asked on Unable to login new user
I'm getting stuck when trying to login a new user to my site. I have successfully been able to create a new user in my MySQL db via a PHP enabled front-end, and then it emails the user their password and username. When I go back to login though, it keeps telling me that the login details were invalid. I'm following the examples in Practical Web 2.0 Apps with PHP, so this isn't original code and there seems to be a problem with the code here (not for the first time).
Below is the code where this error message is generated...
Thanks!
Below is the code where this error message is generated...
Thanks!
// verify username and password aren't blank
if (count($errors) == 0) {
// setup the authentication adapter
$adapter = new Zend_Auth_Adapter_DbTable($this->db,
'users',
'username',
'password',
'md5(?)');
$adapter->setIdentity($username);
$adapter->setCredential($password);
// try and authenticate the user
$result = $auth->authenticate($adapter);
var_dump($result);
if ($result->isValid()) {
$user = new DatabaseObject_User($this->db);
$user->load($adapter->getResultRowObject()->user_id);
// record login attempt
$user->loginSuccess();
// create identity data and write it to session
$identity = $user->createAuthIdentity();
$auth->getStorage()->write($identity);
// send user to page they originally request
$this->_redirect($redirect);
}
// record failed login attempt
DatabaseObject_User::LoginFailure($username,
$result->getCode());
$errors['username'] = 'Your login details were invalid';
}
}
PHPMySQL Server
Last Comment
jharris133
ASKER
Update
--------
I just queried my mySQL database, and I noticed that all of the passwords have the same md5 hash value. I think this would be why the login isn't working, because it's looking for a single password for everyone, but I'm not sure what that password is. When the welcome email is sent out, it always displays a new password, but apparently the correct value isn't getting written to the database. Hope this helps, is there something I'm doing incorrectly when using the md5() function to encrypt the passwords?
--------
I just queried my mySQL database, and I noticed that all of the passwords have the same md5 hash value. I think this would be why the login isn't working, because it's looking for a single password for everyone, but I'm not sure what that password is. When the welcome email is sent out, it always displays a new password, but apparently the correct value isn't getting written to the database. Hope this helps, is there something I'm doing incorrectly when using the md5() function to encrypt the passwords?
hello there mate, sadly im not sure on what your trying to acheive here. i do however have a password setup of my own that i can send u the code over here for u to take a look at if that helps you?
///////////////HTML(INDEX.PHP)/////////////
<form id="form" method="post" action="./login.php">
<label>Username: </label>
<br />
<input type="text" name="username" value="" />
<br />
<br />
<label>Password: </label>
<br />
<input type="password" name="password" value="" />
<br />
<br />
<input type="submit" name="submit" value="Login" />
</form>
//////////////////LOGIN.PHP///////////////////////
<?php include("authenticate.php"); //We need to include the file the authentication class is in for later use
//The same way as normal, check to see if the form was submitted if(isset($_POST["submit"])) {
//Validate the inputs and clean them
//Because validating the data is really outside the scope of this, I'll just do it in pseudo-code
/* PSEUDO-CODE */
if username field has a value
check the value is a valid format for a username (IE doesn't contain characters you don't allow)
if the value is valid
clean the value just in case
end if
end if
if password field has a value
check the value is a valid format for a password(IE doesn't contain characters you don't allow)
if the value is valid
clean the value just in case
hash the password
end if
end if
/* END PSEUDO-CODE */
//At this point, assume you have two cleaned and validated variables for the username and password
//$user and $pass
//If the data passed turns out to be valid, lets start authenticating
$auth = new Authentication();
//Create a new instance of the Authentication class
//If the method "Login" in the authentication object returns "true"
if($auth->Login($user, $pass))
{
//Do whatever you need to when the user is logged in
}
//If the method returns false
else {
//Ouput your error message
}
}
?>
////////////////////////////////AUTH.PHP//////////////////////
<?php
//This class will only work with PHP 5 and above due to the magic method __construct and the way global variables are created
class Authentication
{ public $userData = array();
private $dbLink;
//This method is called when we create a new instance of the class. We don't need to supply any extra information to create the object, so we don't give it any arguments
function __construct()
{
//Initialising variables is a good idea on a constructor $this->userDate = array();
//Connect to a database in the normal way and assign the link to $this->dbLink
}
//This is the method that is called in login.php to execute the login of the user
public function Login($username, $password)
{
//You might want to validate the data here too, but you don't HAVE to because you already validated it in login.php
//Using $this->dbLink, perform a standard database query to see if there is a record in there with the same username and password as the ones supplied
//If there is
return true;
//If there isn't
return false;
//You'd also want to put all the user data in to $this->userData and set up sessions and all that good stuff, but I'm too lazy to go through all that. I'm sure you can do that bit for yourself }
}
?>
Alternatively i have PHP server AUTH login method i can show you.
ASKER
Yes, can I please see the PHP server AUTH login method?
Here's a better desc of my problem. I'm trying to develop a system where users can Register to create a new username, then automatically generate a password and email their new password to them. The email is sent with an unencrypted password so the user can see it and use it to login, but then in the code it's immediately hashed using MD5() to be stored in the database.
