Jump to content

Trouble with a member log-in type script

sw0o0sh

By sw0o0sh
in PHP Coding Help

Recommended Posts

sw0o0sh Member

sw0o0sh

Posted
Posted
Hi, I'm not really any good at PHP or MySQL, hence why I am here. This script is not working, and I tried everything in my 'knowledge' to try and get it to work. I created a username 'Tim' with the password 'password' on a table called "chaoworld_b" without quotes in my database to test out on this script. Unforunately, it still says "invalid user ID / Password". Another thing that makes this script bit more complex is it includes an anti-spam key required to type in. When I type it in the right way, apparently my script knows I did, but when I type in my username and password the right way, it says it is invalid.

The query is:

[code]
$sql = "SELECT username
FROM chaoworld_b
WHERE username = '$userId' AND password = PASSWORD('$password')";
[/code]

And in chaoworld_b , as said before, I have the rows username and password.

I have no clue whats wrong with this script in general, so I am going to post the whole thing.

Here is where I am testing it out.. username: Tim , password: password, but doesn't work..

http://cw.davessonicsite.com/php/test.php


heres the code:

[code]

<?php
// we must never forget to start the session
session_start();

if (!$link = mysql_connect('localhost', 'davessonicsite', 'password')){
  echo 'Could not connect to mysql';
  exit;
}


if (!mysql_select_db('davessonicsite', $link)){
  echo 'Could not select database';
  exit;
}

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
    // first check if the number submitted is correct
    $number  = $_POST['txtNumber'];
   
    if (md5($number) == $_SESSION['image_random_value']) {
      //  include 'library/config.php';
      //  include 'library/opendb.php';
       
        $userId  = $_POST['txtUserId'];
        $password = $_POST['txtPassword'];
   
       
        // check if the user id and password combination exist in database

        $sql = "SELECT username
                FROM chaoworld_b
                WHERE username = '$userId' AND password = PASSWORD('$password')";
       
        $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 
       
        if (mysql_num_rows($result) == 1) {
            // the user id and password match, 
            // set the session
            $_SESSION['image_is_logged_in'] = true;

            // remove the random value from session           
            $_SESSION['image_random_value'] = '';
           
            // after login we move to the main page
            header('Location: login.php');
            exit;
        } else {
            $errorMessage = 'Sorry, wrong user id / password';
        }
       
      //  include 'library/closedb.php';
    } else {
        $errorMessage = 'Sorry, wrong number. Please try again';
    }   
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="500" border="1" align="center" cellpadding="2" cellspacing="2">
  <tr>
  <td width="150">User Id</td>
  <td><input name="txtUserId" type="text" id="txtUserId"></td>
  </tr>
  <tr>
  <td width="150">Password</td>
  <td><input name="txtPassword" type="password" id="txtPassword"></td>
  </tr>
  <tr>
  <td width="150">Enter Number</td>
  <td><input name="txtNumber" type="text" id="txtNumber" value="">
    &nbsp;&nbsp;<img src="randomImage.php"></td>
  </tr>

  <tr>
  <td width="150">&nbsp;</td>
  <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
  </tr>
</table>
</form>
</body>
</html>


[/code]
Link to comment
https://forums.phpfreaks.com/topic/16298-trouble-with-a-member-log-in-type-script/
Share on other sites
BillyBoB Regular Member

BillyBoB

Posted
Posted
i think u scripted that weird
try
[code]

<?php
// we must never forget to start the session
session_start();

if (!$link = mysql_connect('localhost', 'davessonicsite', 'password')){
  echo 'Could not connect to mysql';
  exit;
}


if (!mysql_select_db('davessonicsite', $link)){
  echo 'Could not select database';
  exit;
}

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
    // first check if the number submitted is correct
    $number  = $_POST['txtNumber'];
   
    if (md5($number) == $_SESSION['image_random_value']) {
      //  include 'library/config.php';
      //  include 'library/opendb.php';
       
        $userId  = $_POST['txtUserId'];
        $password = $_POST['txtPassword'];
   
       
        // check if the user id and password combination exist in database
        $sql = mysql_query("SELECT * FROM chaoworld_b WHERE username = '$userId' ") or die(mysql_error()); //second change
        $sql = mysql_fetch_array($sql);

        if ($sql['password']==$password) { // I don't really know wat the PASSWORD($password) thing did so i left it out u can add it tho
            // the user id and password match, 
            // set the session
            $_SESSION['image_is_logged_in'] = true;

