Jump to content

treilad

Members
  • Posts

    58
  • Joined

  • Last visited

    Never

Posts posted by treilad

  1. I'm trying to get my login script to install an additional cookie if the person logging in is an administrator. Here is my login code:

    [code]<?php

    include ('db.php');

    if(isset($_COOKIE['ID_my_site']))

    {
    $username = $_COOKIE['ID_my_site'];
    $pass = $_COOKIE['Key_my_site'];

    $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

    while($info = mysql_fetch_array( $check ))
    {

    if ($pass != $info['password'])
    {

    }

    else
    {
    header("Location: index.php");

    }

    }

    }


    if (isset($_POST['submit'])) {


    if(!$_POST['username'] | !$_POST['pass']) {
    die('You did not fill in a required field.');
    }

    // checks it against the database

    if (!get_magic_quotes_gpc()) {
    $_POST['email'] = addslashes($_POST['email']);
    }

    $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or

    die(mysql_error());

    $check2 = mysql_num_rows($check);
    if ($check2 == 0) {
    die('That user does not exist in our database. <a href=registration.php>Click Here to

    Register</a>');
    }


    while($info = mysql_fetch_array( $check ))
    {

    $_POST['pass'] = stripslashes($_POST['pass']);
    $info['password'] = stripslashes($info['password']);
    $_POST['pass'] = md5($_POST['pass']);


    if ($_POST['pass'] != $info['password']) {
    die('Incorrect password, please try again.');
    }

    else
    {

    $_POST['username'] = stripslashes($_POST['username']);

    $hour = time() + 2592000;
    setcookie(ID_my_site, $_POST['username'], $hour);
    setcookie(Key_my_site, $_POST['pass'], $hour);


    header("Location: admincheck.php");
    }

    }

    } else {

    ?>

    <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
    <table border="0">
    <tr><td colspan=2><h1>Login</h1></td></tr>
    <tr><td>Username:</td><td>
    <input type="text" name="username" maxlength="40">
    </td></tr>
    <tr><td>Password:</td><td>
    <input type="password" name="pass" maxlength="50">
    </td></tr>
    <tr><td colspan="2" align="right">
    <input type="submit" name="submit" value="Login">
    </td></tr>
    </table>
    </form>
    <?php
    }


    ?>[/code]

    Admincheck.php would be the code that checked to see if the ID_my_site cookie contained the name 'Treilad'. If it did, it would install the Admin_my_site cookie. If not, it would header to index.php. How can I get it to check if the cookie contains 'Treilad'?

    I also tried this under the setcookies in the login code:

    if($_POST['username'] = 'Treilad' && $_POST['pass'] = 'letmein'){
    setcookie(Admin_my_site, $_POST['username'], $hour);
    }

    but it sets the cookie no matter who logs in, ignoring the conditional.
  2. Wait, is a session even necessary if I already have a cookie set with the username?

    I think I could do it if I knew how to echo something from the cookie:

    <?php

    if(isset($_COOKIE['ID_my_site']))

    {
    echo 'the username';
    }


    ?>
  3. I added this to the login code:

    $_SESSION['username'] = '$_POST['username']';

    -right after the setcookie() function.

    Could I do that and just session_start(); at the beginning of my index page, and then maybe echo the username? (That last part I don't know how to do.)
  4. That sounds like the better idea, I'm just not sure how to do that.  :-[ But I'll get to work on trying. Here's my login script, if it helps.

    [code]<?php

    include ('db.php');

    if(isset($_COOKIE['ID_my_site']))

    {
    $username = $_COOKIE['ID_my_site'];
    $pass = $_COOKIE['Key_my_site'];

    $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

    while($info = mysql_fetch_array( $check ))
    {

    if ($pass != $info['password'])
    {

    }

    else
    {
    header("Location: index.php");

    }

    }

    }


    if (isset($_POST['submit'])) { // if form has been submitted


    if(!$_POST['username'] | !$_POST['pass']) {
    die('You did not fill in a required field.');
    }

    // checks it against the database

    if (!get_magic_quotes_gpc()) {
    $_POST['email'] = addslashes($_POST['email']);
    }

    $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

    $check2 = mysql_num_rows($check);
    if ($check2 == 0) {
    die('That user does not exist in our database. <a href=registration.php>Click Here to Register</a>');
    }


    while($info = mysql_fetch_array( $check ))
    {

    $_POST['pass'] = stripslashes($_POST['pass']);
    $info['password'] = stripslashes($info['password']);
    $_POST['pass'] = md5($_POST['pass']);


    if ($_POST['pass'] != $info['password']) {
    die('Incorrect password, please try again.');
    }

    else
    {

    $_POST['username'] = stripslashes($_POST['username']);


