Jump to content

[SOLVED] Login error...

jrws

By jrws
in PHP Coding Help

 Share

Recommended Posts

jrws Member

jrws

Posted
Posted 

<?php
include_once('functions.php');
if(isset($_POST['submit'])){
    $username = protect($_POST['user']);
    $password = protect(encrypt($_POST['password']));
    $query = "SELECT username, password,u_LV FROM 
                        user WHERE username ='$username' AND
                        password = '$password' 
                        AND u_lv BETWEEN 1 AND 6";
$result = mysql_query($query)or die("Error, please contact staff. $bugE");
if(mysql_num_rows($result)>0){
        Header("Location: logged_in.php");
    } else {
//Failed login, give error message.
    echo "<div align=center><b>Oops! Your login is wrong. Please try again.</b></div>";
    }
}
close()//Close Database
?>

 

Alright that's the code, now the problem. I am not sure but I think it is in the SQL syntax.

 

So what should happen is this:

user+password = login check;

login check = query database, see if username and password match or even exist AND their user level is 1 to 6 (1 = activated gets progressively higher in user stats i.e. 6 = admin).

IF login check fails (username/password don't match OR user not 1-6) give error message.

Else login the user.

 

 

So thats what should happen, but what is happening is that no matter what, login check fails and give the error message 

echo "<div align=center><b>Oops! Your login is wrong. Please try again.</b></div>";

What I want to know is what the problem is, and how I can fix it and identify it in the future as I am sure you guys get tired of solving code's for newbies/dunces like me.

Link to comment
Share on other sites
jrws Member

jrws

Posted
  • Author
Posted 

//Encypts user password or a string, can be used for the activation code.
function encrypt($string){
$string=md5(sha1(md5(sha1($string))));
return $string;
}
//Sanitizes user input
function protect($string)
{
    if (get_magic_quotes_gpc()) { //Check if magic_quotes is enabled
        $string = stripslashes($string);
    }
    $string = mysql_real_escape_string($string); //escape harmful characters
    $string = strip_tags($string); //remove HTML tags
    return trim($string); //Shorten string and return it
}

 

2.Well I just tried what you suggested about the username and password. Not matter what the password the outcome is always:

e8555537f6031e44c5c6937a3d62956a

 

 

3.

 echo "<div align=center><b>Oops! Your login is wrong. Please try again.</b></div>";

Link to comment
Share on other sites
jrws Member

jrws

Posted
  • Author
Posted

Indeed it is, I was just thinking to use md5+ a salt, but I thought, just try it wilth sha1 as well.

@MrAdam I don't think it is, because I have another test, but it doesn't search for user level, it just looks for username and password, and it works.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.