i there, iam building an website to show to my school but iam with some problems with login, here is the script, index.php
?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>YouPhoto::Bem-Vindo</title>
<link href="yp.css" rel="stylesheet" type="text/css" />
</head>
<body>
<?php
include ("config.php");
$ligacao = mysql_connect($db_host, $db_user, $db_pass);
mysql_select_db($db_db);
//determine how much users are registered
$sql = "SELECT COUNT(u_id) AS cnt FROM users";
$res = mysql_query($sql) or die(mysql_error($ligacao));
$reg = mysql_fetch_array($res);
$cnt = $reg['cnt'];
// finish session
if($_GET['accao'] == 'logout') unset($_SESSION['login']);
// validate session
if($_POST['finicia']) {
$u_login = $_POST['fu_login'];
$u_pass = $_POST['fu_pass'];
$sql = "SELECT u_nome, u_sit, u_id, u_nivel FROM users
WHERE u_login = '$u_login' AND u_pass = PASSWORD('$u_pass')";
$res = mysql_query($sql);
if(mysql_num_rows($res) > 0) {
// foi encontrado e validado um utilizador
$reg = mysql_fetch_array($res);
$_SESSION['login'] = true;
$_SESSION['user'] = $u_login;
$_SESSION['nome'] = $reg['u_nome'];
$_SESSION['sit'] = $reg['u_sit'];
$_SESSION['uid'] = $reg['u_id'];
$_SESSION['nivel'] = $reg['u_nivel'];
} else $erro_login = "User or password wrong!";
}
?>
<div align="center"><img src="img/logo60x60.png" width="60" height="60" /></div>
<h1>YouPhoto</h1>
<div align="right">
<?php
if($_SESSION['login'] == false) {
?> <a href="registo.php">Register</a><br /> <?php
}
echo "$cnt registrated users! <br />";
if($_SESSION['login'] == true) {
echo "Bem vindo, " . $_SESSION['nome'];
?> <a href="perfil.php">Profile</a> |
<?php
if($_SESSION['nivel'] == '2') {
?><a href="moderador.php">Moderator</a> | <?php
} ?>
<a href="index.php?accao=logout">End Session</a> <?php
}
?>
</div>
<?php
if($_SESSION['login'] == false) {
?>
<div class="login">Login: <?php echo $erro_login; ?>
<form id="frm_login" name="frm_login" method="post" action="index.php">
<p>User:
<input name="fu_login" type="text" id="fu_login" value="<?php echo $u_login; ?>" size="24" maxlength="50" />
<br />
Pass:
<input name="fu_pass" type="password" id="fu_pass" size="8" maxlength="8" />
<input type="submit" name="finicia" id="finicia" value="Login" />
</p>
</form>
<?php
}
?>
</div>
<p align="center">youphoto@sapo.pt</p>
<?php
mysql_close($ligacao);
?>
</body>
</html>
Register.php
{
echo "The password has to have between 6 and 8 characters!";
$erro = true;
}
//verify email on database
if(!$erro) { //only tests if the form is correct!
$sql = "SELECT u_id FROM users WHERE u_login = '$u_login'";
$res = mysql_query($sql) or die(mysql_error($ligacao));
if(mysql_num_rows($res) > 0) {
echo "the email $u_login already exist!";
$erro = true;
}
}
//insert user on database
if($erro == false) {
$sql = "INSERT INTO users (u_login, u_nome, u_pass) VALUES
('$u_login', '$u_nome', PASSWORD('$u_pass1'))";
$res = mysql_query($sql) or die(mysql_error($ligacao));
$u_id = mysql_insert_id($ligacao);
echo "Registered <br />";
echo "$u_nome - $u_login <br />";
echo "a message was sent to $u_login to confirm register <br />";
$completo = true;
// enviar um e-mail para o utilizador, para confirmação do registo
$assunto = "YouPhoto: Confirmação de Registo";
$mensagem = "Caro(a), $u_nome <br />
Deverá confirmar o seu registo no site YouPhoto, clicando no link em baixo: <br />
<br />
<a href=\"http://nmbm.servehttp.com/youphoto/reg_conf.php?u_id=$u_id&u_login=$u_login\">Confirmação</a> <br />
<br />
A equipa do YouPhoto <br />
youphoto@sapo.pt<br />
http://nmbm.servehttp.com/youphoto<br />
<br />
<img src=\"http://nmbm.servehttp.com/youphoto/img/yp-logo.png\" width=\"120\" />";
$remetente =& new Swift_Address('youphoto@sapo.pt', 'YouPhoto');
//Start Swift
$smtp =& new Swift_Connection_SMTP("mx.sapo.pt");
$smtp->setUsername("youphoto@sapo.pt");
$smtp->setPassword("Y0uPh0t0");
$swift =& new Swift($smtp);
$message =& new Swift_Message($assunto, $mensagem);
$message->setContentType("text/html");
//Now check if Swift actually sends it
if ($swift->send($message, $u_login, $remetente)) {
echo "<br />Mensage sent <br />";
}
else echo "Failed";
}
}
if($completo == false) {
?>
<form id="frm_registo" name="frm_registo" method="post" action="registo.php">
<table width="98%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr><td width="160"> </td>
<td width="140"><label>Email:</label></td>
<td><input name="fu_login" type="text" id="fu_login" value="<?php echo $u_login; ?>" size="50" maxlength="50" /></td>
</tr>
<tr>
<td width="160"> </td>
<td width="140"><label>Name:</label></td>
