Hi,
Well Um im really stumped on this one. I've tried everything. This is Dreamweaver generated code, there is a develop package ad-on for dreamweaver, but I don't feal like paying that much for it. if you could help me modify this code to check the database using md5 that would really help my ache here.
The database details are:
the database is called webapp
the table is users
and the password and username sections of that table are what this code is checking.
Access level checking through Dreamweaver is on here, so there is almost a duplicate code.
heres my code. I hope you can help.
<?php require_once('../Connections/BPA.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
mysql_select_db($database_BPA, $BPA);
$query_login = "SELECT * FROM users";
$login = mysql_query($query_login, $BPA) or die(mysql_error());
$row_login = mysql_fetch_assoc($login);
$totalRows_login = mysql_num_rows($login);
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "http://jaikobcreate.com/bpa/user/panel.php";
$MM_redirectLoginFailed = "https://jaikobcreate.com/bpa/user/login.php?error=Invalid Username Or Password!";
$MM_redirecttoReferrer = false;
mysql_select_db($database_BPA, $BPA);
$LoginRS__query=sprintf("SELECT username, password FROM users WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $BPA) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "admin";
$MM_redirectLoginSuccess = "http://jaikobcreate.com/bpa/user/panel.php";
$MM_redirectLoginFailed = "https://jaikobcreate.com/bpa/user/login.php?error=Invalid Username Or Password!";
$MM_redirecttoReferrer = false;
mysql_select_db($database_BPA, $BPA);
$LoginRS__query=sprintf("SELECT username, password, admin FROM users WHERE username=%s AND password=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $BPA) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'admin');
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
$_SESSION['user'] = $_POST['username'];
$_SESSION['user_id'] = $_POST['username'];
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>
<html>
<head>
<title>Welcome To Chicago! - Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="../style.css" rel="stylesheet" type="text/css">
<script src="../Scripts/AC_RunActiveContent.js" type="text/javascript"></script>
</head>
<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<table width="952" height="575" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" class="tblborder" id="Table_01">
<tr>
<td width="1" height="227">
<img src="../images/Stage_3_Design_01.jpg" width="1" height="227" alt=""></td>
<td width="949" valign="top"><script type="text/javascript">
AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0','width','949','height','227','src','../images/banner','quality','high','pluginspage','http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash','movie','../images/banner' ); //end AC code
</script>
<noscript><object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0" width="949" height="227">
<param name="movie" value="../images/banner.swf">
<param name="quality" value="high">
<embed src="../images/banner.swf" quality="high" pluginspage="http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash" type="application/x-shockwave-flash" width="949" height="227"></embed>
</object></noscript></td>
</tr>
<tr>
<td height="67" colspan="2" valign="middle" background="../images/Stage_3_Design_03.jpg">
<table width="946" height="62" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td align="right" valign="middle">
<div align="center" class="style3">
<div align="right"><?php include('../navigation.php'); ?></div></td>
</tr>
<tr>
<td><div align="right"><?php include('include.php'); ?></div></td>
</tr>
</table></td>
</tr>
<tr>
<td colspan="2" align="center" valign="top" bgcolor="#FFFFFF" class="footer"><table width="949" height="40" border="0" align="center" cellpadding="0" cellspacing="0" class="norepeat_underheader">
<tr>
<td width="949" valign="top">
<p> </p>
<p> </p>
<p> </p>
<table width="322" height="228" border="0" align="center" bgcolor="#475A7B" class="tblborder opacity">
<tr>
<td width="314" height="222" valign="top"><p>User Login:</p>
<form action="<?php echo $loginFormAction; ?>" method="POST" name="login" id="login">
<label>
<div align="center"><em>Username:</em>
<input name="username" type="text" class="FieldStyle" id="username" size="15">
<br />
<em>Password:</em>
<input name="password" type="password" class="FieldStyle" id="password" size="17">
<br />
<label>
<a href="https://jaikobcreate.com/bpa/user/step1.php" target="_blank">Forgot Your Password?</a>
<div align="right">
<input name="button" type="submit" id="button" value="Login">
</div>
</label>
</div>
<div align="center"></div>
<label> </label>
</form>
<table width="259" height="33" border="0" align="center" bgcolor="#1B2E4E" class="tblborder">
<tr>
<td width="251" align="center"><p>If you are not yet a registered user, please Sign-up now!</p>
<p><a href="register.php" target="_blank">Register</a> | <a href="https://jaikobcreate.com/bpa/admin">If Your An Admin, Log-in</a></p></td>
</tr>
</table>
<p align="center" class="style5"><?php echo $_GET['error']; ?></p></td>
</tr>
</table>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p></td>
</tr>
</table>
<p> </p>
<p> </p>
<p> </p>
<p> </p></td>
</tr>
</table>
<?php include('../footerbar.php'); ?>
</body>
</html>
<?php
mysql_free_result($login);
?>