jamesxg1 Posted April 11, 2009 Share Posted April 11, 2009 <?php session_start(); ini_set('display_errors', 1); error_reporting(E_ALL); include 'Database/Connection.php'; if (isset($_POST['submit'])) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes($_POST['password'])); if ($username && $password) { $sql = "SELECT * FROM `unlock` WHERE username = '$username' AND password = '$password'" or die(mysql_error()); $result = mysql_query($sql) or die(mysql_error()); if (mysql_num_rows($result) > 1) { $morerow = mysql_fetch_array($result); if (isset( $_SESSION['loggedin'] )) { header('Location: Main.php'); } if ($morerow['owner'] != "") { $_SESSION['username'] = $username; $_SESSION['filename'] = $morerow['filename']; $_SESSION['owner'] = $morerow['owner']; $_SESSION['dir'] = $morerow['format']; header('Location: DownloadFile.php'); } else { echo "Wrong Username or Password"; } } } } ?> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form method="POST" action="<?php $PHP_SELF ?>"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="username" type="text" id="username"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="password" type="password" id="password"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table> it doesnt show any error at all even when it the password and username are entered wrong, and it just refresh's (all form fields empty) upon trying to login :S Quote Link to comment Share on other sites More sharing options...
R4nk3d Posted April 11, 2009 Share Posted April 11, 2009 if ($username && $password) { Change that to: if (isset($username) && isset($password)) { Try that, because when you say if ($username && $password) { youre really saying if($username == 1 && $password == 1) not if they have info in them. Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted April 11, 2009 Author Share Posted April 11, 2009 if ($username && $password) { Change that to: if (isset($username) && isset($password)) { Try that, because when you say if ($username && $password) { youre really saying if($username == 1 && $password == 1) not if they have info in them. cheers mate your logic is right, changed , but the script is still doing the same thing :S Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted April 11, 2009 Author Share Posted April 11, 2009 ok heres the code, <?php session_start(); ini_set('display_errors', 1); error_reporting(E_ALL); include 'Database/Connection.php'; if (isset($_POST['submit'])) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes($_POST['password'])); if (isset($username) && isset($password)) { $sql = "SELECT * FROM `unlock` WHERE username = '$username' AND password = '$password'" or die(mysql_error()); $result = mysql_query($sql) or die(mysql_error()); if (mysql_num_rows($result) > 0) { $morerow = mysql_fetch_array($result); if (isset( $_SESSION['loggedin'] )) { header('Location: Main.php'); } if ($morerow['owner'] != "") { $_SESSION['username'] = $username; $_SESSION['filename'] = $morerow['filename']; $_SESSION['owner'] = $morerow['owner']; $_SESSION['dir'] = $morerow['format']; header('Location: DownloadFile.php'); } else { echo "Wrong Username or Password"; } } } } ?> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form method="POST" action="<?php $PHP_SELF ?>"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="username" type="text" id="username"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="password" type="password" id="password"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table> this is the problem if (mysql_num_rows($result) > 0) { Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted April 11, 2009 Share Posted April 11, 2009 refreshes to where? you have a couple of header() functions in there. always exit() your header() to avoid the possibility of code executing after the header redirection. Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted April 11, 2009 Author Share Posted April 11, 2009 <?php session_start(); ini_set('display_errors', 1); error_reporting(E_ALL); include 'Database/Connection.php'; if (isset($_POST['submit'])) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes($_POST['password'])); if (isset($username) && isset($password)) { $sql = "SELECT * FROM `unlock` WHERE username = '$username' AND password = '$password'" or die(mysql_error()); $result = mysql_query($sql) or die(mysql_error()); $count = mysql_num_rows($result); if ($count = '1') { $morerow = mysql_fetch_array($result); if ($morerow['owner'] != "") { $_SESSION['username'] = $username; $_SESSION['filename'] = $morerow['filename']; $_SESSION['owner'] = $morerow['owner']; $_SESSION['dir'] = $morerow['format']; header('Location: DownloadFile.php'); } else { echo "Wrong Username or Password"; } } } } ?> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form method="POST" action="<?php $PHP_SELF ?>"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="username" type="text" id="username"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="password" type="password" id="password"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table> wokring now just displays the error now :S Quote Link to comment Share on other sites More sharing options...
