Jump to content

Recommended Posts

You may have seen an earlier post like this one however this is a different problem.

 

I have this page...

 

<?php
session_start();
include 'config.php';
if($_GET['login'] == "login") {
$user1_post = addslashes($_POST["username_post"]);
$pass1_post = addslashes($_POST["password_post"]);
$pass1_post = md5($pass1_post);
if($user1_post == "" or $pass1_post == "") { echo "<b>Error: You Did Not Enter A Password</b>"; exit; }
list($user) = mysql_fetch_array(mysql_query("SELECT `ID` FROM `clients` WHERE ID='$user1_post'"));
list($pass) = mysql_fetch_array(mysql_query("SELECT `password` FROM `clients` WHERE password='$pass1_post'"));
if($user1_post == "$user" and $pass1_post == "$pass") {
$sql = mysql_query("SELECT * FROM `clients` WHERE ID='$user' AND password='$pass'");
if(mysql_num_rows($sql)!= 1) { exit; }
$result = mysql_fetch_array($sql);
$_SESSION['session_username'] = $result['ID'];
$_SESSION['session_level'] = $result['level'];
$_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR'];
$ID = $result["ID"];
echo "<meta http-equiv=\"refresh\" content=\"0;url=clients.php?action=edit$ID\">";
        exit;
} else { echo "<b><u>Error: The Password You Entered Is Incorrect<br></u></b>"; }
} ?>


<head>
<style>
.submitbut {
position: absolute;
top: 20px;
left:350px;
}
</style>
</head>
<body>
<font face="verdana" size="1"><b><a href="addclients.php" target="content">Click Here To Add Clients</a> | <a href="removeclients.php" target="content">Click Here To Remove Clients</a>

<br><br>




<? 

  $query = mysql_query("SELECT * FROM `clients` ORDER BY `ID` DESC");

  while($result = mysql_fetch_array($query)) {

  $male = $result["ClientMale"];

   $female	   = $result["ClientFemale"];

    $agem = $result["ClientAgem"];

    $agef = $result["ClientAgef"];

	 $town = $result["ClientTown"];
	 $street = $result["ClientStreet"];
	 $post = $result["ClientPost"];

	 $num = $result["ClientNumber"];

	 $budget = $result["ClientBudget"];
	 $time = $result["ClientTime"];
	 $loc = $result["ClientLoc"];
	 $notes = $result["ClientNotes"];
	 $email = $result["ClientEmail"];
	 $flo = $result["ClientFlo"];
	 $pho = $result["ClientPho"];
	 $recven = $result["ClientRecven"];
	 $tran = $result["ClientTran"];
	 $travg = $result["ClientTravg"];
	 $travh = $result["ClientTravh"];
	 $hair = $result["ClientHair"];
	 $make = $result["ClientMake"];
	 $out = $result["ClientOut"];
	 $cat = $result["ClientCat"];
	 $enter = $result["ClientEnter"];
	 $con = $result["ClientCon"];

	 $ID = $result["ID"];

	 $action = $_GET["action"];

	  $budgetu = $_POST["budgetu"];
	  $timeu = $_POST["time2"];
	  $locu = $_POST["loc2"];
	  $notesu = $_POST["notes2"];


echo "<div class='info'><table width='100%' border='0' bgcolor='#ffccff' style='border-color: #000000; border-width: 1px; border-style: solid;'>

    <td colspan=2>

<form action='clients.php?login=login' method='POST'>
<B><font face=verdana size=1><u>(ID:<input size='1' type='username' name='username_post' value='$ID' style='font-family: Verdana; font-size: 10px; color: #000000;'>)
$male & $female</u>  &nbsp
<input type='password' name='password_post' size='14' style='font-family: Verdana; font-size: 10px; color: #000000;'>
<input type='submit' name='myclicker' style='font-size: 10px; font-family: verdana;' value='(More)'></form>

