Jump to content

[SOLVED] login script help

dadamssg

By dadamssg
in PHP Coding Help

Recommended Posts

dadamssg Advanced Member

dadamssg

Posted
Posted

im have one script that works great...i just want to escape and clean the $_POST values before they get queried, the first script is the working one but with no protection...the second always sends me to yahoo...did that to tell me what was happening, so my login name is found, but password isn't correct(which it really is)

<?php
/* Program: Login.php
* Desc:    Login program for the Members Only section

*/
session_start();                                      # 9
include("caneck.inc");                                  #10
                                    #13
     $cxn = mysqli_connect($host, $user,$passwd,$dbname) 
            or die ("Couldn't connect to server.");    #15

     $sql = "SELECT loginName FROM Member 
             WHERE loginName='$_POST[fusername]'";     #18
     $result = mysqli_query($cxn,$sql)
               or die("Couldn't execute query.");      #20
     $num = mysqli_num_rows($result);                  #21
     if ($num > 0)  // login name was found            #22
     {
        $sql = "SELECT loginName FROM Member 
                WHERE loginName='$_POST[fusername]'
                AND password=md5('$_POST[fpassword]')";
        $result2 = mysqli_query($cxn,$sql)
                   or die("Couldn't execute query 2.");
        $num2 = mysqli_num_rows($result2);
        if ($num2 > 0)  // password is correct         #30
        {
           $_SESSION['auth']="yes";                    #32
           $logname=$_POST['fusername']; 
           $_SESSION['logname'] = $logname;            #34
           $today = date("Y-m-d h:i:s");               #35
           $sql = "INSERT INTO Login (loginName,loginTime)
                   VALUES ('$logname','$today')";
           $result = mysqli_query($cxn,$sql) 
                     or die("Can't execute insert query.");
           header("Location: /test/project12.php");        #40
        }
        else    // password is not correct             #42
        {
           $message="The Login Name, '$_POST[fusername]' 
                     exists, but you have not entered the 
                     correct password! Please try again.<br>";
           
	   header("Location: http://www.mysite.com/test/Login2.php");
        } 
     }                                                 #49
     elseif ($num == 0)  // login name not found       #50
     {   
        $message = "The Login Name you entered does not 
                    exist! Please try again.<br>";
       
	 header("Location: http://www.mysite.com/Members/Login2.php");
     }
                                            #56
?>

 

and the one im trying to get working

<?php
/* Program: Login.php
* Desc:    Login program for the Members Only section
  */
session_start();                                      # 9
include("caneck.inc");                                  #10
             

		 #13
     $cxn = mysqli_connect($host, $user,$passwd,$dbname) 
            or die ("Couldn't connect to server.");    #15

$password = mysqli_escape_string($cxn, $_POST['fpassword']);
$username = mysqli_escape_string($cxn, $_POST['fusername']);

     $sql = "SELECT loginName FROM Member 
             WHERE loginName='$username'";     #18
     $result = mysqli_query($cxn,$sql)
               or die("Couldn't execute query.");      #20
     $num = mysqli_num_rows($result);                  #21
     if ($num > 0)  // login name was found            #22
     {
        $sql = "SELECT loginName FROM Member 
                WHERE loginName='$fusername'
                AND password=md5('$password]')";
        $result2 = mysqli_query($cxn,$sql)
                   or die("Couldn't execute query 2.");
        $num2 = mysqli_num_rows($result2);
        if ($num2 > 0)  // password is correct         #30
        {
           $_SESSION['auth']="yes";                    #32
           $logname=$username; 
           $_SESSION['logname'] = $logname;            #34           
           header("Location: /test/project12.php");        #40
        }
        else    // password is not correct             #42
        {
           $message="The Login Name, '$_POST[fusername]' 
                     exists, but you have not entered the 
                     correct password! Please try again.<br>";
           
	   header("Location: http://www.yahoo.com");
        } 
     }                                                 #49
     elseif ($num == 0)  // login name not found       #50
     {   
        $message = "The Login Name you entered does not 
                    exist! Please try again.<br>";
       
	 header("Location: http://www.google.com");
     }
                                            #56
?>

 

 

Link to comment
https://forums.phpfreaks.com/topic/149199-solved-login-script-help/
Share on other sites
dadamssg Advanced Member

dadamssg

Posted
  • Author
Posted

so i've narrowed it down a little bit im having problems with this section, i get a mysql error that says Unknown column 'tester' in 'where clause', tester is my username i set up..the section is right here

 

 $cxn = mysqli_connect($host, $user,$passwd,$dbname) 
            or die ("Couldn't connect to server.");    #15

$password = mysqli_real_escape_string($cxn, $_POST['fpassword']);
$username = mysqli_real_escape_string($cxn, $_POST['fusername']);

     $sql = "SELECT loginName FROM Member 
             WHERE loginName=$username";     #18

 

 

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.