I followed everything that explains the book, I also used the ready files that gives you the book,
well my problem is that when I enter email and password
I get always the error “The specified email address or password was incorrect.”
it is nevertheless quite correct.
this is code
access.inc.php
<?php
function userIsLoggedIn()
{
if (isset($_POST['action']) and $_POST['action'] == 'login')
{
if (!isset($_POST['email']) or $_POST['email'] == '' or
!isset($_POST['password']) or $_POST['password'] == '')
{
$GLOBALS['loginError'] = 'Please fill in both fields';
return FALSE;
}
$password = md5($_POST['password'] . 'ijdb');
if (databaseContainsAuthor($_POST['email'], $password))
{
session_start();
$_SESSION['loggedIn'] = TRUE;
$_SESSION['email'] = $_POST['email'];
$_SESSION['password'] = $password;
return TRUE;
}
else
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['email']);
unset($_SESSION['password']);
$GLOBALS['loginError'] =
'The specified email address or password was incorrect.';
return FALSE;
}
}
if (isset($_POST['action']) and $_POST['action'] == 'logout')
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['email']);
unset($_SESSION['password']);
header('Location: ' . $_POST['goto']);
exit();
}
session_start();
if (isset($_SESSION['loggedIn']))
{
return databaseContainsAuthor($_SESSION['email'], $_SESSION['password']);
}
}
function databaseContainsAuthor($email, $password)
{
include 'db.inc.php';
try
{
$sql = 'SELECT COUNT(*) FROM author
WHERE email = :email AND password = :password';
$s = $pdo->prepare($sql);
$s->bindValue(':email', $email);
$s->bindValue(':password', $password);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error searching for author.';
include 'error.html.php';
exit();
}
$row = $s->fetch();
if ($row[0] > 0)
{
return TRUE;
}
else
{
return FALSE;
}
}
function userHasRole($role)
{
include 'db.inc.php';
try
{
$sql = "SELECT COUNT(*) FROM author
INNER JOIN authorrole ON author.id = authorid
INNER JOIN role ON roleid = role.id
WHERE email = :email AND role.id = :roleId";
$s = $pdo->prepare($sql);
$s->bindValue(':email', $_SESSION['email']);
$s->bindValue(':roleId', $role);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error searching for author roles.';
include 'error.html.php';
exit();
}
$row = $s->fetch();
if ($row[0] > 0)
{
return TRUE;
}
else
{
return FALSE;
}
}
Hello phpita, i am getting the same error in my code, have you been able to get round the problem? If so, can you please help me resolve this error. With kind regards, Sahidus
I am building a new php application and i have got to a point where i want to build the content management pages. I have two databases on my wamp server. The ijdb database and a new one for my application. I have modified all the code supplied in this course to match my table names in the database, however when i try to login, i get the error message saying:- “The specified email address or password was incorrect”. I am sure that the email and passwords are typed in correctly as they are entered in the database. Can someone please point me where i am going wrong. Your help will be very much appreciated.
Regards,
Sahidus
Thanks for your reply. Here is the code below. Please note that the database field in the author table are authorname and authoremail. Code is below. Let me know if you willl need the code for other pages. Regards
access.inc.php
<?php
function userIsLoggedIn()
{
if (isset($_POST['action']) and $_POST['action'] == 'login')
{
if (!isset($_POST['authoremail']) or $_POST['authoremail'] == '' or
!isset($_POST['password']) or $_POST['password'] == '')
{
$GLOBALS['loginError'] = 'Please fill in both fields';
return FALSE;
}
$password = md5($_POST['password'] . 'sps');
if (databaseContainsAuthor($_POST['authoremail'], $password))
{
session_start();
$_SESSION['loggedIn'] = TRUE;
$_SESSION['authoremail'] = $_POST['authoremail'];
$_SESSION['password'] = $password;
return TRUE;
}
else
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['authoremail']);
unset($_SESSION['password']);
$GLOBALS['loginError'] =
'The specified email address or password was incorrect.';
return FALSE;
}
}
if (isset($_POST['action']) and $_POST['action'] == 'logout')
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['authoremail']);
unset($_SESSION['password']);
header('Location: ' . $_POST['goto']);
exit();
}
session_start();
if (isset($_SESSION['loggedIn']))
{
return databaseContainsAuthor($_SESSION['authoremail'],
$_SESSION['password']);
}
else
{
return FALSE;
}
}
function databaseContainsAuthor($authoremail, $password)
{
include 'db.inc.php';
$authoremail = mysqli_real_escape_string($link, $authoremail);
$password = mysqli_real_escape_string($link, $password);
$sql = "SELECT COUNT(*) FROM author
WHERE authoremail='$authoremail' AND password='$password'";
$result = mysqli_query($link, $sql);
if (!$result)
{
$error = 'Error searching for author.';
include 'error.html.php';
exit();
}
$row = mysqli_fetch_array($result);
if ($row[0] > 0)
{
return TRUE;
}
else
{
return FALSE;
}
}
function userHasRole($role)
{
include 'db.inc.php';
$authoremail = mysqli_real_escape_string($link, $_SESSION['authoremail']);
$role = mysqli_real_escape_string($link, $role);
$sql = "SELECT COUNT(*) FROM author
INNER JOIN authorrole ON author.id = authorid
INNER JOIN role ON roleid = role.id
WHERE authoremail = '$authoremail' AND role.id='$role'";
$result = mysqli_query($link, $sql);
if (!$result)
{
$error = 'Error searching for author roles.';
include 'error.html.php';
exit();
}
$row = mysqli_fetch_array($result);
if ($row[0] > 0)
{
return TRUE;
}
else
{
return FALSE;
}
}
?>
Thanks for your reply. I have tried the code you provided above but no joy. I ran into the following error:- Notice: Undefined variable: pdo in C:\wamp\www\ est\includes\access.inc.php on line 62
The line in question is:- $s = $pdo->prepare($sql);
I thought you were using the same book and code as phpita
phpita is using PDO
you are using mysqli
Temporarily try
// $sql = "SELECT COUNT(*) FROM author
// WHERE authoremail='$authoremail' AND password='$password'";
$sql = "SELECT COUNT(*) FROM author
WHERE authoremail='$authoremail'";