waynew Posted April 11, 2009 Share Posted April 11, 2009 Firstly, I'd advise you to use proper indentation as solving problems such as this one becomes a lot easier when you do. Secondly, what error are you seeing? Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted April 11, 2009 Share Posted April 11, 2009 <?php ini_set('display_errors', 1); error_reporting(E_ALL); session_start(); include 'Database/Connection.php'; if (isset($_POST['submit'])) { if (!$_SESSION['loggedin']) { if (isset ($_POST['username']) && isset ($_POST['password'])) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes($_POST['password'])); $sql = "SELECT * FROM `unlock` WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql) or die(mysql_error()); if (mysql_num_rows($result) > 1) { $morerow = mysql_fetch_array($result); if ($morerow['owner'] != "") { $_SESSION['username'] = $morerow['username']; $_SESSION['filename'] = $morerow['filename']; $_SESSION['owner'] = $morerow['owner']; $_SESSION['dir'] = $morerow['format']; header('Location: DownloadFile.php'); exit; } else { echo 'insufficient privledges.'; } } else { echo 'no results returned / Wrong Username or Password.'; } } else { echo 'please enter your username and/or password!'; } } else { header('Location: Main.php'); exit; } } else { //display the form; ?> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form method="POST" action="<?php $PHP_SELF ?>"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="username" type="text" id="username"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="password" type="password" id="password"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table> <?php } ?> add echo's throughout your code so you know where you stand. Quote Link to comment Share on other sites More sharing options...
waynew Posted April 11, 2009 Share Posted April 11, 2009 Hi. What if the password contains slashes? You're stripping those away? Just use mysql_real_escape_string. You have nothing more to gain by using stripslashes. Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted April 11, 2009 Author Share Posted April 11, 2009 Firstly, I'd advise you to use proper indentation as solving problems such as this one becomes a lot easier when you do. Secondly, what error are you seeing? i had to modify the code so here it is. . . <?php ini_set('display_errors', 1); error_reporting(E_ALL); session_start(); include 'Database/Connection.php'; if (isset($_POST['submit'])) { if (isset ($_POST['username']) && isset ($_POST['password'])) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes($_POST['password'])); $sql = "SELECT * FROM `unlock` WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql) or die(mysql_error()); if (mysql_num_rows($result) > 1) { $morerow = mysql_fetch_array($result); if ($morerow['owner'] != "") { $_SESSION['username'] = $morerow['username']; $_SESSION['filename'] = $morerow['filename']; $_SESSION['owner'] = $morerow['owner']; $_SESSION['dir'] = $morerow['format']; header('Location: DownloadFile.php'); exit; } else { echo 'insufficient privledges.'; } } else { echo 'no results returned / Wrong Username or Password.'; } } else { echo 'please enter your username and/or password!'; } } else { header('Location: Main.php'); exit; ?> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form method="POST" action="<?php $PHP_SELF ?>"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="username" type="text" id="username"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="password" type="password" id="password"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table> <?php } ?> no results returned / Wrong Username or Password. ^^ thats all i get now, no form is displayed. Quote Link to comment Share on other sites More sharing options...
waynew Posted April 11, 2009 Share Posted April 11, 2009 Do you have the correct username and pass? Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted April 11, 2009 Author Share Posted April 11, 2009 Do you have the correct username and pass? yes, but im not getting the form :S Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted April 11, 2009 Share Posted April 11, 2009 did you try the code i supplied? plus, this won't work : if (mysql_num_rows($result) > 1) { you're seeing if more than 1 row is returned .. not usually the case when doing a login script. Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted April 11, 2009 Author Share Posted April 11, 2009 did you try the code i supplied? plus, this won't work : if (mysql_num_rows($result) > 1) { you're seeing if more than 1 row is returned .. not usually the case when doing a login script. yes, it had some errors and it wouldnt display the form it just showed a error :S Quote Link to comment Share on other sites More sharing options...