When I try to login, I receive an error that the credentials are invalid, even though I'm using the correct username and the generated password. Further, when I look in the actual database, each user that I've created have the same hash value for their password, even though each one was different and uniquely generated.
Does that make more sense?
Here's a better desc of my problem. I'm trying to develop a system where users can Register to create a new username, then automatically generate a password and email their new password to them. The email is sent with an unencrypted password so the user can see it and use it to login, but then in the code it's immediately hashed using MD5() to be stored in the database.
When I try to login, I receive an error that the credentials are invalid, even though I'm using the correct username and the generated password. Further, when I look in the actual database, each user that I've created have the same hash value for their password, even though each one was different and uniquely generated.
Does that make more sense?
I question if the $username and $password variables are set. You may have to post more code. or you could try using $_POST['username'] (I'll have to assume you're coming from a form post login page). If this code had beed written for an older version (3.x) of PHP or global variables had been turned on it may have worked without the POST reference
$adapter->setIdentity($_PO
$adapter->setCredential($_
$adapter->setIdentity($_PO
$adapter->setCredential($_
ASKER
Ok, I changed the two lines in my code that sets the setIdentity and setCredential to match yours above. However, I'm still getting the same error as before. I'd gladly provide more code if you need it, but I'm not sure what else you would be looking for. The code I provided above was in the function loginAction() in the AccountController class. I'm using Controllers and Smarty to display my pages. Would you need something else there?
Sorry, I am really new to this.
Sorry, I am really new to this.
Quick review.
Are you sure the users where created with the md5(?) option?
Are you sure $this->db is properly set?
What does var_dump($result); display?
Are you sure the users where created with the md5(?) option?
Are you sure $this->db is properly set?
What does var_dump($result); display?
ASKER
The display for var_dump($result) is:
object(Zend_Auth_Result)#5
How can I check if the $this-db is properly set? The new username and hashed password appear in the database.
I think I figured out why all the keys in the db were the same...when I first set them up, all the hashes are the same, but when I click on the Forgot your password button, it will generate an email asking the user to validate their account. Once that link is clicked on from the email, the key in the db changes to something unique. However, even with a verified account, I'm receiving the same login error.
Is this how the md5() hash works, it starts as everything being the same until the account is verified? If so, I'd rather do that validation in the welcome email in addition to the Forgot Password page, correct?
object(Zend_Auth_Result)#5
How can I check if the $this-db is properly set? The new username and hashed password appear in the database.
I think I figured out why all the keys in the db were the same...when I first set them up, all the hashes are the same, but when I click on the Forgot your password button, it will generate an email asking the user to validate their account. Once that link is clicked on from the email, the key in the db changes to something unique. However, even with a verified account, I'm receiving the same login error.
Is this how the md5() hash works, it starts as everything being the same until the account is verified? If so, I'd rather do that validation in the welcome email in addition to the Forgot Password page, correct?
ASKER
Update
_______
I just tried logging in with an authenticated (and changed) password and it finally worked. So I guess I will just try to change that email that goes out to authenticate the initial password and then it should work? I'll give that a shot and then mark your last post as a solution and award you the points.
_______
I just tried logging in with an authenticated (and changed) password and it finally worked. So I guess I will just try to change that email that goes out to authenticate the initial password and then it should work? I'll give that a shot and then mark your last post as a solution and award you the points.
ASKER
Ok, so I was able to use the workaround fine, but I'd like to get this working as it's supposed to. To generate the link to have the user validate their password, I'm using this line in my Smarty email template:
http://localhost/account/fetchpassword?action=confirm&id={$user->getId()}&key={$use
This works fine for if the user has forgotten their password, it allows them to click on the link, and then receive a message from my site that says that their password has been validated. They can then login using this new password from the email. The problem is that in order to use their password, the user must first register, then click on the Forgot your password link, which sends the email with the link included above. I would like the very first register email to display a link to validate so they don't need to get two passwords in order for them to be able to login.
So I tried including the above line in the initial email, but it doesn't include a key value, like it hasn't been generated yet. My question is then, how can I generate that key immediately after the account has been created? I'm just not sure how that new_password_key gets generated in the first place. Thanks!
http://localhost/account/fetchpassword?action=confirm&id={$user->getId()}&key={$use
This works fine for if the user has forgotten their password, it allows them to click on the link, and then receive a message from my site that says that their password has been validated. They can then login using this new password from the email. The problem is that in order to use their password, the user must first register, then click on the Forgot your password link, which sends the email with the link included above. I would like the very first register email to display a link to validate so they don't need to get two passwords in order for them to be able to login.
So I tried including the above line in the initial email, but it doesn't include a key value, like it hasn't been generated yet. My question is then, how can I generate that key immediately after the account has been created? I'm just not sure how that new_password_key gets generated in the first place. Thanks!
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thank you, I finally figured it out! In the AccountController function fetchPasswordAction(), which is where the password is initially obtained, it was calling the fetchpassword() function (where the new key was generated), but it was not calling the confirmNewPassword function, which is what set the key. So once I added that function call, the user is provided a link in the email, and when they click on the link, it automatically logs them in. This is even better than the functionality described in the book, thanks for pointing me in the right direction! As I said, I'm very new to this, so I really appreciate your patience and explanations.
object(Zend_Auth_Result)#5