</td></td>



  <tr>

    <td colspan='2' valign='top'><font face=verdana size=1> <b>Male Age:</b> $agem<br>
 <b>Female Age:</b> $agef<br>

  </tr>

  <tr>

<td><font face=verdana size=1><b>Located At:</b> $town.<br>

  </tr>

</table></div>";

if($action == "edit$ID") {

echo "<div class='info' style='font-family: verdana; border-color: #000000; border-width: 1px; border-style: solid;'>

<b> <u>(ID:$ID) $male & $female</b></u><br>

<table cellspacing'0' cellborder='0' border='0' width='80%'>
<tr style='background: pink;'>
<td><font face=verdana size=1><b>Located At:<br></b>
<B>Contact Number:</b><br>
<B>Contact Email:</b><br></color></td>
<td><font face='verdana' size='1'> $street, $town, $post<br>
 $num<Br>
 $email<br></td>
</tr>
<tr>
<td width='20%'>
<font face='verdana' size='1' style='text-decoration: underline;'>Budget:</td><td><font face='verdana' size='1'> $budget</td></tr><tr style='background: pink;'>
 <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Planned Wedding Time & Date:</td><td><font face='verdana' size='1'> $time</td></tr><tr>
 <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Planned Wedding Location:</td><td><font face='verdana' size='1'> $loc</td></tr><tr style='background: pink;'>

 <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Florists:</td><td><font face='verdana' size='1'> $flo</td></tr><tr>
 <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Photographer:</td><td><font face='verdana' size='1'> $pho</td></tr><tr style='background: pink;'>
 <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Reception Venue:</td><td><font face='verdana' size='1'> $recven</td></tr><tr>
 <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Transport:</td><td><font face='verdana' size='1'> $tran</td></tr><tr style='background: pink;'>
 <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Travel (Guests):</td><td><font face='verdana' size='1'> $travg</td></tr><tr>
 <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Travel (Honeymoon):</td><td><font face='verdana' size='1'> $travh</td></tr><tr style='background: pink;'>
 <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Hair:</td><td><font face='verdana' size='1'> $hair</td></tr><tr>
 <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Makeup:</td><td><font face='verdana' size='1'> $make</td></tr><tr style='background: pink;'>
 <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Outfits:</td><td><font face='verdana' size='1'> $out</td></tr><tr>
 <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Caterer:</td><td><font face='verdana' size='1'> $cat</td></tr><tr style='background: pink;'>
 <td width='20%'><font face='verdana' size='1' style='text-decoration: underline;'>Entertainment:</td><td><font face='verdana' size='1'> $enter</td></tr><tr>

 <td width='20%' valign='top'><div style='word-break:normal;word-wrap:break-word;'><font face='verdana' size='1' style='text-decoration: underline;'>Contingency Plans:</font><br></td>

<td width='60%'><font face='verdana' size='1'>$con
</font></div></td></tr><tr style='background: pink;'>
 <td width='20%' valign='top'><div style='word-break:normal;word-wrap:break-word;'><font face='verdana' size='1' style='text-decoration: underline;'>Notes:</font><br></td>

<td width='60%'><font face='verdana' size='1'>$notes
</font></div></td></tr></table></font>
<br>
<div align='right'><font face='verdana' size='1' style='text-decoration: underline;'><a href='clients.php' target='content'>(Hide)</a><br><a href='clientedit.php?action=edit$ID' target='content'>(Edit)</a></div></font></div>
</div>"

;

}
			}
  mysql_close($ms);

  ?>

 

and when i run it everything works, however, when you enter a password, no matter if its wrong or right the page displays the incorrect password message and nothing else. I can't see the problem with it and the password information is in the database. Can anyone else see the problem?

Link to comment
https://forums.phpfreaks.com/topic/144357-solved-not-recognising-password/
Share on other sites

addslashes is going to be depreciated, it is better to use mysql_real_escape_string to escape data.

 

For the password, you do not need add slashes, since you are converting it to MD5. Although if you started doing that, you should keep doing that, I would suggest changing it however.

