CODEWITHSUNDEEP
phpformsclass
Barta Tamás
Barta Tamás

Reputation: 899

Always the same error message

Its a log in form, and a class_login.php file. I got a token, to verify the form submissions. Its a random string and i send it hidden. I got 3 error messages on my class. Invalid form submission. Invalid form data. and Invalid Username/Password. The problem is doesnt matter what i do i get stuck on the first error invalid form submission. Its like the token i send never matches the session token. But when i remove that part i always get the invalid form data, even if i write a correct existing user/password. Need some help here please: 

<?php


class class_login 
{
    private $id;
    private $username;
    private $password;
    private $passmd5;

    private $errors;
    private $access;
    private $login;
    private $ltoken;

    public function __construct()
    {
        $this->errors = array();

        $this->login  = isset($_POST['login'])? 1:0;
        $this->access = 0;
        $this->ltoken  = $_POST['ltoken'];
        $this->id     = 0;
        $this->username = ($this->login)? $this->filter($_POST['username']) : $_SESSION['username'];
        $this->password = ($this->login)? $this->filter($_POST['password']) : '';
        $this->passmd5 = ($this->login)? md5($this->password) : $_SESSION['password'];

    }

    public function isLoggedIn()
    {
        ($this->login)? $this->verifyPost() : $this->verifySession();

        return $this->access;
    }

    public function filter($var)
    {
        return preg_replace('/[^a-zA-Z0-9]/','',$var);
    }

    public function verifyPost()
    {
        try
        {
            if(!$this->tokenValid())
                throw new Exception('Invalid Form Submission!');
            if(!$this->isDataValid())
                throw new Exception('Invalid Form Data!');
            if(!$this->verifyDatabase())
                throw new Exception('Invalid Username/Password!');

            $this->access = 1;
            $this->registerSession();
        }
        catch(Exception $e)
        {
            $this->errors[] = $e->getMessage();
        }
    }

    public function verifySession()
    {
        if($this->sessionExist() && $this->verifyDatabase())
        $this->access = 1;
    }

    public function verifyDatabase()
    {
        include('db_connect.php');

        $data = mysql_query("SELECT ID FROM users WHERE username = '($this->username)' AND password = '($this->passmd5)'");

        if (mysql_num_rows($data))
        {
            list($this->id) = @array_values(mysql_fetch_assoc($data));

            return true;
        }
        else
            return false;

       }

    public function isDataValid()
    {
        return (preg_match('/[^a-zA-Z0-9]$/',  $this->username) && preg_match('/[^a-zA-Z0-9]$/',  $this->password))? 1:0;
    }

    public function tokenValid()
    {
        return (!isset($_SESSION['ltoken']) || $this->ltoken != $_SESSION['ltoken'])? 0 : 1;
    }

    public function registerSession()
    {
        $_SESSION['ID']       = $this->id;
        $_SESSION['username'] = $this->username;
        $_SESSION['password'] = $this->passmd5;
    }

    public function sessionExist()
    {
        return (isset($_SESSION['username']) && isset($_SESSION['password']))? 1 : 0;
    }

    public function show_errors()
    {
        foreach($this->errors as $value)
            echo $value."</br>";
    }


}

?>

Here is the login_form.php

<?php
$check = 0;
$ltoken = $_SESSION['ltoken'] = md5(uniqid(mt_rand(), true));
if(isset($_POST['login']))
{
    $check = 1;
    include('class_login.php');

    $login = new class_login();

    if ($login->isLoggedIn())
        echo "Success!";
    else
        $login->show_errors();

}
?>


<link rel="stylesheet" href="CSS/regstyle.css" type="text/css" />
<script src="JS/jquery-1.7.2.js" type="text/javascript"></script>
  <script type="text/javascript">
      $(document).ready(function() {
          var checker = <?php echo $check; ?>;
          if(checker == 1)
          {
          $("#logform").slideDown("fast")
          }
      });
    </script>
<div id="content">
    <?php echo $ltoken; ?>
<!-- Begin Form -->
<div class="form-content">

<form class="reg-form" method="post" action="<?php $_SERVER['PHP_SELF'] ?>">

        <fieldset>
            <div class="divusername">
                <label for="username">Username:</label>
                <input type="text" id="username" name="username"  placeholder="Your Username Here" />
            </div>
            <div class="password">
                <label for="password">Password:</label>
                <input type="password" id="password" name="password" placeholder="Your Password Here" />
            </div>
            <div class="submit-button">
                <input type="hidden" name="ltoken" value="<?php echo $ltoken; ?>" />
                <input type="submit" name="login" value="Login" />
            </div>
        </fieldset>
</form>
</div>
</div>

Upvotes: 0

Views: 140

Answers (2)

TaZ
TaZ

Reputation: 743

I suspect that you forgot to start the session using session_start(). Please show us how you use this class. (The file where you use it.)

Edit

Disregard the above. The problem here is that you are setting the $_SESSION['ltoken'] to a new random value on each page load. That's why the posted value (this is one generation 'behind') never matches.

Upvotes: 2

phpmeh
phpmeh

Reputation: 1792

Separate out this code:

return (!isset($_SESSION['ltoken']) || $this->ltoken != $_SESSION['ltoken'])? 0 : 1;

It may or may not be accurate, but it's not readable and makes your debugging harder. I think it may be throwing you off because you're using the if or else as the second condition. 

if( ! isset( $_SESSION['ltoken'] ) return false; 
return ( $this->ltoken != $_SESSION['ltoken']) ? 0 : 1;

Upvotes: 0

Related Questions