Jump to content

[SOLVED] Login Script


slapdashgrim

Recommended Posts

i built this script but its not working,

can some one tell me why.

it only querys when you use username as the username

but actual usernames that are in the database wont work.

 

here is the MYSQL table structure

INSERT INTO users VALUES (1, 'test', 'pass1', 1);

INSERT INTO users VALUES (2, 'slapdash', 'pass1', 1);

INSERT INTO users VALUES (3, 'Patrick123', 'pass1', 0);

INSERT INTO users VALUES (4, 'TESThha', 'pass1', 0);

here is the code of the login handle script.

 

<?php
if ($_POST['submit']=='Login'){
$username = $_POST["username"];
$password = $_POST["password"];
//Handle
dbmysqlcms();
$query = 'SELECT * FROM users WHERE username ='.$username;
if ($r = mysql_query ($query)) {
while ($row = mysql_fetch_array ($r)) {
$fail=NULL;
if ($username == $row['username'] && trim($password) == md5(trim($row['password']))) {
                $_SESSION['userName'] = $username;
                $_SESSION['admin'] = $row['admin'];
                $_SESSION['auth'] = TRUE;
                header('location: ../index.php');
}
if ($username != $row['username'] && md5(trim($password)) != trim($row['password'])) {
$fail = 1;
}//end auth if
}//end while
}//end query if
if ($fail == 1){header('location: ../index.php?act=login&alert=1&message='.urlencode('check your login information again, we were unable to log you in.'));}
}?>

 

i dont know what to do  ??? ???

please help

thankyou

Link to comment
Share on other sites

<?php
session_start();
if ($_POST['submit']=='Login'){
$username = trim($_POST["username"]);
$password = trim($_POST["password"]);
//Handle
dbmysqlcms();
$query = "SELECT * FROM users WHERE username ='" .$username . "'";
if ($r = mysql_query ($query)) {
while ($row = mysql_fetch_array ($r)) {
$fail=NULL;
if ($username == trim($row['username']) && $password == md5(trim($row['password']))) {
                $_SESSION['userName'] = $username;
                $_SESSION['admin'] = $row['admin'];
                $_SESSION['auth'] = TRUE;
                header('Location: ../index.php');
}
if ($username != $row['username'] && md5(trim($password)) != trim($row['password'])) {
$fail = 1;
}//end auth if
}//end while
}//end query if
if ($fail == 1){header('Location: ../index.php?act=login&alert=1&message='.urlencode('check your login information again, we were unable to log you in.'));}
}?>

Link to comment
Share on other sites

Without proper indent it's really difficult to debug. I would go this way:

 

<?php
session_start();
if(isset($_POST['submit'])){
     $username = mysql_real_escape_string(trim($_POST['username']));
     $password = md5(trim($_POST['password']));
     $results = mysql_query("SELECT username, admin FROM users WHERE username='$username'");
     if(mysql_num_rows($results) == 1){
          $values = mysql_fetch_array($results);
          $_SESSION['username'] = $values['username'];
          $_SESSION['admin'] = $values['admin'];
     } else{
          header('Location: blabla.php');
     }
}
?>

Link to comment
Share on other sites

okay i almost have it fixed.

it wont get past password authentication now.

<?php
if ($_POST['submit']=='Login'){
     $username = trim($_POST['username']);
     $password = md5(trim($_POST['password']));
     $results = mysql_query("SELECT username, admin, password FROM users WHERE username='$username'");
     if(mysql_num_rows($results) == 1){
          $values = mysql_fetch_array($results);
          if ($password == $values['password']){
             $_SESSION['userName'] = $values['username'];
             $_SESSION['admin'] = $values['admin'];
             $_SESSION['auth'] = TRUE;
             header('Location: ../index.php');
          }else{
              header('Location: ../index.php?act=login&alert=1&message='.urlencode('check your Password again, we were unable to log you in.'));
          }
     } else{
          header('Location: ../index.php?act=login&alert=1&message='.urlencode('check your login information again, we were unable to log you in.'));
     }
}
?>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.