 

Why not do one query to pull out the username? WHERE ID = ID AND password = password  there is no need to pull them both out separately.

 

Basically remove those two single mysql's and just use the $sql = select  from clients, if the num_rows of that return > 0 then you have a  valid user.  You are doing redundant, unnecessary checking.

 

As for why the password is bad, no clue, how is it being entered into the DB, if you are adding slashes here and not when entering it, that could cause issues. Also MD5 will be case sensitive.

 

One final suggestion, properly indent your code. It will make it a ton easier to debug it.

Ok so basically, i pulled the password script out of another page so i don't fully understand why the hell it's doing the username and password thing twice.

 

As for adding the password to the database, its just a simple form.

 

<input type='text' name='password' class='button' size='25'>
include ("config.php");
if(!$ClientMale || !$password) { echo "<br><br><b>You must enter a username and password!</b>"; exit; }
$password = md5($password);

$add = mysql_query("INSERT INTO `clients` (`password`) VALUES ('$password')");

 

That peice of coding has been cut down from the full page but its basically all it uses. I like the comments you made but since it was working alright not that long ago i don't see why changing them should make much difference?

EDIT FROM ABOVE ;)

 

Is this what you meant?

 

<?php
session_start();
include 'config.php';
if($_GET['login'] == "login") {
$user1_post = addslashes($_POST["username_post"]);
$pass1_post = addslashes($_POST["password_post"]);
$pass1_post = md5($pass1_post);
if($user1_post == "" or $pass1_post == "") { echo "<b>Error: You Did Not Enter A Password</b>"; exit; }
if($user1_post == "$user" and $pass1_post == "$pass") {
$sql = mysql_query("SELECT * FROM `clients` WHERE ID='$user' AND password='$pass'");
if(mysql_num_rows($sql)!= 0) { exit; }
$result = mysql_fetch_array($sql);
$_SESSION['session_username'] = $result['ID'];
$_SESSION['session_level'] = $result['level'];
$_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR'];
$ID = $result["ID"];
echo "<meta http-equiv=\"refresh\" content=\"0;url=clients.php?action=edit$ID\">";
        exit;
} else { echo "<b><u>Error: The Password You Entered Is Incorrect<br></u></b>"; }
} ?>

As you have changed your code the highlighted lines below are not needed

<?php

session_start();

include 'config.php';

if($_GET['login'] == "login") {

$user1_post = addslashes($_POST["username_post"]);

$pass1_post = addslashes($_POST["password_post"]);

$pass1_post = md5($pass1_post);

if($user1_post == "" or $pass1_post == "") { echo "<b>Error: You Did Not Enter A Password</b>"; exit; }

if($user1_post == "$user" and $pass1_post == "$pass") {

$sql = mysql_query("SELECT * FROM `clients` WHERE ID='$user' AND password='$pass'");

if(mysql_num_rows($sql)!= 0) { exit; }

$result = mysql_fetch_array($sql);

$_SESSION['session_username'] = $result['ID'];

$_SESSION['session_level'] = $result['level'];

$_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR'];

$ID = $result["ID"];

echo "<meta http-equiv=\"refresh\" content=\"0;url=clients.php?action=edit$ID\">";

        exit;

} else { echo "<b><u>Error: The Password You Entered Is Incorrect<br></u></b>"; }

} ?>

 

However your code can be much more cleaner still.

