Jump to content

Archived

This topic is now archived and is closed to further replies.

PC Nerd

Login script completely busted

Recommended Posts

i am writting a login script, that checks by comparing $_POST['User_Name']  to $_DATABASE_REQUEST['User_Name'] and the same with the password. basically it goes if(password and usernames match) {complete login sequence}
else{echo there was an error and prompt to login again}

here is the login script, and the include file

SCRIPT:

[code]<html>

<head>

<link rel="stylesheet" type="text/css" href="B_A-CSS.css">
<title>Login</title>
</head>

<body>


<table>
<thead>
<td  class = left>
<img src="Graphics/Draft Logo.jpg"
alt="Logo">
</td>

<td class = centre>
<b><font color = "#006600"><center><h1>TITLE</h1></center></font></b>
</td>

<td class = right>
<img src="Graphics/Draft Logo.jpg"
alt="Logo">
</td>

</thead>

<tbody>
<tr>

<td class = left>
</td>

<td class = centre>


<?PHP

include("inc files/Database link.inc");
                $User_Name = $_POST['User_Name'];
$User_SQL = "SELECT User_Name, Password FROM Table_1 WHERE User_Name = '" . $_POST['User_Name'] ."' ";

$result = @mysql_query($User_SQL, $DB_Server);

                if(!$result){
                        echo "Unable to perform query: $User_SQL<br>";
                        echo mysql_error();
                }

$confirm = mysql_fetch_array($result);

if($confirm['User_Name'] == $_POST['User_Name'] and $confirm['Password'] == $_POST['Password']){

echo "<p>Please type what you see in the image.This is to stop scripts from playing the game for you.  Please read the Rules for more information.  The Image is Case sensitive.</p>";
$pic = rand(1,6);
echo "<img src = 'Graphics/Login $pic.jpeg' alt = 'Login'>";
                                $User_Name = $_POST['USer_Name'];
                                $Password = $_POST['Password'];
                                $Pic_Value = $_POST['Pic_Value'];



echo "<form action = 'B_A-Home.php' method = 'POST'>";
echo "<input type = 'hidden' name = 'User_Name' value = $User_Name>";
echo "<input type = 'hidden' name = 'Password' value = $Password>";
echo "<input type = 'hidden' name = 'Pic_Name' value = '$pic'>";
echo "<input type = 'text' name = 'Pic_Value' value = $Pic_Value>";
echo "</form>";
echo "<input type = 'submit' value = 'Login'>";
}

else{
echo "<p>There has been an error with the login, please try to login again.  <a href = 'B_A-Home.html'>Try again here</a></p><br>";
}

?>


</td>

<td class = right>
</td>

</tr>
</tbody>
</table>

</body>

</html>
[/code]


INCLUDE FILE:

[code]<?php


$host="localhost";
$account="ACCOUNT";
$password="PASSWORD";
$dbname="DBNAME";
$Error_Log[1] = "";
$Error_Log[2] = "";




$DB_Server = mysql_connect($host, $account, $password);

if(!$DB_Server){echo "<p>There was an error in connecting to the database server.  Please try again later.</p>";
$Error_Log[1] = "DB_Server";}
else{}


$DB = mysql_select_db($dbname);

if(!$DB){echo "<p>There was an error connecting to the Database.  Please try Again later.</p>";
$Error_Log[2] = "DB_Connect";}
else{}



if(empty($Error_Log[1])){}
elseif(empty($Error_Log[2])){}
else{echo "<p>WE apologises for any and all inconveniences caused by this fualt in the system.  We are working on fixing the connection problem.  Why not explore the public site for FAQ's and other help sections to become more aquainted with the game.</p>";}

?>[/code]

i cant see any errors.  i made sure that the database entries matched the form entries.  but there is still this error.  ass i said there are no error messages, eg warning undefined variable et.c, but the scrript isnt doing what i told it to do

all help apprectiated

P.S

im working on the new user script now, so ill keep you posted if that could have any changes in this script

thanks

Share this post


Link to post
Share on other sites
[CODE]
echo "<p>Please type what you see in the image.This is to stop scripts from playing the game for you.  Please read the Rules for more information.  The Image is Case sensitive.</p>";
$pic = rand(1,6);
echo "<img src = 'Graphics/Login $pic.jpeg' alt = 'Login'>";
                                $User_Name = $_POST['User_Name'];
                                $Password = $_POST['Password'];
                                $Pic_Value = $_POST['Pic_Value'];



echo "<form action = 'B_A-Home.php' method = 'POST'>";
echo "<input type = 'hidden' name = 'User_Name' value = $User_Name>";
echo "<input type = 'hidden' name = 'Password' value = $Password>";
echo "<input type = 'hidden' name = 'Pic_Name' value = '$pic'>";
echo "<input type = 'text' name = 'Pic_Value' value = $Pic_Value>";
echo "<input type=\"submit\" value=\"Login\">";
[/code] is gonna return the post values empty no matter what btw... the form is how you set the POST variables, so setting them as '' does nothing....

