Jump to content

Login script completely busted

PC Nerd

By PC Nerd
in PHP Coding Help

 Share

Recommended Posts

PC Nerd Advanced Member

PC Nerd

Posted
Posted
i am writting a login script, that checks by comparing $_POST['User_Name']  to $_DATABASE_REQUEST['User_Name'] and the same with the password. basically it goes if(password and usernames match) {complete login sequence}
else{echo there was an error and prompt to login again}

here is the login script, and the include file

SCRIPT:

[code]<html>

<head>

<link rel="stylesheet" type="text/css" href="B_A-CSS.css">
<title>Login</title>
</head>

<body>


<table>
<thead>
<td  class = left>
<img src="Graphics/Draft Logo.jpg"
alt="Logo">
</td>

<td class = centre>
<b><font color = "#006600"><center><h1>TITLE</h1></center></font></b>
</td>

<td class = right>
<img src="Graphics/Draft Logo.jpg"
alt="Logo">
</td>

</thead>

<tbody>
<tr>

<td class = left>
</td>

<td class = centre>


<?PHP

include("inc files/Database link.inc");
                $User_Name = $_POST['User_Name'];
$User_SQL = "SELECT User_Name, Password FROM Table_1 WHERE User_Name = '" . $_POST['User_Name'] ."' ";

$result = @mysql_query($User_SQL, $DB_Server);

                if(!$result){
                        echo "Unable to perform query: $User_SQL<br>";
                        echo mysql_error();
                }

$confirm = mysql_fetch_array($result);

if($confirm['User_Name'] == $_POST['User_Name'] and $confirm['Password'] == $_POST['Password']){

echo "<p>Please type what you see in the image.This is to stop scripts from playing the game for you.  Please read the Rules for more information.  The Image is Case sensitive.</p>";
$pic = rand(1,6);
echo "<img src = 'Graphics/Login $pic.jpeg' alt = 'Login'>";
                                $User_Name = $_POST['USer_Name'];
                                $Password = $_POST['Password'];
                                $Pic_Value = $_POST['Pic_Value'];



echo "<form action = 'B_A-Home.php' method = 'POST'>";
echo "<input type = 'hidden' name = 'User_Name' value = $User_Name>";
echo "<input type = 'hidden' name = 'Password' value = $Password>";
echo "<input type = 'hidden' name = 'Pic_Name' value = '$pic'>";
echo "<input type = 'text' name = 'Pic_Value' value = $Pic_Value>";
echo "</form>";
echo "<input type = 'submit' value = 'Login'>";
}

else{
echo "<p>There has been an error with the login, please try to login again.  <a href = 'B_A-Home.html'>Try again here</a></p><br>";
}

?>


</td>

<td class = right>
</td>

</tr>
</tbody>
</table>

</body>

</html>
[/code]


INCLUDE FILE:

[code]<?php


$host="localhost";
$account="ACCOUNT";
$password="PASSWORD";
$dbname="DBNAME";
$Error_Log[1] = "";
$Error_Log[2] = "";




$DB_Server = mysql_connect($host, $account, $password);

if(!$DB_Server){echo "<p>There was an error in connecting to the database server.  Please try again later.</p>";
$Error_Log[1] = "DB_Server";}
else{}


$DB = mysql_select_db($dbname);

if(!$DB){echo "<p>There was an error connecting to the Database.  Please try Again later.</p>";
$Error_Log[2] = "DB_Connect";}
else{}



if(empty($Error_Log[1])){}
elseif(empty($Error_Log[2])){}
else{echo "<p>WE apologises for any and all inconveniences caused by this fualt in the system.  We are working on fixing the connection problem.  Why not explore the public site for FAQ's and other help sections to become more aquainted with the game.</p>";}

?>[/code]

i cant see any errors.  i made sure that the database entries matched the form entries.  but there is still this error.  ass i said there are no error messages, eg warning undefined variable et.c, but the scrript isnt doing what i told it to do

all help apprectiated

P.S

im working on the new user script now, so ill keep you posted if that could have any changes in this script

thanks
Link to comment
https://forums.phpfreaks.com/topic/13915-login-script-completely-busted/
Share on other sites
corbin Regular Member

corbin

Posted
Posted
[CODE]
echo "<p>Please type what you see in the image.This is to stop scripts from playing the game for you.  Please read the Rules for more information.  The Image is Case sensitive.</p>";
$pic = rand(1,6);
echo "<img src = 'Graphics/Login $pic.jpeg' alt = 'Login'>";
                                $User_Name = $_POST['User_Name'];
                                $Password = $_POST['Password'];
                                $Pic_Value = $_POST['Pic_Value'];