 

EDIT Clean code

<?php
session_start();
include 'config.php';

if(isset($_GET['login']) && $_GET['login'] == "login")
{
    if(!isset($_POST['username_post'], $_POST['password_post']))
    {
        echo "<b>Error: Username and password required for login</b>";
        exit;
    }

    $user = mysql_real_escape_string($_POST["username_post"]);

    // the password will not need to be `escaped` as md5 only returns a 32bit encrypted alphanumeric string (lettters and digits).
    $pass = md5($_POST["password_post"]);

    $sql = mysql_query("SELECT * FROM `clients` WHERE ID='$user' AND password='$pass' LIMIT 1");

    if(mysql_num_rows($sql) == 1)
    {
        $result = mysql_fetch_assoc($sql);

        $ID                           = $result["ID"];
        $_SESSION['session_username'] = $ID;
        $_SESSION['session_level']    = $result['level'];
        $_SESSION['session_ip']       = $_SERVER['REMOTE_ADDR'];

        echo "<meta http-equiv=\"refresh\" content=\"0;url=clients.php?action=edit$ID\">";
        exit;
    }
    else
    {
        echo "<b><u>Error: The Username/Password Incorrect<br></u></b>";
    }
}

?>

Thanks for that, so now it's cleaner but it still doesn't work. It still says the password is incorrect when it clearly isnt?

 

I don't see the problem, the SQL Instruction too add the table too the database is...

 

CREATE TABLE IF NOT EXISTS `clients` (
  `ID` int(11) NOT NULL auto_increment,
  `ClientMale` text NOT NULL,
  `ClientFemale` text NOT NULL,
  `NoticeDAT` text NOT NULL,
  `IP` int(11) NOT NULL default '0',
  `ClientAgem` text NOT NULL,
  `ClientAgef` text NOT NULL,
  `ClientStreet` text NOT NULL,
  `ClientTown` text NOT NULL,
  `ClientPost` text NOT NULL,
  `ClientNumber` text NOT NULL,
  `ClientNotes` text NOT NULL,
  `ClientBudget` text NOT NULL,
  `ClientLoc` text NOT NULL,
  `ClientTime` text NOT NULL,
  `ClientEmail` text NOT NULL,
  `ClientFlo` text NOT NULL,
  `ClientPho` text NOT NULL,
  `ClientRecven` text NOT NULL,
  `ClientTran` text NOT NULL,
  `ClientTravg` text NOT NULL,
  `ClientTravh` text NOT NULL,
  `ClientHair` text NOT NULL,
  `ClientMake` text NOT NULL,
  `ClientOut` text NOT NULL,
  `ClientCat` text NOT NULL,
  `ClientEnter` text NOT NULL,
  `ClientCon` text NOT NULL,
  `password` text NOT NULL,
  UNIQUE KEY `id` (`id`),
  PRIMARY KEY  (`ID`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

 

So the login just uses the password and the ID. I don't have a clue why this isn't working?

So the user has to enter his/her ID in to the Username field? for example 11024 .If so then your code should work.

 

EDIT:

Whos code are you using? My cleaned up version or your current code here. If you're using the code from that post then I just noticed something, this line:

if(mysql_num_rows($sql)!= 0) { exit; }

Will cause your script to stop if the username/password do match. You should change != 0 to == 0

I'm now using your cleaned up version and it still isn't working. If you read the rest of the original page it actually has a box that already contains the user ID so they just enter the pass but basically yes.

 

I'll have ago with another client but i doubt it'll work.

No need for that. We just got to debug your script. How are you storing your passwords in your database? Are they plain text or encrypted.

 

if they're plain text then your script will not work as your login script is encrypting the users password and comparing it to a non-encrypted password in the database. All you need to fix it is encrypt the passwords in your database which can be archived simply

We'll try debugging your script

<?php
session_start();
include 'config.php';

if(isset($_GET['login']) && $_GET['login'] == "login")
{
    echo 'Attempting login...<br />';

    if(!isset($_POST['username_post'], $_POST['password_post']))
    {
        echo "<b>Error: Username and password required for login</b>";
        exit;
    }

    echo 'Username/Password provided...<br />';
    echo '<pre>$_POST data:<br />'.print_r($_POST, true).'</pre>';

    echo 'User: ' . $_POST["username_post"] . '<br />';
    $user = mysql_real_escape_string($_POST["username_post"]);

    echo 'Password: '.$_POST["password_post"] .'<br />';
    echo 'MD5 Password...    ';
    // the password will not need to be `escaped` as md5 only returns a 32bit encrypted alphanumeric string (lettters and digits).
    $pass = md5($_POST["password_post"]);
    echo $pass.'<br />';

    echo 'Perform query... ';
    $qry = "SELECT * FROM `clients` WHERE ID='$user' AND password='$pass' LIMIT 1";
    echo '<pre>'.htmlentities($qry, ENT_QUOTES).'</pre>';


