Jump to content

Help with login code - cant see the problem


Andy-H

Recommended Posts

This is my login code, it works fine up until the part after the password incorrect error, the session is not set and the header location does not redirect users. inc/db.php doesnt give any output...

 

<?php
session_start();
include_once 'inc/db.php';



if ($_POST['submit_x']){

if ( !isset($_POST['login']) || empty($_POST['login']) ){
	$err = 'Please enter your login name.';

}else{

if ( !isset($_POST['pass']) || empty($_POST['pass']) ){
	$err = 'Please enter your password.';

}else{

if ( (strlen($_POST['login']) < 3) || (strlen($_POST['login']) > 20) ){
	$err = 'Login name can only contain between 3 and 20 characters.';

}else{

if ( (strlen($_POST['pass']) < 6) || (strlen($_POST['pass']) > 20) ){
	$err = 'Password can only be between 6 and 20 characters.';

}else{

$login = md5($_POST['login']);
$pass  = md5($_POST['pass']);

$q1 = "SELECT user, pass FROM users WHERE login = '$login' LIMIT 1";
$r1 = mysql_query($q1)or trigger_error('Error on line: ' . __LINE__);
$n1 = mysql_num_rows($r1);

if ($n1 == 0){
	$err = 'Their is no account with that login name - login names are case sensitive.';

}else{

$r2 = mysql_fetch_row($r1);

$username = $r2[0];
$password = $r2[1];

if ($pass != $password){
	$err = 'Incorrect password - passwords are case sensitive.';

}else{

$_SESSION['user'] = $username;
$time = time() + 300;
$ip = $_SERVER['REMOTE_ADDR'];

$u1 = "UPDATE users SET last_login = '$date', active = '$time', ip = '$ip' WHERE user = '$username' LIMIT 1";
$u2 = mysql_query($u1)or trigger_error('Error on line: ' . __LINE__);

header('Location: main.php');

}}}}}}}



if (isset($err)){
$id  = 'id="err"';
$msg = '<strong>Error:</strong> ' . $err;
}else{
$id  = '';
$msg = '';
}

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>

<head>

<title> <?php echo $gamename . ' - ' . $motto; ?> </title>

<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
<link rel="stylesheet" type="text/css" href="style/style.php.inc" >

<meta name="Author" content="Andrew Michael Holland - UK" >
<meta name="Keywords" content="" >
<meta name="Description" content="" >
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="revisit-after" content="7 days">
<meta name="copyright" content="Copyright <?php echo $gamename; ?> All Rights reserved 2008+">
<meta name="Robots" content="follow,index">

<style type="text/css">
input
{
font-size:      12px;
vertical-align: text-center;
font-weight:    bold;
text-align:     center;
}

#err
{
color: red;
}
</style>

</head>

<body>

<p align="center" style="height: 15px;" <?php echo $id; ?>>   <?php echo $msg; ?>   </p>

<form action="" method="POST">

<table align="center" style="width: 938px; height: 501px; border: 0; border-collapse: collapse;" cellspacing="0" cellpadding="0">


<tr>
	<td colspan="7" style="background-image: url('images/LOG-IN_01.gif'); width: 938px; height: 200px; 
	border: 0px;"></td>

</tr>
<tr>
	<td rowspan="8" style="background-image: url('images/LOG-IN_02.gif'); width: 425px; height: 300px; 
	border: 0px;"></td>

	<td colspan="4" style="background-image: url('images/Login.gif'); width: 120px; height: 20px; 
	border: 0px; font-size: 12px;">

	<input type="text" name="login" style="background-color: #000000; color: #00c6ff; width: 120px; 
	height: 18px; border: none; position: relative; padding: 0px;" maxlength="20">

	</td>

	<td colspan="2" rowspan="6" style="background-image: url('images/LOG-IN_04.gif'); width: 393px; 
                height: 193px; border: 0px;"></td>

</tr>
<tr>
	<td colspan="4" style="background-image: url('images/LOG-IN_05.gif'); width: 120px; height: 66px; 
	border: 0px;"></td>

</tr>
<tr>
	<td colspan="4" style="background-image: url('images/Pass.gif'); width: 120px; height: 21px; 
	border: 0px;">

	<input type="password" name="pass" style="background-color: #000000; color: #00c6ff; width: 120px; 
	height: 18px; border: none; position: relative; padding: 0px;" maxlength="20">

	</td>

</tr>
<tr>
	<td colspan="4" style="background-image: url('images/LOG-IN_07.gif'); width: 120px; height: 8px; 
	border: 0px;"></td>

</tr>
<tr>
	<td colspan="2" rowspan="2" style="background-image: url('images/LOG-IN_08.gif'); width: 28px; 
                height: 78px; border: 0px;"></td>

	<td>

	<input type="image" name="submit" src="images/btn_Login.gif" alt="Login" style="height: 19px; 
	width: 58px; border: none;"></td>

	<td rowspan="2" style="background-image: url('images/LOG-IN_10.gif'); width: 34px; 
                height: 78px; border: 0px;"></td>

</tr>
<tr>
	<td style="background-image: url('images/LOG-IN_11.gif'); width: 58px; 
                height: 59px; border: 0px;"></td>

</tr>
<tr>
	<td rowspan="2" style="background-image: url('images/LOG-IN_12.gif'); width: 5px; 
                height: 107px; border: 0px;"></td>

	<td colspan="4">
		<img src="images/Screenshot.gif" width="120" height="22" alt=""></td>

	<td rowspan="2" style="background-image: url('images/LOG-IN_14.gif'); width: 388px; 
                height: 107px; border: 0px;"></td>

</tr>
<tr>
	<td colspan="4" style="background-image: url('images/LOG-IN_15.gif'); width: 120px; 
                height: 85px; border: 0px;"></td>

</tr>
<tr>
	<td style="background-image: url('images/spacer.gif'); width: 425px; height: 1px; border: 0px;"></td>
	<td style="background-image: url('images/spacer.gif'); width: 5px; height: 1px; border: 0px;"></td>
	<td style="background-image: url('images/spacer.gif'); width: 23px; height: 1px; border: 0px;"></td>
	<td style="background-image: url('images/spacer.gif'); width: 58px; height: 1px; border: 0px;"></td>
	<td style="background-image: url('images/spacer.gif'); width: 34px; height: 1px; border: 0px;"></td>
	<td style="background-image: url('images/spacer.gif'); width: 5px; height: 1px; border: 0px;"></td>
	<td style="background-image: url('images/spacer.gif'); width: 388px; height: 1px; border: 0px;"></td>
</tr>


</table>

</form>

<div align="center">
| <a href="register.php">Register</a> |
</div>

</body>

</html>

As a tip, you are giving away more information than is needed. When a user logs in, you should check it as

 

SELECT * FROM users WHERE username = '$username' && password = '$password';

 

If it returns a row, log them in. If it does not, then simply present the error message as 'Username or password incorrect'.

 

By telling users the login does not exist, and/or password is incorrect you are giving people hints as to whether their hacking is successful or not. Not good to give additional information.

 

If the login does or does not exist and/or password is wrong, just present the 'Username or password incorrect'.

 

Nate

 

If you are not getting any header errors that would prevent the session/redirect from working, have you checked if that part of the code is being executed? If the code branch is not being executed, check what the values are that are being compared to see what they actually are.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.