steveangelis Posted April 23, 2009 Share Posted April 23, 2009 I know this is a bit of a long code but I cannot seem to get it to work right. <?PHP require ('inc/config.php'); $linkid = @mysql_connect("$db_host", "$db_uname", "$db_pass"); mysql_select_db("$db_name", $linkid); include('check.php'); $query2 = "SELECT * from members WHERE mbr_name='$username'"; $result2 = mysql_query($query2) or die("The information you entered does not match our records."); $row2=mysql_fetch_array($result2); if ($_COOKIE["user"] == $row2['mbr_name']) { include('modules/console.php'); } else { if (isset($_GET['l'])) { if ($_GET['l'] == '1') { $username2=$_POST['username']; $password2=$_POST['password']; $query = "SELECT * from members WHERE mbr_name='$username2'"; $result = mysql_query($query) or die("The information you entered does not match our records."); $row=mysql_fetch_array($result); $dbpassword = $row['mbr_pass']; $userid = $row['id']; //$mdp=$row['password']; mysql_close($linkid); if ($dbpassword == md5($password2)) { //authenticate user $password5=md5($password2); //setcookie ("mdp", $mdp, $time); setcookie ("id", $userid); setcookie ("user", $username2); setcookie ("pass", $password5); //$username=$_COOKIE["user"]; include('modules/console.php'); //Header ("location: index2.php?p=status"); //test display authentication } else { echo "<center>Login Failed. <br><a href='index.php?p=cp'>Back</a></center>"; } } else { }?> <?PHP } else { ?> <form action="index.php?p=cp&l=1" method="post" enctype="application/x-www-form-urlencoded"><table width="400" border="0" align="center"> <tr> <td align="center" valign="top" class="style4">Login</td> </tr> <tr> <td align="left" valign="top"><table width="100%" border="0"> <tr> <td width="100" align="left" valign="top">Username</td> <td align="left" valign="top"><input name="username" type="text" size="15" maxlength="50" /></td> </tr> <tr> <td align="left" valign="top">Password</td> <td align="left" valign="top"><input name="password" type="password" size="15" maxlength="50" /></td> </tr> </table> </td> </tr> <tr> <td align="left" valign="top"> </td> </tr> <tr> <td align="left" valign="top"><input name="submit" type="submit" /></td> </tr> <tr> <td align="left" valign="top"> </td> </tr> </table></form> <?PHP } } ?> This code should do the following: User with no cookies gets the login page. If they have the cookie active from the login then they get the file console.php which right now has nothing on it. If you have no active cookies that match up with the database username then you go to the login page. Does anyone see where this is going wrong? I can login but that is all. If you want to see what goes on the link to it is http://70.69.179.149/clan/index.php?p=cp But right now nothing works with it because of how it is. Quote Link to comment Share on other sites More sharing options...
steveangelis Posted April 23, 2009 Author Share Posted April 23, 2009 Does anyone see the problem? Quote Link to comment Share on other sites More sharing options...
steveangelis Posted April 23, 2009 Author Share Posted April 23, 2009 Bump Quote Link to comment Share on other sites More sharing options...
revraz Posted April 23, 2009 Share Posted April 23, 2009 You don't really explain what is working right and what isn't. Give better examples so we can follow your logic. Quote Link to comment Share on other sites More sharing options...
tang Posted April 23, 2009 Share Posted April 23, 2009 Reposting the code with highlighting and proper indentation will help :-D <?php require ('inc/config.php'); $linkid = @mysql_connect("$db_host", "$db_uname", "$db_pass"); mysql_select_db("$db_name", $linkid); include('check.php'); $query2 = "SELECT * from members WHERE mbr_name='$username'"; $result2 = mysql_query($query2) or die("The information you entered does not match our records."); $row2=mysql_fetch_array($result2); if ($_COOKIE["user"] == $row2['mbr_name']) { include('modules/console.php'); } else { if (isset($_GET['l'])) { if ($_GET['l'] == '1') { $username2=$_POST['username']; $password2=$_POST['password']; $query = "SELECT * from members WHERE mbr_name='$username2'"; $result = mysql_query($query) or die("The information you entered does not match our records."); $row=mysql_fetch_array($result); $dbpassword = $row['mbr_pass']; $userid = $row['id']; //$mdp=$row['password']; mysql_close($linkid); if ($dbpassword == md5($password2)) { //authenticate user $password5=md5($password2); //setcookie ("mdp", $mdp, $time); setcookie ("id", $userid); setcookie ("user", $username2); setcookie ("pass", $password5); //$username=$_COOKIE["user"]; include('modules/console.php'); //Header ("location: index2.php?p=status"); //test display authentication } else { echo "<center>Login Failed. <br><a href='index.php?p=cp'>Back</a></center>"; } } else { }?> <?PHP } else { ?> <form action="index.php?p=cp&l=1" method="post" enctype="application/x-www-form-urlencoded"><table width="400" border="0" align="center"> <tr> <td align="center" valign="top" class="style4">Login</td> </tr> <tr> <td align="left" valign="top"><table width="100%" border="0"> <tr> <td width="100" align="left" valign="top">Username</td> <td align="left" valign="top"><input name="username" type="text" size="15" maxlength="50" /></td> </tr> <tr> <td align="left" valign="top">Password</td> <td align="left" valign="top"><input name="password" type="password" size="15" maxlength="50" /></td> </tr> </table> </td> </tr> <tr> <td align="left" valign="top"> </td> </tr> <tr> <td align="left" valign="top"><input name="submit" type="submit" /></td> </tr> <tr> <td align="left" valign="top"> </td> </tr> </table></form> <?PHP } } ?> Quote Link to comment Share on other sites More sharing options...
tang Posted April 23, 2009 Share Posted April 23, 2009 include('check.php'); $query2 = "SELECT * from members WHERE mbr_name='$username'"; $result2 = mysql_query($query2) or die("The information you entered does not match our records."); $row2=mysql_fetch_array($result2); if ($_COOKIE["user"] == $row2['mbr_name']) { include('modules/console.php'); } Should be something like: include('check.php'); if (isset($_COOKIE["user"])) { $query2 = "SELECT * from members WHERE mbr_name='".mysql_real_escape_string($_COOKIE["user"])."'"; $result2 = mysql_query($query2) or die("The information you entered does not match our records."); $row2=mysql_fetch_array($result2); if (isset($_COOKIE["pass"]) && $_COOKIE["pass"] == $row['mbr_pass']) { include('modules/console.php'); } } EDIT: You also need to check that $rows were returned from your query, else the username was not found and the following code will fail. Quote Link to comment Share on other sites More sharing options...
herghost Posted April 23, 2009 Share Posted April 23, 2009 I see something dodgy here too : <?PHP } else { ?> this is not actually doing anything and the parethis are round the wrong way! Quote Link to comment Share on other sites More sharing options...
revraz Posted April 23, 2009 Share Posted April 23, 2009 Something like that usually indicatates the loop is open before that, then they stop PHP to do HTML, then resume PHP after. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.