ‘{$_POST[‘pwd’]}’
LIMIT 1”;[/php]

User1 · July 9, 2012, 2:28pm

Sorry but that didn’t help.

User1 · July 10, 2012, 2:09pm

Can anyone help?