login script

[newb]

[code] <form action="modules.php?name=admin&amp;op=login" method="post" enctype="multipart/form-data">
Username:&nbsp;<input type="text" name="name" /><br />
Password:&nbsp;&nbsp;<input type="password" name="pass" />
<input type="submit" value="Login" />
</form>

<?php

require $dir."config.php";

$Query = "SELECT * FROM user WHERE username = '$_POST[user]'";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)) {


$username = $row['username'];
$password = $row['password'];
$randomword = dsiadopdjkspodjsadchocolatemousse;

if (isset($_COOKIE['cplogin'])) {
  if ($_COOKIE['cplogin'] == md5($password.$randomword)) {

      exit;
  } else {
      echo "<p>Bad cookie. Clear please clear them out and try to login again.</p>";
      exit;
  }
}

if (isset($_GET['p']) && $_GET['op'] == "login") {
  if ($_POST['name'] != $username) {
      echo "<p>Sorry, that username does not match. Use your browser back button to go back and try again.</p>";
      exit;
  } else if md5($_POST['pass']) != $password) {
      echo "<p>Sorry, that password does not match. Use your browser back button to go back and try again.</p>";
      exit;
  } else if ($_POST['name'] == $username && md5($_POST['pass']) == $password) {
      setcookie('cplogin', md5($_POST['pass'].$randomword));
      echo "<p>Welcome to the Control Panel</p>";
  } else {
      echo "<p>Sorry, you could not be logged in at this time. Refresh the page and try again.</p>";
  }
}
?>[/code]

i get this error: [code]

Parse error: syntax error, unexpected T_STRING, expecting '(' in /home/xxxxxxxxxxxx/login.php on line 34[/code]

how do i fix?

[manichean]

Hello newb,

Your Error:
[code]
} else if md5($_POST['pass']) != $password) { /*Your line 34 should read like my answer code*/
[/code]

My Answer Code:
[code]
} else if (md5($_POST['pass']) != $password) {
[/code]

[treilad]

Manichean is right, but you had a couple other errors. My solution that may or may not save you a lot of time:

Complete new code:

[code]<form action="modules.php?name=admin&amp;op=login" method="post" enctype="multipart/form-data">
Username:&nbsp;<input type="text" name="name" /><br />
Password:&nbsp;&nbsp;<input type="password" name="pass" />
<input type="submit" value="Login" />
</form>

<?php

require $dir."config.php";

$Query = "SELECT * FROM user WHERE username = '$_POST[user]'";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)) {


$username = $row['username'];
$password = $row['password'];
$randomword = dsiadopdjkspodjsadchocolatemousse;
$postpass = (md5($_POST['pass']));

if (isset($_COOKIE['cplogin'])) {
  if ($_COOKIE['cplogin'] == md5($password.$randomword)) {

      exit;
  } else {
      echo "<p>Bad cookie. Clear please clear them out and try to login again.</p>";
      exit;
  }
}

if (isset($_GET['p']) && $_GET['op'] == "login") {
  if ($_POST['name'] != $username) {
      echo "<p>Sorry, that username does not match. Use your browser back button to go back and try again.</p>";
      exit;
  } else if ($postpass != $password) {
      echo "<p>Sorry, that password does not match. Use your browser back button to go back and try again.</p>";
      exit;
  } else if ($_POST['name'] == $username && $postpass == $password) {
      setcookie('cplogin', md5($_POST['pass'].$randomword));
      echo "<p>Welcome to the Control Panel</p>";
  } else {
      echo "<p>Sorry, you could not be logged in at this time. Refresh the page and try again.</p>";
  }
}
}
?>[/code]

Be sure you copy your old code into a new file, so that if this doesn't work you'll have it.

Next time, tell us where line 34 is so we don't have to count.

[treilad]

Be sure and tell me if it works. :)

[newb]

it worked, and i changed code around a lil bit.
[code]
<form action="modules.php?name=admin&amp;op=login" method="post" enctype="multipart/form-data">
Username:&nbsp;<input type="text" name="username" /><br />
Password:&nbsp;&nbsp;<input type="password" name="password" />
<input type="submit" value="Login" />
</form>

<?php

require $dir."config.php";

$username = $_POST['username'];
$password = $_POST['password'];
$password2 = md5($_POST['password']);


$query = "SELECT * FROM user WHERE username = '$username'";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)) {

if ( $_GET['p'] == 'login' ) {
  if ($username != $row['username']) {
      echo "<p>Sorry, that username does not match. Use your browser back button to go back and try again.</p>";
      echo "Inputed Username: '$username'<br />";
     
} else if ($password2 != $row['password']) {
      echo "<p>Sorry, that password does not match. Use your browser back button to go back and try again.</p>";
      echo "Inputed Password: '$password'<br />";

  } else if ($username == $row['username'] && $password2 == $row['password']) {
      session_start();
$_SESSION['username']="$username";
$_SESSION['password']="$password";
      echo "<p>Hello $username, <br /><br />Welcome to the Control Panel.</p> <br /><a href=\"modules.php?name=admin&p=news\">Submit News</a>";
  } else {
      echo "<p>Sorry, you could not be logged in at this time. Refresh the page and try again.</p>";
  }

} else if ( $_GET['p'] == 'logout' ) {
session_destroy();
echo "<p>$username sucessfully logged out</p>";

}
}


  $query = "SELECT * FROM `user` ORDER by username ASC;";
$result = mysql_query( $query );
$nums = mysql_num_rows( $result );

while($row = mysql_fetch_row($result))
{

echo("<b>$row[3]</b> :: $row[2]<br> ");

}

echo "<br /><br />$nums Total Tables";

{
}[/code]

It wont log in at all now though, just gives me a blank page upon post submission. any ideas fellas?

[newb]

and ur code didnt work treilad

[manichean]

Hey there,

the problem is with your $_Get['p'] it does not exist. Your form decleration is as follows
[quote]
<form action="modules.php?name=admin&amp;[b]op=login[/b]" method="post" enctype="multipart/form-data">
[/quote]

which means all all your GET declerations should look like this
[quote]
$_GET['op']
[/quote]

let me know how it works out
:D

[newb]

oh yeah, duh