Lukeidiot Posted May 11, 2008 Share Posted May 11, 2008 any idea guys? http://lockpick.lukeidiot.com/?go=login Register.php <?php # include the config file //included in index.php as my navigation naturally includes all pages "?go=page".. if ($_POST['Submit']){ # check to see if the form was submitted # if so... $payout = clean($_POST['type']); //Luke: Adds user's payout.. $type = clean($_POST['type']); # adds user's account type $username = clean($_POST['username']); # post the form fields and clean the strings $password = clean($_POST['password']); $password_con = clean($_POST['password_con']); $email = clean($_POST['email']); $ip = clean($_SERVER['REMOTE_ADDR']); # get the IP of the browsing computer $signup = date('m/d/y'); # get the timestamp of the signup if (!$username | !$password | !$password_con | !$email){ # if any of the strings form the form are empty echo 'You must fill in every field. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } else { if ($password != $password_con){ # if the passwords do not match echo 'Password fields did not match. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } else { $username_test = "SELECT * FROM `users` WHERE username = '$username'"; $username_test = mysql_query($username_test); # check if the username is already in use if (mysql_num_rows($username_test) == 1){ # if the username is being used echo 'Username is already being used. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } else { $md5pass = md5($password); # change the password to an md5 hash $type = 'Customer'; //sets default "type" $payout = '0.00'; //sets default payout when registering. "payout" #default signup is customer. $add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', $payout')"; # setup a query to insert the data into the table. mysql_query($add); # run the query echo 'Success. You are now registered.<br />'; echo 'Login using the following information:<br />'; echo 'Username: '.$username.'<br />'; echo 'Password: '.$password; } } } } else { # else the form was not submitted ?> <form method="post" action="<?=$_SERVER['REQUEST_URI']?>"> Username:<br /> <input type="text" name="username"> <br /> Password:<br /> <input type="password" name="password"> <br /> Confirm Password:<br /> <input type="password" name="password_con"> <br /> E-mail:<br /> <input type="text" name="email"> <br /> <input type="submit" name="Submit" value="Register"> </form> <? } ?> Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted May 11, 2008 Share Posted May 11, 2008 No idea. Post your relevant code. Quote Link to comment Share on other sites More sharing options...
Lukeidiot Posted May 11, 2008 Author Share Posted May 11, 2008 No idea. Post your relevant code. also: http://lockpick.lukeidiot.com/?go=register and login.php <?php $_SESSION['username'] = $username; if (empty($online['id'])){ if ($_POST['Login']) { $user = clean($_POST['username']); $pass = clean($_POST['password']); if (!$user | !$pass){ echo 'You left a field empty. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } else { $pass = md5($pass); $query = "SELECT * FROM `users` WHERE username = '$user' AND password = '$pass'"; $query = mysql_query($query); $values = mysql_fetch_array($query); if (mysql_num_rows($query) == 1){ $expire = time() + (7*86400); setcookie("username", $user, $expire); echo 'Success, you have been logged in!<br />'; echo '<a href="?go=cpanel">Continue to Cpanel</a>.'; } else { echo 'Incorrect username and password. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.'; } } } else { ?> <form method="post" action="<?=$_SERVER['REQUEST_URI']?>"> Username:<br /> <input name="username" type="text" id="username"> <br /> Password:<br /> <input name="password" type="password" id="password"> <br /> <input name="Login" type="submit" id="Login" value="Login"> </form> <? } } else { echo 'You are already logged in!<br>'; echo '<a href="?go=cpanel">Continue to Cpanel</a>.'; } ?> Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted May 11, 2008 Share Posted May 11, 2008 1.) Try adding an or die statement to your query whenever you're having query troubles: mysql_query($add) or die(mysql_error().'<br />Query was:'.$add); 2.) You're not using the md5() function to the password on the registration page, but you are on the registration page - therefore, the passwords will never match. Quote Link to comment Share on other sites More sharing options...
Lukeidiot Posted May 11, 2008 Author Share Posted May 11, 2008 This is what it gave me: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1 Query was:INSERT INTO `users` VALUES ('', 'paytest', '098f6bcd4621d373cade4e832627b4f6', 'test', '76.106.186.10', '05/11/08', 'Customer', 0.00') Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted May 11, 2008 Share Posted May 11, 2008 Well there you are then, you're missing a quote: $add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', $payout')"; Should be: $add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', '$payout')"; Quote Link to comment Share on other sites More sharing options...
Lukeidiot Posted May 11, 2008 Author Share Posted May 11, 2008 Well there you are then, you're missing a quote: $add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', $payout')"; Should be: $add = "INSERT INTO `users` VALUES ('', '$username', '$md5pass', '$email', '$ip', '$signup', '$type', '$payout')"; Thanks, sometimes the small mistakes really get you lol PS: When I try to login, it says "Successfully logged in" but when i try to goto cpanel, it says "you need to be logged in"? Quote Link to comment Share on other sites More sharing options...
Lukeidiot Posted May 11, 2008 Author Share Posted May 11, 2008 Any idea? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.