    $sql = mysql_query($qry);
    echo '<br />Query succesfully executed<br />';
    echo 'Results:';
    if(mysql_num_rows($sql) == 1)
    {
        $result = mysql_fetch_assoc($sql);
        echo '<pre>'.print_r($result, true).'</pre>';

        $ID                           = $result["ID"];
        $_SESSION['session_username'] = $ID;
        $_SESSION['session_level']    = $result['level'];
        $_SESSION['session_ip']       = $_SERVER['REMOTE_ADDR'];

        // Disabled redirect
        //echo "<meta http-equiv=\"refresh\" content=\"0;url=clients.php?action=edit$ID\">";
        //exit;

        echo "Redirect disabled, click to <a href=\"clients.php?action=edit$ID\">Continue...</a>";
    }
    else
    {
        echo "<b><u>Error: The Username/Password Incorrect<br></u></b>";

        /* DEBUGGING */
        echo 'OK lets debug it!.<br />';
        echo 'Perform query...   ';

        $qry = "SELECT * FROM `clients` WHERE ID='$user'";
        echo '<pre>'.htmlentities($qry, ENT_QUOTES).'</pre>';

        $sql = mysql_query($qry);
        echo '<br />Query succesfully executed<br />';
        echo 'There are '.mysql_num_rows($sql).' with the ID `'.$user.'`<br />';
        echo 'Results:';
        if(mysql_num_rows($sql) == 1)
        {
            $result = mysql_fetch_assoc($sql);
            echo '<pre>'.print_r($result, true).'</pre>';

            echo 'Comparing password...    ';
            if($result['password'] == $pass)
                echo 'OK';
            else
            {
                echo 'FAIL';
                echo '<br />'.$pass.' ($pass)   '.strlen($pass).'<br />'.$result['password'].'($result[password]) '.strlen($result['password']);
            }
        }
    }
}

?>

All ive done is added some echo statements which just spits out messages so we know whats going on whiles the scripts executes. Post the results here when done.

Well i tried

 

<?php
session_start();
include 'config.php';

if(isset($_GET['login']) && $_GET['login'] == "login")
{
    echo 'Attempting login...<br />';

    if(!isset($_POST['username_post'], $_POST['password_post']))
    {
        echo "<b>Error: Username and password required for login</b>";
        exit;
    }

    echo 'Username/Password provided...<br />';
    echo '<pre>$_POST data:<br />'.print_r($_POST, true).'</pre>';

    echo 'User: ' . $_POST["username_post"] . '<br />';
    $user = mysql_real_escape_string($_POST["username_post"]);

    echo 'Password: '.$_POST["password_post"] .'<br />';
    echo 'MD5 Password...    ';
    // the password will not need to be `escaped` as md5 only returns a 32bit encrypted alphanumeric string (lettters and digits).
    $pass = md5($_POST["password_post"]);
    echo $pass.'<br />';

    echo 'Perform query... ';
    $qry = "SELECT * FROM `clients` WHERE ID='$user' AND password='$pass' LIMIT 1";
    echo '<pre>'.htmlentities($qry, ENT_QUOTES).'</pre>';


    $sql = mysql_query($qry);
    echo '<br />Query succesfully executed<br />';
    echo 'Results:';
    if(mysql_num_rows($sql) == 1)
    {
        $result = mysql_fetch_assoc($sql);
        echo '<pre>'.print_r($result, true).'</pre>';

