Jump to content

need help member area


Ahmedamer

Recommended Posts

hey i was trying to make a new login system with member area the problem is that i wanted to add point system which i can add points manual to members by creating a new column called 'points' and add the following code to member area echo 'you got , '.$_SESSION['points']; but it didn`t work here is my member.php page any tip or advice would be helpful much appreciated ♥

<?php 

session_start();
$user = $_SESSION['points'];
 
 
//Connects to your Database 
 mysql_connect("sql206.byethost15.com", "b15_15261909", "7076300") or die(mysql_error()); 
 mysql_select_db("b15_15261909_logim") or die(mysql_error()); 
 
 
 //checks cookies to make sure they are logged in 
 
 if(isset($_COOKIE['ID_my_site'])) 
 
 { 
 
  $username = $_COOKIE['ID_my_site']; 
 
  $pass = $_COOKIE['Key_my_site']; 
 
  $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); 
 
  while($info = mysql_fetch_array( $check ))
 
 
 
 
 
 //if the cookie has the wrong password, they are taken to the login page 
 
  if ($pass != $info['password']) 
 
  { header("Location: login.php"); 
 
 
 
 
 
 //otherwise they are shown the admin area
 
  else 
 
 
 
  echo "Admin Area<p>"; 
 
 echo "Your Content<p>"; 
echo 'Welcome, '.$_SESSION['username']; 
echo 'you got 34, '.$_SESSION['points'];
 
 echo "<a href=logout.php>Logout</a>"; 
 
 
 
 
 
 
 
 else 
 
 
 
 //if the cookie does not exist, they are taken to the login screen 
 
 {
 
 header("Location: login.php"); 
 
 } 
 
 ?> 
my login.php page 
<?php 
session_start();
$_SESSION['points'] = $_POST['points'];
 
 
 
include("dbconnect.php");
 
 
 //Checks if there is a login cookie
 if(isset($_COOKIE['ID_my_site']))
 
 
 //if there is, it logs you in and directes you to the members page
 { 
  $username = $_COOKIE['ID_my_site']; 
 
  $pass = $_COOKIE['Key_my_site'];
 
  $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
 
  while($info = mysql_fetch_array( $check ))
 
  {
 
  if ($pass != $info['password']) 
 
  {
 
  }
 
  else
 
  {
 
  header("Location: members.php");
 
 
 
  }
 
  }
 
 }
 
 
 
 //if the login form is submitted 
 
 if (isset($_POST['submit'])) { // if form has been submitted
 
 
 
 // makes sure they filled it in
 
  if(!$_POST['username'] | !$_POST['pass']) {
 
  die('You did not fill in a required field.');
 
  }
 
  // checks it against the database
 
 
 
  if (!get_magic_quotes_gpc()) {
 
  $_POST['email'] = addslashes($_POST['email']);
 
  }
 
  $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
 
 
 
 //Gives error if user dosen't exist
 
 $check2 = mysql_num_rows($check);
 
 if ($check2 == 0) {
 
  die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
 
  }
 
 while($info = mysql_fetch_array( $check ))
 
 {
 
 $_POST['pass'] = stripslashes($_POST['pass']);
 
  $info['password'] = stripslashes($info['password']);
 
  $_POST['pass'] = md5($_POST['pass']);
 
 
 
 //gives error if the password is wrong
 
  if ($_POST['pass'] != $info['password']) {
 
  die('Incorrect password, please try again.');
 
  }
 else 
 
 { 
 
 
 // if login is ok then we add a cookie 
 
$_POST['username'] = stripslashes($_POST['username']); 
$hour = time() + 3600; 
setcookie(ID_my_site, $_POST['username'], $hour); 
setcookie(Key_my_site, $_POST['pass'], $hour);
 
//then redirect them to the members area 
header("Location: members.php"); 
 } 
 
else 
 
{
 
 
 
 // if they are not logged in 
 
 ?> 
 
 <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 
 
 <table border="0"> 
 
 <tr><td colspan=2><h1>Login</h1></td></tr> 
 
 <tr><td>Username:</td><td> 
 
 <input type="text" name="username" maxlength="40"> 
 
 </td></tr> 
 
 <tr><td>Password:</td><td> 
 
 <input type="password" name="pass" maxlength="50"> 
 
 </td></tr> 
 
 <tr><td colspan="2" align="right"> 
 
 <input type="submit" name="submit" value="Login"> 
 
 </td></tr> 
 
 </table> 
 
 </form> 
 
 <?php 
 
 } 
 
 
 
 ?> 
 
Edited by Ahmedamer
Link to comment
Share on other sites

If those are your actual database credentials, now it's time to change them. ::)

 

Guys, please stop stealing crap code from the Internet. That stuff is at least 6 years old, and it's absolutely horrible. I wouldn't even call it code, it's actually malware waiting to be executed by unsuspecting newbies:

  • Plaintext passwords stored in cookies? WTF?
  • The SQL injection vulnerabilities can be used to steal arbitrary data or take over your entire server through the database system.
  • The cross-site scripting vulnerabilities can be used to attack your users.
  • The inevitable MD5 hashes are just laughable given the computing power of current hardware.
  • The entire session code is broken beyond repair.
  • And so on ...

Would you download a random executable file and run it on your PC? No? Then don't download random PHP code and run it on your server.

 

C'mon, you can do better than this. With a little brainpower from you and help from us, I'm sure you can write your own, sane code.

Link to comment
Share on other sites

Look at my signature below for a login/registration script....I really hate tooting my own horn.  You can even find it in mysqli or PDO format, I personally would recommend the PDO tutorial for that's one I'm most comfortable with. 

Edited by Strider64
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.