Jump to content

[SOLVED] A few questions

Dvdbrink

By Dvdbrink
in PHP Coding Help

 Share

Recommended Posts

Dvdbrink Newbie

Dvdbrink

Posted
Posted

First of all, I'm new to PHP. Please do not terrorize this topics with poitnless posts saying that I and my code suck.

 

I'll first post here some codes were I'm going to ask questions about.

login.php

<?php
require_once('inc/dbconnect.php');

session_start();
if($_SESSION['logged'])
{
$result = mysql_query("SELECT * FROM users") or die(mysql_error()); 
while($row = mysql_fetch_array($result)) 
{
if($row['rank']=="admin") 
{
	echo "Welcome ". $_SESSION['username'] ." !<br />";
	echo "[<a href=\"\">Admin Panel</a>]<br />";
	echo "[<a href=\"\">Mod Panel</a>]<br />";
	echo "[<a href=\"logout.php\">logout</a>] ";
}
if($row['rank']=="mod") 
{
	echo "Welcome ". $_SESSION['username'] ." !<br />";
	echo "[<a href=\"\">Mod Panel</a>]<br />";
	echo "[<a href=\"logout.php\">logout</a>] ";
}
if($row['rank']=="member") 
{
	echo "Welcome ". $_SESSION['username'] ." !<br />";
	echo "[<a href=\"logout.php\">logout</a>] ";
}
}

}
else
{
echo "
<form action=\"?login=check\" method=\"post\">
Username:<input type=\"text\" name=\"username\" /><br />
Password:<input type=\"password\" name=\"password\" /><br />
<input type=\"submit\" name=\"login\" value=\"Login\" />
</form>
";
}

if($_GET['login'] == "check") 
{ 
include("check_login.php"); 
} 
?>

check_login.php

<?php
require_once('inc/dbconnect.php');

session_start();
if($_POST['login'])
{
$username = addslashes($_POST['username']);
    $password = md5($_POST['password']);
    $sql = "SELECT * FROM users WHERE username = '".$username."' AND password = '".$password."' AND rank";
    $result = mysql_query($sql);	

if(mysql_num_rows($result) != 1) 
{
	header('Refresh: 5; url=index.php');
                echo "<b>Wrong Username and/or Password!</b>";
} 
else 
{
	$_SESSION['logged'] = true;
	$_SESSION['username'] = $username;
    	        header('location:index.php');
}
}
?>

register.php

<?php
require_once('inc/dbconnect.php');

session_start();
if($_SESSION['logged'])
{
header('Refresh: 5; url=index.php');
echo "You are already registered!";
}

if(isset($_POST['register']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);
$rank = "member";
mysql_query("INSERT INTO users (username, password, email, rank) VALUES ('".$username."', '".$password."', '".$email."', '".$rank."') ");
echo "Registration successfull! You can login now.";
}
else
{
echo "<h2>Register</h2>";
echo "
<form action=\"register.php\" method=\"post\">
<label>Username</label> <input type=\"text\" name=\"username\" /><br />
<label>Password</label> <input type=\"password\" name=\"password\" /><br />
<label>Confirm Password</label> ******<br />
<label>E-Mail</label> <input type=\"text\" name=\"email\" /><br />
<input type=\"submit\" name=\"register\" value=\"Register\" />
</form>
";
}
?>

Questions:

1.I'm pretty sure this code is not save at all. How can people 'hack' my member system? I would like to know that.

2.What is the best way to protect a member system.

3.In check_login.php, how come when I change my code to:

<?php
require_once('inc/dbconnect.php');

session_start();
if($_POST['login'])
{
$username = addslashes($_POST['username']);
    $password = md5($_POST['password']);
    $sql = "SELECT * FROM users WHERE username = '".$username."' AND password = '".$password."' AND rank";
    $result = mysql_query($sql);	

if(mysql_num_rows($result) = 1) 
{
	$_SESSION['logged'] = true;
	$_SESSION['username'] = $username;
    	        header('location:index.php');
} 
else 
{
                header('Refresh: 5; url=index.php');
                echo "<b>Wrong Username and/or Password!</b>";
}
}
?>

I get this error: "Fatal error: Can't use function return value in write context in /home/dvdbrink/domains/dvdbrink.gethost.nl/public_html/check_login.php on line 12".

4.Any other tips for a beginner in PHP for a member-system?

 

Thanks in advance,

Dvdbrink.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.