        $ID                           = $result["ID"];
        $_SESSION['session_username'] = $ID;
        $_SESSION['session_level']    = $result['level'];
        $_SESSION['session_ip']       = $_SERVER['REMOTE_ADDR'];

        // Disabled redirect
        //echo "<meta http-equiv=\"refresh\" content=\"0;url=clients.php?action=edit$ID\">";
        //exit;

        echo "Redirect disabled, click to <a href=\"clients.php?action=edit$ID\">Continue...</a>";
    }
    else
    {
        echo "<b><u>Error: The Username/Password Incorrect<br></u></b>";

        /* DEBUGGING */
        echo 'OK lets debug it!.<br />';
        echo 'Perform query...   ';

        $qry = "SELECT * FROM `clients` WHERE ID='$user'";
        echo '<pre>'.htmlentities($qry, ENT_QUOTES).'</pre>';

        $sql = mysql_query($qry);
        echo '<br />Query succesfully executed<br />';
        echo 'There are '.mysql_num_rows($sql).' with the ID `'.$user.'`<br />';
        echo 'Results:';
        if(mysql_num_rows($sql) == 1)
        {
            $result = mysql_fetch_assoc($sql);
            echo '<pre>'.print_r($result, true).'</pre>';

            echo 'Comparing password...    ';
            if($result['password'] == $pass)
                echo 'OK';
            else
            {
                echo 'FAIL';
                echo '<br />'.$pass.' ($pass)   '.strlen($pass).'<br />'.$result['password'].'($result[password]) '.strlen($result['password']);
            }
        }
    }
}

?>

 

And on refreshing the page it gave...

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\xampp\panel\clients.php:1) in C:\xampp\htdocs\xampp\panel\clients.php on line 2

 

 

 

It doesn't matter if its hackable, its being used offline with xxamp running.

First check to see if there is nothing before the opening <?php tag, if there is nothing there then this error is normally caused because you're saving the file as UTF-8 encoding. Either save it as ANSII or UTF-8 without BOM these options should be available within your text editors save dialog.

Oh right, so i checked it and stupid me left in a < at the start -feels thick

 

So i ran the script and got this...

 

Attempting login...
Username/Password provided...

$_POST data:
Array
(
    [username_post] => 1
    [password_post] => test
    [myclicker] => (More)
)

User: 1
Password: test
MD5 Password...    098f6bcd4621d373cade4e832627b4f6
Perform query...

SELECT * FROM `clients` WHERE ID='1' AND password='098f6bcd4621d373cade4e832627b4f6' LIMIT 1


Query succesfully executed
Results:Error: The Username/Password Incorrect
OK lets debug it!.
Perform query...  

SELECT * FROM `clients` WHERE ID='1'


Query succesfully executed
There are 1 with the ID `1`
Results:

Array
(
    [iD] => 1
    [ClientMale] => Rob
    [ClientFemale] => Eileen
    [NoticeDAT] => 
    [iP] => 0
    [ClientAgem] => 49
    [ClientAgef] => 51
    [ClientStreet] => 33 Eastville
    [ClientTown] => Yeovil
    [ClientPost] => BA21 4JD
    [ClientNumber] => 01935434962
    [ClientNotes] => notes
    [ClientBudget] => budget
    [ClientLoc] => location
    [ClientTime] => time&date
    [ClientEmail] => N.A
    [ClientFlo] => Flourists info
    [ClientPho] => photo info
    [ClientRecven] => reception info
    [ClientTran] => transport info
    [ClientTravg] => travel guests
    [ClientTravh] => travel honeymoon
    [ClientHair] => hair 
    [ClientMake] => makeup
    [ClientOut] => outfit
    [ClientCat] => caterer
    [ClientEnter] => entertainment
    [ClientCon] => contingency
    [password] => 44c7d73a1fa98c2302f2de67bd80ce95
)

Comparing password...    FAIL
098f6bcd4621d373cade4e832627b4f6 ($pass)   32
44c7d73a1fa98c2302f2de67bd80ce95($result[password]) 32

Ok the passwords differ. The md5 for the password you used is 098f6bcd4621d373cade4e832627b4f6 however the encrypted password in your database is 44c7d73a1fa98c2302f2de67bd80ce95 which is completely different and thus your login is failing.

