Jump to content

Login script completely busted


PC Nerd

Recommended Posts

i am writting a login script, that checks by comparing $_POST['User_Name']  to $_DATABASE_REQUEST['User_Name'] and the same with the password. basically it goes if(password and usernames match) {complete login sequence}
else{echo there was an error and prompt to login again}

here is the login script, and the include file

SCRIPT:

[code]<html>

<head>

<link rel="stylesheet" type="text/css" href="B_A-CSS.css">
<title>Login</title>
</head>

<body>


<table>
<thead>
<td  class = left>
<img src="Graphics/Draft Logo.jpg"
alt="Logo">
</td>

<td class = centre>
<b><font color = "#006600"><center><h1>TITLE</h1></center></font></b>
</td>

<td class = right>
<img src="Graphics/Draft Logo.jpg"
alt="Logo">
</td>

</thead>

<tbody>
<tr>

<td class = left>
</td>

<td class = centre>


<?PHP

include("inc files/Database link.inc");
                $User_Name = $_POST['User_Name'];
$User_SQL = "SELECT User_Name, Password FROM Table_1 WHERE User_Name = '" . $_POST['User_Name'] ."' ";

$result = @mysql_query($User_SQL, $DB_Server);

                if(!$result){
                        echo "Unable to perform query: $User_SQL<br>";
                        echo mysql_error();
                }

$confirm = mysql_fetch_array($result);

if($confirm['User_Name'] == $_POST['User_Name'] and $confirm['Password'] == $_POST['Password']){

echo "<p>Please type what you see in the image.This is to stop scripts from playing the game for you.  Please read the Rules for more information.  The Image is Case sensitive.</p>";
$pic = rand(1,6);
echo "<img src = 'Graphics/Login $pic.jpeg' alt = 'Login'>";
                                $User_Name = $_POST['USer_Name'];
                                $Password = $_POST['Password'];
                                $Pic_Value = $_POST['Pic_Value'];



echo "<form action = 'B_A-Home.php' method = 'POST'>";
echo "<input type = 'hidden' name = 'User_Name' value = $User_Name>";
echo "<input type = 'hidden' name = 'Password' value = $Password>";
echo "<input type = 'hidden' name = 'Pic_Name' value = '$pic'>";
echo "<input type = 'text' name = 'Pic_Value' value = $Pic_Value>";
echo "</form>";
echo "<input type = 'submit' value = 'Login'>";
}

else{
echo "<p>There has been an error with the login, please try to login again.  <a href = 'B_A-Home.html'>Try again here</a></p><br>";
}

?>


</td>

<td class = right>
</td>

</tr>
</tbody>
</table>

</body>

</html>
[/code]


INCLUDE FILE:

[code]<?php


$host="localhost";
$account="ACCOUNT";
$password="PASSWORD";
$dbname="DBNAME";
$Error_Log[1] = "";
$Error_Log[2] = "";




$DB_Server = mysql_connect($host, $account, $password);

if(!$DB_Server){echo "<p>There was an error in connecting to the database server.  Please try again later.</p>";
$Error_Log[1] = "DB_Server";}
else{}


$DB = mysql_select_db($dbname);

if(!$DB){echo "<p>There was an error connecting to the Database.  Please try Again later.</p>";
$Error_Log[2] = "DB_Connect";}
else{}



if(empty($Error_Log[1])){}
elseif(empty($Error_Log[2])){}
else{echo "<p>WE apologises for any and all inconveniences caused by this fualt in the system.  We are working on fixing the connection problem.  Why not explore the public site for FAQ's and other help sections to become more aquainted with the game.</p>";}

?>[/code]

i cant see any errors.  i made sure that the database entries matched the form entries.  but there is still this error.  ass i said there are no error messages, eg warning undefined variable et.c, but the scrript isnt doing what i told it to do

all help apprectiated

P.S

im working on the new user script now, so ill keep you posted if that could have any changes in this script

thanks
Link to comment
Share on other sites

[CODE]
echo "<p>Please type what you see in the image.This is to stop scripts from playing the game for you.  Please read the Rules for more information.  The Image is Case sensitive.</p>";
$pic = rand(1,6);
echo "<img src = 'Graphics/Login $pic.jpeg' alt = 'Login'>";
                                $User_Name = $_POST['User_Name'];
                                $Password = $_POST['Password'];
                                $Pic_Value = $_POST['Pic_Value'];