            // remove the random value from session           
            $_SESSION['image_random_value'] = '';
           
            // after login we move to the main page
            header('Location: login.php');
            exit;
        } else {
            $errorMessage = 'Sorry, wrong user id / password';
        }
       
      //  include 'library/closedb.php';
    } else {
        $errorMessage = 'Sorry, wrong number. Please try again';
    }   
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
if ($errorMessage != '') {  // first change i dont like coding practice u used
echo("<p align=\"center\"><strong><font color=\"#990000\">");
echo $errorMessage;
echo("</font></strong></p> ");
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="500" border="1" align="center" cellpadding="2" cellspacing="2">
  <tr>
  <td width="150">User Id</td>
  <td><input name="txtUserId" type="text" id="txtUserId"></td>
  </tr>
  <tr>
  <td width="150">Password</td>
  <td><input name="txtPassword" type="password" id="txtPassword"></td>
  </tr>
  <tr>
  <td width="150">Enter Number</td>
  <td><input name="txtNumber" type="text" id="txtNumber" value="">
    &nbsp;&nbsp;<img src="randomImage.php"></td>
  </tr>

  <tr>
  <td width="150">&nbsp;</td>
  <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
  </tr>
</table>
</form>
</body>
</html>


[/code]
sw0o0sh Member

sw0o0sh

Posted
  • Author
Posted
I got a little to ahead of myself, the only credential your fix makes me need to log in is the verification code. It will not work..

Go to my test page and see for yourself, all you need to type in is the number and you can log in.. That page is updated with your fix..
BillyBoB Regular Member

BillyBoB

Posted
Posted
that is a easy fix

[code]

<?php
// we must never forget to start the session
session_start();

if (!$link = mysql_connect('localhost', 'davessonicsite', 'password')){
  echo 'Could not connect to mysql';
  exit;
}


if (!mysql_select_db('davessonicsite', $link)){
  echo 'Could not select database';
  exit;
}

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
    // first check if the number submitted is correct
    $number  = $_POST['txtNumber'];
   
    if (md5($number) == $_SESSION['image_random_value']) {
      //  include 'library/config.php';
      //  include 'library/opendb.php';
       
        $userId  = $_POST['txtUserId'];
        $password = $_POST['txtPassword'];
   
       
        // check if the user id and password combination exist in database
        $sql = mysql_query("SELECT * FROM chaoworld_b WHERE username = '$userId' ") or die(mysql_error()); //second change
        $sql = mysql_fetch_array($sql);
        if($userId==''|$password==''){
            $errorMessage = 'Sorry, you left somthing blank!';
           
        }else{
        if ($sql['password']==$password) { // I don't really know wat the PASSWORD($password) thing did so i left it out u can add it tho
            // the user id and password match, 
            // set the session
            $_SESSION['image_is_logged_in'] = true;

            // remove the random value from session           
            $_SESSION['image_random_value'] = '';
           
            // after login we move to the main page
            header('Location: login.php');
            exit;
        } else {
            $errorMessage = 'Sorry, wrong user id / password';
        }
        }
      //  include 'library/closedb.php';
    } else {
        $errorMessage = 'Sorry, wrong number. Please try again';
    }   
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
if ($errorMessage != '') {  // first change i dont like coding practice u used
echo("<p align=\"center\"><strong><font color=\"#990000\">");
echo $errorMessage;
echo("</font></strong></p> ");
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="500" border="1" align="center" cellpadding="2" cellspacing="2">
  <tr>
  <td width="150">User Id</td>
  <td><input name="txtUserId" type="text" id="txtUserId"></td>
  </tr>
  <tr>
  <td width="150">Password</td>
  <td><input name="txtPassword" type="password" id="txtPassword"></td>
  </tr>
  <tr>
  <td width="150">Enter Number</td>
  <td><input name="txtNumber" type="text" id="txtNumber" value="">
    &nbsp;&nbsp;<img src="randomImage.php"></td>
  </tr>

  <tr>
  <td width="150">&nbsp;</td>
  <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
  </tr>
</table>
</form>
</body>
</html>


[/code]

try it again plz it was the exit();
u didnt put the () on urs thats why it dont work the same as mine

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.