 

Are you using the correct password for user ID 1? How do you insert users into the clients table, post your code here?

the login script is working correctly its now to do with the data in your database that is wrong.

 

I'm certain i'm using the right password, i've only used test for these passwords.

 

The password etc is being added using the addclients.php page...

 

addclients.php

<? session_start();

include 'config.php';
include 'online.php';

$ip = $_SERVER['REMOTE_ADDR']; //get the ip of the current user

if(!isset($_SESSION['session_username']) || empty($_SESSION['session_username']) || $ip!= $_SESSION['session_ip']) {

//if the username is not set or the session username is empty or the ip does not match the session ip log them out

session_unset(); //clears firefox

session_destroy(); //clears IE

echo "ERROR!!!";

exit; } ?>
<a href="clients.php"><<< Back</a><br><br>
<table width="100%" background="../../images/header.PNG">
<tr><td>
<font face="Verdana" size="1"><b>Add A Client</b></font>
</td></tr></table><font size="1" face="Verdana"><p>From here you can add a new client to the clients list. Just fill in the simple form below.

<?

$IP = "$REMOTE_ADDR";

$date = date("d/m/y");

$action = $_GET["action"];
$ClientMale = $_POST["ClientMale"];
$ClientFemale = $_POST["ClientFemale"];
$ClientAgem = $_POST["ClientAgem"];
$ClientAgef = $_POST["ClientAgef"];
$ClientStreet = $_POST["ClientStreet"];
$ClientTown = $_POST["ClientTown"];
$ClientPost = $_POST["ClientPost"];
$ClientNumber = $_POST["ClientNumber"];
$NoticeDAT = $_POST["NoticeDAT"];
$ClientBudget = $_POST["ClientBudget"];
$ClientLoc = $_POST["ClientLoc"];
$ClientTime = $_POST["ClientTime"];
$ClientEmail = $_POST["ClientEmail"];
$password = $_POST["password"];

if($action == "add") {

include ("config.php");
if(!$ClientMale || !$password) { echo "<br><br><b>You must enter a username and password!</b>"; exit; }
$password = md5($password);

$add = mysql_query("INSERT INTO `clients` ( `ClientMale`, `ClientFemale`, `ClientAgem`, `ClientAgef`, `NoticeDAT`, `ClientStreet`, `ClientTown`, `ClientPost`, `ClientNumber`, `ClientBudget`, `ClientLoc`, `ClientTime`, `ClientEmail`, `password`) VALUES ('$ClientMale', '$ClientFemale', '$ClientAgem', '$ClientAgef', '$NoticeDAT', '$ClientStreet', '$ClientTown', '$ClientPost', '$ClientNumber', '$ClientBudget', '$ClientLoc', '$ClientTime', '$ClientEmail', '$password')");

echo "<br><Br><b>The clients has been added to the clients list.</b>";

} else {

echo "<form method='post' action='addclients.php?action=add'>

<table border=\"0\" cellpadding=\"2\" cellspacing=\"5\">

<tr><td><font face=\"Verdana\" size=\"1\">Male Client:</td><td valign='top'><input type='text' name='ClientMale' class='button' size='25'>
<font face=\"Verdana\" size=\"1\"><input type='checkbox' name='ClientMale' value='N.A' disabled> <b>Required!</b></td></tr>

<tr><td><font face=\"Verdana\" size=\"1\">Female Client::</td><td><input type='text' name='ClientFemale' class='button' size='25'>
<font face=\"Verdana\" size=\"1\"><input type='checkbox' name='ClientFemale' value='N.A' disabled> <b>Required!</b></td></tr>