echo "<form action = 'B_A-Home.php' method = 'POST'>";
echo "<input type = 'hidden' name = 'User_Name' value = $User_Name>";
echo "<input type = 'hidden' name = 'Password' value = $Password>";
echo "<input type = 'hidden' name = 'Pic_Name' value = '$pic'>";
echo "<input type = 'text' name = 'Pic_Value' value = $Pic_Value>";
echo "<input type=\"submit\" value=\"Login\">";
[/code] is gonna return the post values empty no matter what btw... the form is how you set the POST variables, so setting them as '' does nothing....
Link to comment
Share on other sites

i dont quite get what you saying.  if your saying that i need tio enclose the variable being used as '$VARIABLE'  then it makes no difference to the conversion, i just tried it

could you clarify, what your saying
Link to comment
Share on other sites

[code] if($confirm['User_Name'] == $_POST['User_Name'] and $confirm['Password'] == $_POST['Password']){

echo "<p>Please type what you see in the image.This is to stop scripts from playing the game for you.  Please read the Rules for more information.  The Image is Case sensitive.</p>";
$pic = rand(1,6);
echo "<img src = 'Graphics/Login $pic.jpeg' alt = 'Login'>";
                                $User_Name = $_POST['USer_Name'];
                                $Password = $_POST['Password'];
                                $Pic_Value = $_POST['Pic_Value'];



echo "<form action = 'B_A-Home.php' method = 'POST'>";
echo "<input type = 'hidden' name = 'User_Name' value = $User_Name>";
echo "<input type = 'hidden' name = 'Password' value = $Password>";
echo "<input type = 'hidden' name = 'Pic_Name' value = '$pic'>";
echo "<input type = 'text' name = 'Pic_Value' value = $Pic_Value>";
echo "</form>";
echo "<input type = 'submit' value = 'Login'>";
}[/code]

The entire purpose of the form is to set the $_POST items... so if theyre echo'ing this data into hidden fields it doesnt work... since $user_name isnt set its just gonna out put <input type="hidden" name="user_name" value="">

Also on the HTML side of this script the submit button should be before the </form> tag or it wont do anything.
Link to comment
Share on other sites

with change db.php to your include files name or change your include's name to db.php and try...

[code]<?
session_start();
include("db.php");
if(!$_SESSION['authed']) {
if(($_COOKIE['cuser']) || ($_COOKIE['cpass'])) {
$_SESSION['username'] = $_COOKIE['cuser'];
$pass_md5 = $_COOKIE['cpass']; }
if(($_POST['user_name']) || ($_POST['password'])) {
$_SESSION['password'] = $_POST['password'];
$_SESSION['username'] = $_POST['user_name'];
}
if($_SESSION['username']) { $username = $_SESSION['username']; }
if($_SESSION['password']) { $password = $_SESSION['password']; }
if(!$pass_md5) { $pass_md5 = md5($password); }
if($_POST['sublogin']) { $sublogin = $_POST['sublogin']; }
if($_POST['remember']) { $remember = $_POST['remember']; }
$q = "SELECT * from accounts where (user_name = '$username') and (password = '$pass')"; //use $pass_md5 if the passwords in the db are encrypted with md5
$r = mysql_num_rows(mysql_query($q));
if($r > 0) {
$_SESSION['authed'] = "yes";

$success = "y";
if($remember == "y") {
setcookie("cuser", $username, time()+60*60*24*100);
setcookie("cpass", $pass_md5, time()+60*60*24*100);
}
}
}
if($success) { echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; }
echo "<center><h2>Login</h2>";
if($_SESSION['authed']) { echo "You are now logged in."; }
if($sublogin) {
if($r < 1) { echo "Sorry, the username you entered does not exist or the password you input was incorrect.  Please try again."; }
}
if(!$_SESSION['authed']) { ?>
<form method=POST action="login.php">
Username: <input type="text" name="user_name"><br>
Password: <input type="password" name="password"><br>
<font size=2>Remember you?</font><input type="checkbox" name="remember" value="y" CHECKED><input type="submit" value="Login" name="sublogin" value="Login"><br>
<? }
?>[/code]
Link to comment
Share on other sites

No, but if you ever wanted to expand past just that one file at the end and possibly protect multiple files you could just make a file named "auth.php" or something like that with:
[code]
<?
session_start();

if($_SESSION['authed'] == "yes") { }
if($_SESSION['authed'] != "yes") { header('Location: login.php?ref=forced'); }
?>
[/code]

and on the page youre tryin to protect just put <? include("auth.php"); ?>
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.