Share this post


Link to post
Share on other sites
i dont quite get what you saying.  if your saying that i need tio enclose the variable being used as '$VARIABLE'  then it makes no difference to the conversion, i just tried it

could you clarify, what your saying

Share this post


Link to post
Share on other sites
[code] if($confirm['User_Name'] == $_POST['User_Name'] and $confirm['Password'] == $_POST['Password']){

echo "<p>Please type what you see in the image.This is to stop scripts from playing the game for you.  Please read the Rules for more information.  The Image is Case sensitive.</p>";
$pic = rand(1,6);
echo "<img src = 'Graphics/Login $pic.jpeg' alt = 'Login'>";
                                $User_Name = $_POST['USer_Name'];
                                $Password = $_POST['Password'];
                                $Pic_Value = $_POST['Pic_Value'];



echo "<form action = 'B_A-Home.php' method = 'POST'>";
echo "<input type = 'hidden' name = 'User_Name' value = $User_Name>";
echo "<input type = 'hidden' name = 'Password' value = $Password>";
echo "<input type = 'hidden' name = 'Pic_Name' value = '$pic'>";
echo "<input type = 'text' name = 'Pic_Value' value = $Pic_Value>";
echo "</form>";
echo "<input type = 'submit' value = 'Login'>";
}[/code]

The entire purpose of the form is to set the $_POST items... so if theyre echo'ing this data into hidden fields it doesnt work... since $user_name isnt set its just gonna out put <input type="hidden" name="user_name" value="">

Also on the HTML side of this script the submit button should be before the </form> tag or it wont do anything.

Share this post


Link to post
Share on other sites
ok, so how should i send the $_POST data to the next page, when the user submits the form on the page

Share this post


Link to post
Share on other sites
Explain the process which the pages do to me please like page x goes to y and y goes to z...

Share this post


Link to post
Share on other sites
w = initial form

x = rough validation and additional login (anti spam etc (type what you see in the picture))

y = create cookies, login data etc

z = final site

w -> x
x -> y
y - >z

Share this post


Link to post
Share on other sites
Oh, ok then yeah that works... the hidden fields... Lemme write a simple login script real quick and see if i can get it to do what you want...

Share this post


Link to post
Share on other sites
with change db.php to your include files name or change your include's name to db.php and try...

[code]<?
session_start();
include("db.php");
if(!$_SESSION['authed']) {
if(($_COOKIE['cuser']) || ($_COOKIE['cpass'])) {
$_SESSION['username'] = $_COOKIE['cuser'];
$pass_md5 = $_COOKIE['cpass']; }
if(($_POST['user_name']) || ($_POST['password'])) {
$_SESSION['password'] = $_POST['password'];
$_SESSION['username'] = $_POST['user_name'];
}
if($_SESSION['username']) { $username = $_SESSION['username']; }
if($_SESSION['password']) { $password = $_SESSION['password']; }
if(!$pass_md5) { $pass_md5 = md5($password); }
if($_POST['sublogin']) { $sublogin = $_POST['sublogin']; }
if($_POST['remember']) { $remember = $_POST['remember']; }
$q = "SELECT * from accounts where (user_name = '$username') and (password = '$pass')"; //use $pass_md5 if the passwords in the db are encrypted with md5
$r = mysql_num_rows(mysql_query($q));
if($r > 0) {
$_SESSION['authed'] = "yes";

$success = "y";
if($remember == "y") {
setcookie("cuser", $username, time()+60*60*24*100);
setcookie("cpass", $pass_md5, time()+60*60*24*100);
}
}
}
if($success) { echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; }
echo "<center><h2>Login</h2>";
if($_SESSION['authed']) { echo "You are now logged in."; }
if($sublogin) {
if($r < 1) { echo "Sorry, the username you entered does not exist or the password you input was incorrect.  Please try again."; }
}
if(!$_SESSION['authed']) { ?>
<form method=POST action="login.php">
Username: <input type="text" name="user_name"><br>
Password: <input type="password" name="password"><br>
<font size=2>Remember you?</font><input type="checkbox" name="remember" value="y" CHECKED><input type="submit" value="Login" name="sublogin" value="Login"><br>
<? }
?>[/code]

Share this post


Link to post
Share on other sites
so the only way to continue passing data is to use cookies or sessions

Share this post


Link to post
Share on other sites
No, but if you ever wanted to expand past just that one file at the end and possibly protect multiple files you could just make a file named "auth.php" or something like that with:
[code]
<?
session_start();

if($_SESSION['authed'] == "yes") { }
if($_SESSION['authed'] != "yes") { header('Location: login.php?ref=forced'); }
?>
[/code]

and on the page youre tryin to protect just put <? include("auth.php"); ?>

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.