Jump to content

Recommended Posts

What happens is, I type in the details, hit login and it pretty much just refreshed index.php and i see everything how index.php is suppost to look.

 

www.Team-Recoil.com/newtemplate  <-- register and try to login if you wish

 


<?php
error_reporting( E_ALL );
       set_ini('display_errors','On');

session_start();

// database information
$dbhost = "localhost";
$dbname = "";
$dbuser = "";
$dbpass = "";

// connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

// retrieve form input
$username = htmlentities(mysql_real_escape_string($_POST['username']));
$password = (md5($_POST['password']));

// query the database
$query = "SELECT * from users WHERE username='$username' and password='$password'";
$result = mysql_query($query) or die(mysql_error());
echo "query: $query";

$qAssoc = mysql_fetch_assoc($result);
$rank = $qAssoc['rank'];

if(mysql_num_rows($result) === 0 || $qAssoc['rank'] == 0){
include('incorrect.php');
}else{
if ( $rank == 1 ) {
	$_SESSION['registered'] = true;
}
if ( $rank == 2 ) {
	$_SESSION['member'] = true;
}
if ( $rank == 3 ) {
	$_SESSION['moderator'] = true;
}
if ( $rank == 4 ) {
	$_SESSION['admin'] = true;
}
header("Location: http://www.team-recoil.com/newtemplate/info.php");
}

// end of script
?>

 

I actually noticed I told you to do set_ini, i meant ini_set ... DOH!  Well, it is 0:35am... lol

 

Try the following and tell me if you get anything or if it just bombs, i've only syntax checked it as I don't

have database set up here.

 

<?php
// database information
$dbhost = "localhost";
$dbname = "";
$dbuser = "";
$dbpass = "";

error_reporting( E_ALL );

        ini_set('display_errors', 'On');

session_start();

define( 'DEBUG', true );

    function debug( $file, $line, $message )
{

	if ( !DEBUG ) return false;
	$message = htmlspecialchars( $message, ENT_QUOTES );
	echo "<p>DEBUG> In file $file at line $line:<br />{$message}";  

}

// connect to database
mysql_connect ( $dbhost, $dbuser, $dbpass ) or die("Could not connect: " . mysql_error() );
    mysql_select_db( $dbname ) or die( "Unable to select database {$dbname}: " . mysql_error() );

// retrieve form input
$username = htmlentities(mysql_real_escape_string($_POST['username']));
$password = $_POST['password'];

debug( __FILE__, __LINE__, "Username = {$username} Password = {$password}");

// query the database
$query = "SELECT * FROM users WHERE username='{$username}' AND password=MD5('{$password})'";

debug( __FILE__, __LINE__, "query: $query" );

$result = mysql_query($query) or die( mysql_error() );

$qAssoc = mysql_fetch_assoc($result);
    
$rank =@ (int)$qAssoc['rank'];

if( mysql_num_rows($result) == 0 || $rank == 0){

	require_once 'incorrect.php';

}
else
{

	$ranks = array(1=>'registered',
				   2=>'member',
				   3=>'moderator',
				   4=>'admin'
	); 

	if ( array_key_exists( $rank, $ranks ) )
	{

		$_SESSION[$ranks[$rank]] = true;

	}
	else
	{

		exit( debug( __FILE__, __LINE__, "There is no such rank "{$rank}"") );

	}

	exit( header("Location: http://www.team-recoil.com/newtemplate/info.php") );
}

// end of script
?>

<form method="post" name="login" action="login.php">
<ul>
<li id="loginform">Username: <input id="username" type="text" name="username" /> Password: <input id="password" type="password" name="password" /></li>
<li> <input type="image" value="Submit" src="login.gif" height="18px" style="padding-top:2px;" /> </li>
</ul>
</form>

 

I myself don't see any errors there.

encase you hadn't guessed, I'm not very experienced.

 

I made a boob, might not be the problem though, query line should be:

$query = "SELECT * FROM users WHERE username='{$username}' AND password=MD5('{$password}')";

 

The closing MD5 bracket was out of place.

 

I'm stumped otherwise, maybe someone else can pick this one up 'cos I need sleep.. hehe

 

No probs.

 

I'm guessing your php install is refusing to output error messages on that page for some reason, if you have

access, try checking the apache error_log because if php error logging is on the answer could be in there.

 

You could also try inserting the following snippet starting near the top of the page and working down as

you manage to get an 'OK' at certain lines.  Try placing it first just before you connect to mysql, if you get

the OK, move it down after the connect, if get OK move it down again.

 

Sometimes it just takes steps like this to work it out... lol

 


     exit("Got to line " . __LINE__ . " - OK ");

ended up messing around with webhost a bit and rewriting the login file, still need to edit it for multiple ranks but for the moment, it works. Thanks to all who helped!

 

Final Code:

<?php

//database info
$dbhost = "localhost";
$dbname = "";
$dbuser = "";
$dbpass = "";

//connect to db
mysql_connect($dbhost, $dbuser, $dbpass)or die("Could not connect:".mysql_error());
mysql_select_db($dbname)or die(mysql_error());

//make sure data was entered in the fields
if($_POST['username']!='' && $_POST['password']!='')
{
	//set field data vars
	$username = htmlentities(mysql_real_escape_string($_POST['username']));
	$password = md5($_POST['password']);

	//query db
	$query = "SELECT userid, username, rank FROM users WHERE username='".$username."' AND password='".$password."'";
	$result = mysql_query($query) or die(mysql_error());

	//check to see if there is a db match, if so do the following
	if(mysql_num_rows($result) === 1)
	{
		//check the rank of the user is 1, if so set $_SESSION['registered']
		$row = mysql_fetch_assoc($result);
		if($row['rank'] == 1)
		{
			//set the session and redirect user
			$_SESSION['registered'] =  TRUE;
			include('info.php');
		}else{
			//tell the user the account isn't activated if their rank is 0
			echo "Your account is not activated";
		}
	}else{
		//tell the user that they have entered an invalid username or password if this be the case
		echo "Invalid username or password";
	}

}else{
	//if they havn't entered anything in the login form, tell them
	echo "No username/password entered";
}

//end script
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.