Always the same error message

A

ahmedmoy

New Member
Its a log in form, and a class_login.php file. I got a token, to verify the form submissions. Its a random string and i send it hidden. I got 3 error messages on my class. Invalid form submission. Invalid form data. and Invalid Username/Password. The problem is doesnt matter what i do i get stuck on the first error invalid form submission. Its like the token i send never matches the session token. But when i remove that part i always get the invalid form data, even if i write a correct existing user/password. Need some help here please: \[code\]<?phpclass class_login { private $id; private $username; private $password; private $passmd5; private $errors; private $access; private $login; private $ltoken; public function __construct() { $this->errors = array(); $this->login = isset($_POST['login'])? 1:0; $this->access = 0; $this->ltoken = $_POST['ltoken']; $this->id = 0; $this->username = ($this->login)? $this->filter($_POST['username']) : $_SESSION['username']; $this->password = ($this->login)? $this->filter($_POST['password']) : ''; $this->passmd5 = ($this->login)? md5($this->password) : $_SESSION['password']; } public function isLoggedIn() { ($this->login)? $this->verifyPost() : $this->verifySession(); return $this->access; } public function filter($var) { return preg_replace('/[^a-zA-Z0-9]/','',$var); } public function verifyPost() { try { if(!$this->tokenValid()) throw new Exception('Invalid Form Submission!'); if(!$this->isDataValid()) throw new Exception('Invalid Form Data!'); if(!$this->verifyDatabase()) throw new Exception('Invalid Username/Password!'); $this->access = 1; $this->registerSession(); } catch(Exception $e) { $this->errors[] = $e->getMessage(); } } public function verifySession() { if($this->sessionExist() && $this->verifyDatabase()) $this->access = 1; } public function verifyDatabase() { include('db_connect.php'); $data = http://stackoverflow.com/questions/10552964/mysql_query("SELECT ID FROM users WHERE username = '($this->username)' AND password = '($this->passmd5)'"); if (mysql_num_rows($data)) { list($this->id) = @array_values(mysql_fetch_assoc($data)); return true; } else return false; } public function isDataValid() { return (preg_match('/[^a-zA-Z0-9]$/', $this->username) && preg_match('/[^a-zA-Z0-9]$/', $this->password))? 1:0; } public function tokenValid() { return (!isset($_SESSION['ltoken']) || $this->ltoken != $_SESSION['ltoken'])? 0 : 1; } public function registerSession() { $_SESSION['ID'] = $this->id; $_SESSION['username'] = $this->username; $_SESSION['password'] = $this->passmd5; } public function sessionExist() { return (isset($_SESSION['username']) && isset($_SESSION['password']))? 1 : 0; } public function show_errors() { foreach($this->errors as $value) echo $value."</br>"; }}?>\[/code\]Here is the login_form.php\[code\]<?php$check = 0;$ltoken = $_SESSION['ltoken'] = md5(uniqid(mt_rand(), true));if(isset($_POST['login'])){ $check = 1; include('class_login.php'); $login = new class_login(); if ($login->isLoggedIn()) echo "Success!"; else $login->show_errors();}?><link rel="stylesheet" href="http://stackoverflow.com/questions/10552964/CSS/regstyle.css" type="text/css" /><script src="http://stackoverflow.com/questions/10552964/JS/jquery-1.7.2.js" type="text/javascript"></script> <script type="text/javascript"> $(document).ready(function() { var checker = <?php echo $check; ?>; if(checker == 1) { $("#logform").slideDown("fast") } }); </script><div id="content"> <?php echo $ltoken; ?><!-- Begin Form --><div class="form-content"><form class="reg-form" method="post" action="<?php $_SERVER['PHP_SELF'] ?>"> <fieldset> <div class="divusername"> <label for="username">Username:</label> <input type="text" id="username" name="username" placeholder="Your Username Here" /> </div> <div class="password"> <label for="password">Password:</label> <input type="password" id="password" name="password" placeholder="Your Password Here" /> </div> <div class="submit-button"> <input type="hidden" name="ltoken" value="http://stackoverflow.com/questions/10552964/<?php echo $ltoken; ?>" /> <input type="submit" name="login" value="http://stackoverflow.com/questions/10552964/Login" /> </div> </fieldset></form></div></div>\[/code\]
 
You must log in or register to reply here.
Back
Top