    $hour = time() + 2592000;
    setcookie(ID_my_site, $_POST['username'], $hour);
    setcookie(Key_my_site, $_POST['pass'], $hour);

    header("Location: index.php");
    }

    }

    } else {

    ?>

    <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
    <table border="0">
    <tr><td colspan=2><h1>Login</h1></td></tr>
    <tr><td>Username:</td><td>
    <input type="text" name="username" maxlength="40">
    </td></tr>
    <tr><td>Password:</td><td>
    <input type="password" name="pass" maxlength="50">
    </td></tr>
    <tr><td colspan="2" align="right">
    <input type="submit" name="submit" value="Login">
    </td></tr>
    </table>
    </form>
    <?php
    }


    ?>[/code]
  5. I had just gotten my login system working and downloaded PHPBB, when I realized that when people register, I don't want them to have to register again on my forum. I'd like to have a registration code that puts the info into both tables, but I don't want them to have to register with PHPBB first. I don't know how to do that since PHPBB's register script is a lot more complicated than the one I'm running. After that, I also decided to update my registration code, which I haven't gotten working yet. So here is my new code that I copied from somewhere and edited a little bit, (hence the third-party forum):

    [code]<?php
    ob_start();
    include("db.php");

    if($_POST['register']){
    $username = $_POST['username'];
    $password = $_POST['pass'];
    $cpassword = $_POST['cpass'];
    $email = $_POST['emai1'];

    if($username==NULL|$password==NULL|$cpassword==NULL|$email==NULL){

    echo "A Field was left blank.";
    }else{
    if($password != $cpassword){
    echo "Passwords do not match";
    }else{
    $password = md5($password));

    $checkname = mysql_query("SELECT username FROM users WHERE username='$username'");
    $checkname = mysql_num_rows($checkname);
    $checkemail = mysql_query("SELECT email from users WHERE email='$email'");
    $checkemail = mysql_num_rows($checkemail);
    if($checkemail>0){
    echo "We already have a registered user with that email address. Please only register one account.";
    }
    if($checkname>0){
    echo "This username is already in use. Please try another or <a href="./index.php">login</a>.
    }
    else
    {
    $username = htmlspecialchars($username);
    $password = htmlspecialchars($password);
    $email = htmlspecialchars($email);

      $valnum[1]="789542433888764";
      $valnum[2]="876954214834687";
      $valnum[3]="138732418699423";
      $valnum[4]="546311421867355";
      $valnum[5]="875632177863879";
      $valnum[6]="789876546489646";
      $valnum[7]="847515815845181";
      $valnum[8]="848584185618485";
      $valnum[9]="946181458518515";
      $valnum[10]="321312515813485";
      $random = rand(1, count($valnum));
    $userval = "$valnum[$random]";


    $query = mysql_query("INSERT INTO users (username, password, email, val_num) VALUES('$username','$password','$email', '$userval')");


    mail("$email", "Please validate your account.", "Thank you for registering at YOURSITE. Please use the link below to validate your account.

    Username: $username
    Validation Code: $userval
    To validate your account, visit: http://localhost/validate.php?username={$_POST['username']}

    If your username has spaces in it, you must replace them with %20");
    echo "You have successfully registered! Please check your email for your validation link!";
    }
    }
    }
    }else{
    echo ("
    <center>
    <form method=\"POST\">
    Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\"><br />
    Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"pass\"><br />
    Confirm Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"cpass\"><br />
    Email: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"emai1\"> (Requires Validation)<br />
    <input name=\"register\" type=\"submit\" value=\"Register\">
    </form>
    </center>
    ");
    }
    ?>[/code]

    Here is my login script:

    [code]<?php
    ob_start();
    include("db.php");

    if($_POST['register']){
    $username = $_POST['username'];
    $password = $_POST['pass'];
    $cpassword = $_POST['cpass'];
    $email = $_POST['emai1'];

    if($username==NULL|$password==NULL|$cpassword==NULL|$email==NULL){

    echo "A Field was left blank.";
    }else{
    if($password != $cpassword){
    echo "Passwords do not match";
    }else{
    $password = md5($password));

    $checkname = mysql_query("SELECT username FROM users WHERE username='$username'");
    $checkname = mysql_num_rows($checkname);
    $checkemail = mysql_query("SELECT email from users WHERE email='$email'");
    $checkemail = mysql_num_rows($checkemail);
    if($checkemail>0){
    echo "We already have a registered user with that email address. Please only register one account.";
    }
    if($checkname>0){
    echo "This username is already in use. Please try another or <a href="./index.php">login</a>.
    }
    else
    {
    $username = htmlspecialchars($username);
    $password = htmlspecialchars($password);
    $email = htmlspecialchars($email);

      $valnum[1]="789542433888764";
      $valnum[2]="876954214834687";
      $valnum[3]="138732418699423";
      $valnum[4]="546311421867355";
      $valnum[5]="875632177863879";
      $valnum[6]="789876546489646";
      $valnum[7]="847515815845181";
      $valnum[8]="848584185618485";
      $valnum[9]="946181458518515";
      $valnum[10]="321312515813485";
      $random = rand(1, count($valnum));
    $userval = "$valnum[$random]";


    $query = mysql_query("INSERT INTO users (username, password, email, val_num) VALUES('$username','$password','$email', '$userval')");


    mail("$email", "Please validate your account.", "Thank you for registering at YOURSITE. Please use the link below to validate your account.