waynew Posted April 11, 2009 Share Posted April 11, 2009 What error? Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted April 11, 2009 Share Posted April 11, 2009 did you try the code i supplied? plus, this won't work : if (mysql_num_rows($result) > 1) { you're seeing if more than 1 row is returned .. not usually the case when doing a login script. yes, it had some errors and it wouldnt display the form it just showed a error :S my bad .. change if (mysql_num_rows($result) > 1) to if (mysql_num_rows($result) > 0) and it was the structure i was giving .. surely you can add-on what you need. Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted April 11, 2009 Author Share Posted April 11, 2009 did you try the code i supplied? plus, this won't work : if (mysql_num_rows($result) > 1) { you're seeing if more than 1 row is returned .. not usually the case when doing a login script. yes, it had some errors and it wouldnt display the form it just showed a error :S my bad .. change if (mysql_num_rows($result) > 1) to if (mysql_num_rows($result) > 0) and it was the structure i was giving .. surely you can add-on what you need. <?php ini_set('display_errors', 1); error_reporting(E_ALL); session_start(); include 'Database/Connection.php'; if (isset($_POST['submit'])) { if (isset ($_POST['username']) && isset ($_POST['password'])) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes($_POST['password'])); $sql = "SELECT * FROM `unlock` WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql) or die(mysql_error()); if (mysql_num_rows($result) > 1) { $morerow = mysql_fetch_array($result); if ($morerow['owner'] != "") { $_SESSION['username'] = $morerow['username']; $_SESSION['filename'] = $morerow['filename']; $_SESSION['owner'] = $morerow['owner']; $_SESSION['dir'] = $morerow['format']; header('Location: DownloadFile.php'); exit; } else { echo 'no results returned / Wrong Username or Password.'; } } else { echo 'please enter your username and/or password!'; } } else { header('Location: Main.php'); exit; } } else { //display the form; ?> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form method="POST" action="<?php $PHP_SELF ?>"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="username" type="text" id="username"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="password" type="password" id="password"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table> <?php } ?> please enter your username and/or password! is what i get Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted April 11, 2009 Share Posted April 11, 2009 change if (mysql_num_rows($result) > 1) { to if (mysql_num_rows($result) > 0) { *note the zero Quote Link to comment Share on other sites More sharing options...
jamesxg1 Posted April 11, 2009 Author Share Posted April 11, 2009 change if (mysql_num_rows($result) > 1) { to if (mysql_num_rows($result) > 0) { *note the zero <?php ini_set('display_errors', 1); error_reporting(E_ALL); session_start(); include 'Database/Connection.php'; if (isset($_POST['submit'])) { if (isset ($_POST['username']) && isset ($_POST['password'])) { $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = mysql_real_escape_string(stripslashes($_POST['password'])); $sql = "SELECT * FROM `unlock` WHERE username = '$username' AND password = '$password'"; $result = mysql_query($sql) or die(mysql_error()); if (mysql_num_rows($result) > 0) { $morerow = mysql_fetch_array($result); if ($morerow['owner'] != "") { $_SESSION['username'] = $morerow['username']; $_SESSION['filename'] = $morerow['filename']; $_SESSION['owner'] = $morerow['owner']; $_SESSION['dir'] = $morerow['format']; header('Location: DownloadFile.php'); exit; } else { echo 'no results returned / Wrong Username or Password.'; } } else { echo 'please enter your username and/or password!'; } } else { header('Location: Main.php'); exit; } } else { //display the form; ?> <table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> <tr> <form method="POST" action="<?php $PHP_SELF ?>"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="6">:</td> <td width="294"><input name="username" type="text" id="username"></td> </tr> <tr> <td>Password</td> <td>:</td> <td><input name="password" type="password" id="password"></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table> <?php } ?> done, still the same :S Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted April 11, 2009 Share Posted April 11, 2009 is your password being encrypted in the db? ie. md5()? do you have a record with that username and password even? you need to double check those things .. 'cause that code will return a result if the correct username and password are entered. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.