steveangelis Posted April 23, 2009 Share Posted April 23, 2009 I know this is a bit of a long code but I cannot seem to get it to work right. <?PHP require ('inc/config.php'); $linkid = @mysql_connect("$db_host", "$db_uname", "$db_pass"); mysql_select_db("$db_name", $linkid); include('check.php'); $query2 = "SELECT * from members WHERE mbr_name='$username'"; $result2 = mysql_query($query2) or die("The information you entered does not match our records."); $row2=mysql_fetch_array($result2); if ($_COOKIE["user"] == $row2['mbr_name']) { include('modules/console.php'); } else { if (isset($_GET['l'])) { if ($_GET['l'] == '1') { $username2=$_POST['username']; $password2=$_POST['password']; $query = "SELECT * from members WHERE mbr_name='$username2'"; $result = mysql_query($query) or die("The information you entered does not match our records."); $row=mysql_fetch_array($result); $dbpassword = $row['mbr_pass']; $userid = $row['id']; //$mdp=$row['password']; mysql_close($linkid); if ($dbpassword == md5($password2)) { //authenticate user $password5=md5($password2); //setcookie ("mdp", $mdp, $time); setcookie ("id", $userid); setcookie ("user", $username2); setcookie ("pass", $password5); //$username=$_COOKIE["user"]; include('modules/console.php'); //Header ("location: index2.php?p=status"); //test display authentication } else { echo "<center>Login Failed. <br><a href='index.php?p=cp'>Back</a></center>"; } } else { }?> <?PHP } else { ?> <form action="index.php?p=cp&l=1" method="post" enctype="application/x-www-form-urlencoded"><table width="400" border="0" align="center"> <tr> <td align="center" valign="top" class="style4">Login</td> </tr> <tr> <td align="left" valign="top"><table width="100%" border="0"> <tr> <td width="100" align="left" valign="top">Username</td> <td align="left" valign="top"><input name="username" type="text" size="15" maxlength="50" /></td> </tr> <tr> <td align="left" valign="top">Password</td> <td align="left" valign="top"><input name="password" type="password" size="15" maxlength="50" /></td> </tr> </table> </td> </tr> <tr> <td align="left" valign="top"> </td> </tr> <tr> <td align="left" valign="top"><input name="submit" type="submit" /></td> </tr> <tr> <td align="left" valign="top"> </td> </tr> </table></form> <?PHP } } ?> This code should do the following: User with no cookies gets the login page. If they have the cookie active from the login then they get the file console.php which right now has nothing on it. If you have no active cookies that match up with the database username then you go to the login page. Does anyone see where this is going wrong? I can login but that is all. If you want to see what goes on the link to it is http://70.69.179.149/clan/index.php?p=cp But right now nothing works with it because of how it is. Link to comment https://forums.phpfreaks.com/topic/155308-failing-login-script/ Share on other sites More sharing options...
steveangelis Posted April 23, 2009 Author Share Posted April 23, 2009 Does anyone see the problem? Link to comment https://forums.phpfreaks.com/topic/155308-failing-login-script/#findComment-817131 Share on other sites More sharing options...
steveangelis Posted April 23, 2009 Author Share Posted April 23, 2009 Bump Link to comment https://forums.phpfreaks.com/topic/155308-failing-login-script/#findComment-817548 Share on other sites More sharing options...
revraz Posted April 23, 2009 Share Posted April 23, 2009 You don't really explain what is working right and what isn't. Give better examples so we can follow your logic. Link to comment https://forums.phpfreaks.com/topic/155308-failing-login-script/#findComment-817569 Share on other sites More sharing options...
tang Posted April 23, 2009 Share Posted April 23, 2009 Reposting the code with highlighting and proper indentation will help :-D <?php require ('inc/config.php'); $linkid = @mysql_connect("$db_host", "$db_uname", "$db_pass"); mysql_select_db("$db_name", $linkid); include('check.php'); $query2 = "SELECT * from members WHERE mbr_name='$username'"; $result2 = mysql_query($query2) or die("The information you entered does not match our records."); $row2=mysql_fetch_array($result2); if ($_COOKIE["user"] == $row2['mbr_name']) { include('modules/console.php'); } else { if (isset($_GET['l'])) { if ($_GET['l'] == '1') { $username2=$_POST['username']; $password2=$_POST['password']; $query = "SELECT * from members WHERE mbr_name='$username2'"; $result = mysql_query($query) or die("The information you entered does not match our records."); $row=mysql_fetch_array($result); $dbpassword = $row['mbr_pass']; $userid = $row['id']; //$mdp=$row['password']; mysql_close($linkid); if ($dbpassword == md5($password2)) { //authenticate user $password5=md5($password2); //setcookie ("mdp", $mdp, $time); setcookie ("id", $userid); setcookie ("user", $username2); setcookie ("pass", $password5); //$username=$_COOKIE["user"]; include('modules/console.php'); //Header ("location: index2.php?p=status"); //test display authentication } else { echo "<center>Login Failed. <br><a href='index.php?p=cp'>Back</a></center>"; } } else { }?> <?PHP } else { ?> <form action="index.php?p=cp&l=1" method="post" enctype="application/x-www-form-urlencoded"><table width="400" border="0" align="center"> <tr> <td align="center" valign="top" class="style4">Login</td> </tr> <tr> <td align="left" valign="top"><table width="100%" border="0"> <tr> <td width="100" align="left" valign="top">Username</td> <td align="left" valign="top"><input name="username" type="text" size="15" maxlength="50" /></td> </tr> <tr> <td align="left" valign="top">Password</td> <td align="left" valign="top"><input name="password" type="password" size="15" maxlength="50" /></td> </tr> </table> </td> </tr> <tr> <td align="left" valign="top"> </td> </tr> <tr> <td align="left" valign="top"><input name="submit" type="submit" /></td> </tr> <tr> <td align="left" valign="top"> </td> </tr> </table></form> <?PHP } } ?> Link to comment https://forums.phpfreaks.com/topic/155308-failing-login-script/#findComment-817577 Share on other sites More sharing options...
tang Posted April 23, 2009 Share Posted April 23, 2009 include('check.php'); $query2 = "SELECT * from members WHERE mbr_name='$username'"; $result2 = mysql_query($query2) or die("The information you entered does not match our records."); $row2=mysql_fetch_array($result2); if ($_COOKIE["user"] == $row2['mbr_name']) { include('modules/console.php'); } Should be something like: include('check.php'); if (isset($_COOKIE["user"])) { $query2 = "SELECT * from members WHERE mbr_name='".mysql_real_escape_string($_COOKIE["user"])."'"; $result2 = mysql_query($query2) or die("The information you entered does not match our records."); $row2=mysql_fetch_array($result2); if (isset($_COOKIE["pass"]) && $_COOKIE["pass"] == $row['mbr_pass']) { include('modules/console.php'); } } EDIT: You also need to check that $rows were returned from your query, else the username was not found and the following code will fail. Link to comment https://forums.phpfreaks.com/topic/155308-failing-login-script/#findComment-817588 Share on other sites More sharing options...
herghost Posted April 23, 2009 Share Posted April 23, 2009 I see something dodgy here too : <?PHP } else { ?> this is not actually doing anything and the parethis are round the wrong way! Link to comment https://forums.phpfreaks.com/topic/155308-failing-login-script/#findComment-817624 Share on other sites More sharing options...
revraz Posted April 23, 2009 Share Posted April 23, 2009 Something like that usually indicatates the loop is open before that, then they stop PHP to do HTML, then resume PHP after. Link to comment https://forums.phpfreaks.com/topic/155308-failing-login-script/#findComment-817743 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.