    Username: $username
    Validation Code: $userval
    To validate your account, visit: http://localhost/validate.php?username={$_POST['username']}

    If your username has spaces in it, you must replace them with %20");
    echo "You have successfully registered! Please check your email for your validation link!";
    }
    }
    }
    }else{
    echo ("
    <center>
    <form method=\"POST\">
    Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\"><br />
    Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"pass\"><br />
    Confirm Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"cpass\"><br />
    Email: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"emai1\"> (Requires Validation)<br />
    <input name=\"register\" type=\"submit\" value=\"Register\">
    </form>
    </center>
    ");
    }
    ?>[/code]

    Any tips on making these cooperate? I haven't done a whole lot to the registration code so I'm quite sure that it needs some/a lot of editing. If it's impossible or would be too much trouble to have registration on my website rather than registering on PHPBB, then I'll gladly just make the registration on PHPBB. Thanks in advance. :)

    -Matt
  6. Worked fine for me, but I echoed it all in one piece.

    [quote]<?php


    echo "<table><tr>
    <td><a href=". $img ." target='new'><img src=' " . $img . "' height='75' width='100'><br /><br />
    </td>
    </tr>
    <tr>
    <td>
    Title
    </td>
    </tr></table>";

    ?>[/quote]

  7. Manichean is right, but you had a couple other errors. My solution that may or may not save you a lot of time:

    Complete new code:

    [code]<form action="modules.php?name=admin&amp;op=login" method="post" enctype="multipart/form-data">
    Username:&nbsp;<input type="text" name="name" /><br />
    Password:&nbsp;&nbsp;<input type="password" name="pass" />
    <input type="submit" value="Login" />
    </form>

    <?php

    require $dir."config.php";

    $Query = "SELECT * FROM user WHERE username = '$_POST[user]'";
    $result = mysql_query($query);
    while ($row = mysql_fetch_array($result)) {


    $username = $row['username'];
    $password = $row['password'];
    $randomword = dsiadopdjkspodjsadchocolatemousse;
    $postpass = (md5($_POST['pass']));

    if (isset($_COOKIE['cplogin'])) {
      if ($_COOKIE['cplogin'] == md5($password.$randomword)) {

          exit;
      } else {
          echo "<p>Bad cookie. Clear please clear them out and try to login again.</p>";
          exit;
      }
    }

    if (isset($_GET['p']) && $_GET['op'] == "login") {
      if ($_POST['name'] != $username) {
          echo "<p>Sorry, that username does not match. Use your browser back button to go back and try again.</p>";
          exit;
      } else if ($postpass != $password) {
          echo "<p>Sorry, that password does not match. Use your browser back button to go back and try again.</p>";
          exit;
      } else if ($_POST['name'] == $username && $postpass == $password) {
          setcookie('cplogin', md5($_POST['pass'].$randomword));
          echo "<p>Welcome to the Control Panel</p>";
      } else {
          echo "<p>Sorry, you could not be logged in at this time. Refresh the page and try again.</p>";
      }
    }
    }
    ?>[/code]

    Be sure you copy your old code into a new file, so that if this doesn't work you'll have it.

    Next time, tell us where line 34 is so we don't have to count.

  8. I've read a few tutorials on how to set up the mail() function to work and they haven't helped much. I downloaded a free SMTP server because I knew I'd need one, but that's as far as I've gotten. Can someone briefly explain how to set this up and have it work?
  9. All the addslashes function does is put backslashes before something that would interfere with the script. Example:

    [quote]echo "<a href="phpfreaks.com">";[/quote]

    If this were your script, all that would be echoed is "<a href=". That's because you started the echo with (") so the next (") it sees will end the echo. The correct code would be:

    [quote]echo "<a href=\"phpfreaks.com\">";[/quote]

    Notice the backslash before the quotations that are part of the echo. If you use the addslashes function, it automatically adds the backslashes before the quotes that are part of the echo, rather than you having to manually put them in.

    Hope that helps. :)
  10. [quote]if (!isset($_COOKIE['my_site_id'])) {
        echo 'Gotta log in, dude.';
        die();
    }[/quote]

    ;D One problem solved!

    EDIT:

    Anybody know why this won't work?

    [code]<?php
    if (!isset($_COOKIE['ID_my_site'])) {
        header('loginpage.php');
        die();
    }
    ?>[/code]

    This is at the top of index.php. If the cookie isn't set, I want it to header to loginpage.php. 'Cept it just stays at index and the page is blank because of the die() statement. It won't header.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.