echo "<form action = 'B_A-Home.php' method = 'POST'>";
echo "<input type = 'hidden' name = 'User_Name' value = $User_Name>";
echo "<input type = 'hidden' name = 'Password' value = $Password>";
echo "<input type = 'hidden' name = 'Pic_Name' value = '$pic'>";
echo "<input type = 'text' name = 'Pic_Value' value = $Pic_Value>";
echo "<input type=\"submit\" value=\"Login\">";
[/code] is gonna return the post values empty no matter what btw... the form is how you set the POST variables, so setting them as '' does nothing....
corbin Regular Member

corbin

Posted
Posted
[code] if($confirm['User_Name'] == $_POST['User_Name'] and $confirm['Password'] == $_POST['Password']){

echo "<p>Please type what you see in the image.This is to stop scripts from playing the game for you.  Please read the Rules for more information.  The Image is Case sensitive.</p>";
$pic = rand(1,6);
echo "<img src = 'Graphics/Login $pic.jpeg' alt = 'Login'>";
                                $User_Name = $_POST['USer_Name'];
                                $Password = $_POST['Password'];
                                $Pic_Value = $_POST['Pic_Value'];



echo "<form action = 'B_A-Home.php' method = 'POST'>";
echo "<input type = 'hidden' name = 'User_Name' value = $User_Name>";
echo "<input type = 'hidden' name = 'Password' value = $Password>";
echo "<input type = 'hidden' name = 'Pic_Name' value = '$pic'>";
echo "<input type = 'text' name = 'Pic_Value' value = $Pic_Value>";
echo "</form>";
echo "<input type = 'submit' value = 'Login'>";
}[/code]

The entire purpose of the form is to set the $_POST items... so if theyre echo'ing this data into hidden fields it doesnt work... since $user_name isnt set its just gonna out put <input type="hidden" name="user_name" value="">

Also on the HTML side of this script the submit button should be before the </form> tag or it wont do anything.
corbin Regular Member

corbin

Posted
Posted
with change db.php to your include files name or change your include's name to db.php and try...

[code]<?
session_start();
include("db.php");
if(!$_SESSION['authed']) {
if(($_COOKIE['cuser']) || ($_COOKIE['cpass'])) {
$_SESSION['username'] = $_COOKIE['cuser'];
$pass_md5 = $_COOKIE['cpass']; }
if(($_POST['user_name']) || ($_POST['password'])) {
$_SESSION['password'] = $_POST['password'];
$_SESSION['username'] = $_POST['user_name'];
}
if($_SESSION['username']) { $username = $_SESSION['username']; }
if($_SESSION['password']) { $password = $_SESSION['password']; }
if(!$pass_md5) { $pass_md5 = md5($password); }
if($_POST['sublogin']) { $sublogin = $_POST['sublogin']; }
if($_POST['remember']) { $remember = $_POST['remember']; }
$q = "SELECT * from accounts where (user_name = '$username') and (password = '$pass')"; //use $pass_md5 if the passwords in the db are encrypted with md5
$r = mysql_num_rows(mysql_query($q));
if($r > 0) {
$_SESSION['authed'] = "yes";

$success = "y";
if($remember == "y") {
setcookie("cuser", $username, time()+60*60*24*100);
setcookie("cpass", $pass_md5, time()+60*60*24*100);
}
}
}
if($success) { echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; }
echo "<center><h2>Login</h2>";
if($_SESSION['authed']) { echo "You are now logged in."; }
if($sublogin) {
if($r < 1) { echo "Sorry, the username you entered does not exist or the password you input was incorrect.  Please try again."; }
}
if(!$_SESSION['authed']) { ?>
<form method=POST action="login.php">
Username: <input type="text" name="user_name"><br>
Password: <input type="password" name="password"><br>
<font size=2>Remember you?</font><input type="checkbox" name="remember" value="y" CHECKED><input type="submit" value="Login" name="sublogin" value="Login"><br>
<? }
?>[/code]
corbin Regular Member

corbin

Posted
Posted
No, but if you ever wanted to expand past just that one file at the end and possibly protect multiple files you could just make a file named "auth.php" or something like that with:
[code]
<?
session_start();

if($_SESSION['authed'] == "yes") { }
if($_SESSION['authed'] != "yes") { header('Location: login.php?ref=forced'); }
?>
[/code]

and on the page youre tryin to protect just put <? include("auth.php"); ?>
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.