Jump to content

[SOLVED] Login Script


slapdashgrim

Recommended Posts

i built this script but its not working,

can some one tell me why.

it only querys when you use username as the username

but actual usernames that are in the database wont work.

 

here is the MYSQL table structure

INSERT INTO users VALUES (1, 'test', 'pass1', 1);

INSERT INTO users VALUES (2, 'slapdash', 'pass1', 1);

INSERT INTO users VALUES (3, 'Patrick123', 'pass1', 0);

INSERT INTO users VALUES (4, 'TESThha', 'pass1', 0);

here is the code of the login handle script.

 

<?php
if ($_POST['submit']=='Login'){
$username = $_POST["username"];
$password = $_POST["password"];
//Handle
dbmysqlcms();
$query = 'SELECT * FROM users WHERE username ='.$username;
if ($r = mysql_query ($query)) {
while ($row = mysql_fetch_array ($r)) {
$fail=NULL;
if ($username == $row['username'] && trim($password) == md5(trim($row['password']))) {
                $_SESSION['userName'] = $username;
                $_SESSION['admin'] = $row['admin'];
                $_SESSION['auth'] = TRUE;
                header('location: ../index.php');
}
if ($username != $row['username'] && md5(trim($password)) != trim($row['password'])) {
$fail = 1;
}//end auth if
}//end while
}//end query if
if ($fail == 1){header('location: ../index.php?act=login&alert=1&message='.urlencode('check your login information again, we were unable to log you in.'));}
}?>

 

i dont know what to do  ??? ???

please help

thankyou

Link to comment
https://forums.phpfreaks.com/topic/121516-solved-login-script/
Share on other sites

<?php
session_start();
if ($_POST['submit']=='Login'){
$username = trim($_POST["username"]);
$password = trim($_POST["password"]);
//Handle
dbmysqlcms();
$query = "SELECT * FROM users WHERE username ='" .$username . "'";
if ($r = mysql_query ($query)) {
while ($row = mysql_fetch_array ($r)) {
$fail=NULL;
if ($username == trim($row['username']) && $password == md5(trim($row['password']))) {
                $_SESSION['userName'] = $username;
                $_SESSION['admin'] = $row['admin'];
                $_SESSION['auth'] = TRUE;
                header('Location: ../index.php');
}
if ($username != $row['username'] && md5(trim($password)) != trim($row['password'])) {
$fail = 1;
}//end auth if
}//end while
}//end query if
if ($fail == 1){header('Location: ../index.php?act=login&alert=1&message='.urlencode('check your login information again, we were unable to log you in.'));}
}?>

Link to comment
https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-626663
Share on other sites

Without proper indent it's really difficult to debug. I would go this way:

 

<?php
session_start();
if(isset($_POST['submit'])){
     $username = mysql_real_escape_string(trim($_POST['username']));
     $password = md5(trim($_POST['password']));
     $results = mysql_query("SELECT username, admin FROM users WHERE username='$username'");
     if(mysql_num_rows($results) == 1){
          $values = mysql_fetch_array($results);
          $_SESSION['username'] = $values['username'];
          $_SESSION['admin'] = $values['admin'];
     } else{
          header('Location: blabla.php');
     }
}
?>

Link to comment
https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-626713
Share on other sites

okay i almost have it fixed.

it wont get past password authentication now.

<?php
if ($_POST['submit']=='Login'){
     $username = trim($_POST['username']);
     $password = md5(trim($_POST['password']));
     $results = mysql_query("SELECT username, admin, password FROM users WHERE username='$username'");
     if(mysql_num_rows($results) == 1){
          $values = mysql_fetch_array($results);
          if ($password == $values['password']){
             $_SESSION['userName'] = $values['username'];
             $_SESSION['admin'] = $values['admin'];
             $_SESSION['auth'] = TRUE;
             header('Location: ../index.php');
          }else{
              header('Location: ../index.php?act=login&alert=1&message='.urlencode('check your Password again, we were unable to log you in.'));
          }
     } else{
          header('Location: ../index.php?act=login&alert=1&message='.urlencode('check your login information again, we were unable to log you in.'));
     }
}
?>

Link to comment
https://forums.phpfreaks.com/topic/121516-solved-login-script/#findComment-629277
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.