<td><input name="fu_nome" type="text" id="fu_nome" value="<?php echo $u_nome; ?>" size="50" maxlength="50" /></td>
</tr>
<tr>
<td width="160"> </td>
<td width="140"><label>Password:</label></td>
<td><input name="fu_pass1" type="password" id="fu_pass1" size="8" maxlength="8" /></td>
</tr>
<tr>
<td width="160"> </td>
<td width="140"><label>Confirm:</label>
</td>
<td><input name="fu_pass2" type="password" id="fu_pass2" size="8" maxlength="8" /></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="fenvia" id="fenvia" value="Send" /></td>
</tr>
</table>
</form>
<?php
}
mysql_close($ligacao);
?>
</body>
</html>' target='_blank'> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>YP::Registo de Utilizador</title>
<link href="yp.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div align="center"><img src="img/logo60x60.png" width="60" height="60" /></div>
<h1>Registo de Utilizador</h1>
<div align="right"><a href="index.php">Voltar</a></div>
<?php
include("config.php");
// swift e.mail sender
//Load in the files we'll need
require_once "lib/Swift.php";
require_once "lib/Swift/Connection/SMTP.php";
$ligacao = mysql_connect($db_host, $db_user, $db_pass);
mysql_select_db($db_db);
$completo = false;
if($_POST['fenvia']) {
$u_login = $_POST['fu_login'];
$u_nome = $_POST['fu_nome'];
$u_pass1 = $_POST['fu_pass1'];
$u_pass2 = $_POST['fu_pass2'];
$erro = false;
// test the data
if(empty($u_login)) {
echo "e-mail not writen!";
$erro = true;
} else if(strlen($u_nome) < 10) {
echo "Name has to have at least 10 chars!";
$erro = true;
} else if(empty($u_pass1) or strcmp($u_pass1, $u_pass2) != 0) {
echo "Password are difrent!";
$erro = true;
} else if(strlen($u_pass1) < 6 or strlen($u_pass1) > {
echo "The password has to have between 6 and 8 characters!";
$erro = true;
}
//verify email on database
if(!$erro) { //only tests if the form is correct!
$sql = "SELECT u_id FROM users WHERE u_login = '$u_login'";
$res = mysql_query($sql) or die(mysql_error($ligacao));
if(mysql_num_rows($res) > 0) {
echo "the email $u_login already exist!";
$erro = true;
}
}
//insert user on database
if($erro == false) {
$sql = "INSERT INTO users (u_login, u_nome, u_pass) VALUES
('$u_login', '$u_nome', PASSWORD('$u_pass1'))";
$res = mysql_query($sql) or die(mysql_error($ligacao));
$u_id = mysql_insert_id($ligacao);
echo "Registered <br />";
echo "$u_nome - $u_login <br />";
echo "a message was sent to $u_login to confirm register <br />";
$completo = true;
// enviar um e-mail para o utilizador, para confirmação do registo
$assunto = "YouPhoto: Confirmação de Registo";
$mensagem = "Caro(a), $u_nome <br />
Deverá confirmar o seu registo no site YouPhoto, clicando no link em baixo: <br />
<br />
<a href=\"http://nmbm.servehttp.com/youphoto/reg_conf.php?u_id=$u_id&u_login=$u_login\">Confirmação</a> <br />
<br />
A equipa do YouPhoto <br />
youphoto@sapo.pt<br />
http://nmbm.servehttp.com/youphoto<br />
<br />
<img src=\"http://nmbm.servehttp.com/youphoto/img/yp-logo.png\" width=\"120\" />";
$remetente =& new Swift_Address('youphoto@sapo.pt', 'YouPhoto');
//Start Swift
$smtp =& new Swift_Connection_SMTP("mx.sapo.pt");
$smtp->setUsername("youphoto@sapo.pt");
$smtp->setPassword("Y0uPh0t0");
$swift =& new Swift($smtp);
$message =& new Swift_Message($assunto, $mensagem);
$message->setContentType("text/html");
//Now check if Swift actually sends it
if ($swift->send($message, $u_login, $remetente)) {
echo "<br />Mensage sent <br />";
}
else echo "Failed";
}
}
if($completo == false) {
?>
<form id="frm_registo" name="frm_registo" method="post" action="registo.php">
<table width="98%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr><td width="160"> </td>
<td width="140"><label>Email:</label></td>
<td><input name="fu_login" type="text" id="fu_login" value="<?php echo $u_login; ?>" size="50" maxlength="50" /></td>
</tr>
<tr>
<td width="160"> </td>
<td width="140"><label>Name:</label></td>
<td><input name="fu_nome" type="text" id="fu_nome" value="<?php echo $u_nome; ?>" size="50" maxlength="50" /></td>
</tr>
<tr>
<td width="160"> </td>
<td width="140"><label>Password:</label></td>
<td><input name="fu_pass1" type="password" id="fu_pass1" size="8" maxlength="8" /></td>
</tr>
<tr>
<td width="160"> </td>
<td width="140"><label>Confirm:</label>
</td>
<td><input name="fu_pass2" type="password" id="fu_pass2" size="8" maxlength="8" /></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="fenvia" id="fenvia" value="Send" /></td>
</tr>
</table>
</form>
<?php
}
mysql_close($ligacao);
?>
</body>
</html>
I would apreciate if anybody could help, the error is to either put the right password or wrong allways shows that the password is wrong