<tr><td><font face=\"Verdana\" size=\"1\">Male Client Age:</td><td><input type='text' name='ClientAgem' class='button' size='25'>
<font face=\"Verdana\" size=\"1\"><input type='checkbox' name='ClientAgem' value='N.A'> <b>N/A</b></td></tr>

<tr><td><font face=\"Verdana\" size=\"1\">Female Client Age:</td><td><input type='text' name='ClientAgef' class='button' size='25'>
<font face=\"Verdana\" size=\"1\"><input type='checkbox' name='ClientAgef' value='N.A'> <b>N/A</b></td></tr>

<tr><td><font face=\"Verdana\" size=\"1\">Contact Email:</td><td><input type='text' name='ClientEmail' class='button' size='25'>
<font face=\"Verdana\" size=\"1\"><input type='checkbox' name='ClientEmail' value='N.A'> <b>N/A</b></td></tr>

<tr><td><font face=\"Verdana\" size=\"1\">Client Password:</td><td><input type='text' name='password' class='button' size='25'>
<font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='N.A' disabled> <b>Required!</b></td></tr>

<tr><td><font face=\"Verdana\" size=\"1\">Street Name:</td><td><input type='text' name='ClientStreet' class='button' size='25'>
<font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='$password' disabled> <b>Required!</b></td></tr>
<tr><td><font face=\"Verdana\" size=\"1\">Town Name:</td><td><input type='text' name='ClientTown' class='button' size='25'>
<font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='N.A' disabled> <b>Required!</b></td></tr>
<tr><td><font face=\"Verdana\" size=\"1\">Postcode:</td><td><input type='text' name='ClientPost' class='button' size='25'>
<font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='N.A' disabled> <b>Required!</b></td></tr>

<tr><td><font face=\"Verdana\" size=\"1\">Contact Number:</td><td><input type='text' name='ClientNumber' class='button' size='25'>
<font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='N.A' disabled> <b>Required!</b></td></tr>

<tr><td><font face=\"Verdana\" size=\"1\">Budget:</td><td><input type='text' name='ClientBudget' class='button' size='25'>
<font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='N.A'> <b>N/A</b></td></tr>

<tr><td><font face=\"Verdana\" size=\"1\">Wedding Location:</td><td><input type='text' name='ClientLoc' class='button' size='25'>
<font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='N.A'> <b>N/A</b></td></tr>

<tr><td><font face=\"Verdana\" size=\"1\">Wedding Date And Time:</td><td><input type='text' name='ClientTime' class='button' size='25'>
<font face=\"Verdana\" size=\"1\"><input type='checkbox' name='password' value='N.A'> <b>N/A</b></td></tr>

<tr><td></td><td><input type='submit' name='submit' value='Submit'></td></tr>

</form>";

}

?>

</P></font>

</font></font></font></font></font>

Okay try this. Create a new php file with the following code and run it only once.

<?php

if(isset($_GET['run']))
{
    die('password reset');
}

mysql_query("UPDATE `clients` SET `password`='".md5('test')."' WHERE `ID`=1");

header('Location '.$_SERVER['PHP_SELF'].'?run');

?>

That will reset the the password for the user ID 1. Try your login code again if it works. Then it means either you used a different password when you added the first user or there is problem with the code that adds the user to clients table.[/code]

Login with the user ID of 1 using the password test and post the output of this script again.

 

What the script does here is reset the password for the user ID of 1 to the md5 hash of test which is 098f6bcd4621d373cade4e832627b4f6

Okay try this. Create a new php file with the following code and run it only once.

<?php

if(isset($_GET['run']))
{
    die('password reset');
}

mysql_query("UPDATE `clients` SET `password`='".md5('test')."' WHERE `ID`=1");

header('Location '.$_SERVER['PHP_SELF'].'?run');

?>

That will reset the the password for the user ID 1. Try your login code again if it works. Then it means either you used a different password when you added the first user or there is problem with the code that adds the user to clients table.[/code]

 

Doesn't md5() encrypt the apostraphies too?

 

Try md5(test); ?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.