Jump to content


Photo

Trouble with a member log-in type script


  • Please log in to reply
13 replies to this topic

#1 sw0o0sh

sw0o0sh
  • Members
  • PipPipPip
  • Advanced Member
  • 151 posts
  • LocationMassachusetts

Posted 02 August 2006 - 07:18 AM

Hi, I'm not really any good at PHP or MySQL, hence why I am here. This script is not working, and I tried everything in my 'knowledge' to try and get it to work. I created a username 'Tim' with the password 'password' on a table called "chaoworld_b" without quotes in my database to test out on this script. Unforunately, it still says "invalid user ID / Password". Another thing that makes this script bit more complex is it includes an anti-spam key required to type in. When I type it in the right way, apparently my script knows I did, but when I type in my username and password the right way, it says it is invalid.

The query is:

$sql = "SELECT username 
FROM chaoworld_b 
WHERE username = '$userId' AND password = PASSWORD('$password')"; 

And in chaoworld_b , as said before, I have the rows username and password.

I have no clue whats wrong with this script in general, so I am going to post the whole thing.

Here is where I am testing it out.. username: Tim , password: password, but doesn't work..

http://cw.davessonic...om/php/test.php


heres the code:


<?php 
// we must never forget to start the session 
session_start(); 

if (!$link = mysql_connect('localhost', 'davessonicsite', 'password')){
   echo 'Could not connect to mysql';
   exit;
}


if (!mysql_select_db('davessonicsite', $link)){
   echo 'Could not select database';
   exit;
}

$errorMessage = ''; 
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { 
    // first check if the number submitted is correct 
    $number   = $_POST['txtNumber']; 
     
    if (md5($number) == $_SESSION['image_random_value']) { 
      //  include 'library/config.php'; 
      //  include 'library/opendb.php'; 
         
        $userId   = $_POST['txtUserId']; 
        $password = $_POST['txtPassword']; 
     
         
        // check if the user id and password combination exist in database 

        $sql = "SELECT username 
                FROM chaoworld_b 
                WHERE username = '$userId' AND password = PASSWORD('$password')"; 
         
        $result = mysql_query($sql) or die('Query failed. ' . mysql_error());  
         
        if (mysql_num_rows($result) == 1) { 
            // the user id and password match,  
            // set the session 
            $_SESSION['image_is_logged_in'] = true; 

            // remove the random value from session             
            $_SESSION['image_random_value'] = ''; 
             
            // after login we move to the main page 
            header('Location: login.php'); 
            exit; 
        } else { 
            $errorMessage = 'Sorry, wrong user id / password'; 
        } 
         
      //  include 'library/closedb.php'; 
    } else { 
        $errorMessage = 'Sorry, wrong number. Please try again'; 
    }     
} 
?> 
<html> 
<head> 
<title>Basic Login</title> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
</head> 

<body> 
<?php 
if ($errorMessage != '') { 
?> 
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p> 
<?php 
} 
?> 
<form action="" method="post" name="frmLogin" id="frmLogin"> 
 <table width="500" border="1" align="center" cellpadding="2" cellspacing="2"> 
  <tr> 
   <td width="150">User Id</td> 
   <td><input name="txtUserId" type="text" id="txtUserId"></td> 
  </tr> 
  <tr> 
   <td width="150">Password</td> 
   <td><input name="txtPassword" type="password" id="txtPassword"></td> 
  </tr> 
  <tr> 
   <td width="150">Enter Number</td> 
   <td><input name="txtNumber" type="text" id="txtNumber" value=""> 
    &nbsp;&nbsp;<img src="randomImage.php"></td> 
  </tr> 

  <tr> 
   <td width="150">&nbsp;</td> 
   <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td> 
  </tr> 
 </table> 
</form> 
</body> 
</html> 




#2 mastermike707

mastermike707
  • Members
  • PipPip
  • Member
  • 23 posts

Posted 02 August 2006 - 07:33 AM

Try changing the query to this:
$sql = "SELECT username 
FROM chaoworld_b 
WHERE username = '$userId' AND password = '$password'";

[url=http://www.mastermike707.com/new/][/url]

#3 BillyBoB

BillyBoB
  • Members
  • PipPipPip
  • Advanced Member
  • 630 posts

Posted 02 August 2006 - 08:00 AM

i think u scripted that weird
try

<?php 
// we must never forget to start the session 
session_start(); 

if (!$link = mysql_connect('localhost', 'davessonicsite', 'password')){
   echo 'Could not connect to mysql';
   exit;
}


if (!mysql_select_db('davessonicsite', $link)){
   echo 'Could not select database';
   exit;
}

$errorMessage = ''; 
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { 
    // first check if the number submitted is correct 
    $number   = $_POST['txtNumber']; 
     
    if (md5($number) == $_SESSION['image_random_value']) { 
      //  include 'library/config.php'; 
      //  include 'library/opendb.php'; 
         
        $userId   = $_POST['txtUserId']; 
        $password = $_POST['txtPassword']; 
     
         
        // check if the user id and password combination exist in database 
        $sql = mysql_query("SELECT * FROM chaoworld_b WHERE username = '$userId' ") or die(mysql_error()); //second change
        $sql = mysql_fetch_array($sql);

        if ($sql['password']==$password) { // I don't really know wat the PASSWORD($password) thing did so i left it out u can add it tho 
            // the user id and password match,  
            // set the session 
            $_SESSION['image_is_logged_in'] = true; 

            // remove the random value from session             
            $_SESSION['image_random_value'] = ''; 
             
            // after login we move to the main page 
            header('Location: login.php'); 
            exit; 
        } else { 
            $errorMessage = 'Sorry, wrong user id / password'; 
        } 
         
      //  include 'library/closedb.php'; 
    } else { 
        $errorMessage = 'Sorry, wrong number. Please try again'; 
    }     
} 
?> 
<html> 
<head> 
<title>Basic Login</title> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
</head> 

<body> 
<?php 
if ($errorMessage != '') {  // first change i dont like coding practice u used 
echo("<p align=\"center\"><strong><font color=\"#990000\">");
echo $errorMessage; 
echo("</font></strong></p> ");
} 
?> 
<form action="" method="post" name="frmLogin" id="frmLogin"> 
 <table width="500" border="1" align="center" cellpadding="2" cellspacing="2"> 
  <tr> 
   <td width="150">User Id</td> 
   <td><input name="txtUserId" type="text" id="txtUserId"></td> 
  </tr> 
  <tr> 
   <td width="150">Password</td> 
   <td><input name="txtPassword" type="password" id="txtPassword"></td> 
  </tr> 
  <tr> 
   <td width="150">Enter Number</td> 
   <td><input name="txtNumber" type="text" id="txtNumber" value=""> 
    &nbsp;&nbsp;<img src="randomImage.php"></td> 
  </tr> 

  <tr> 
   <td width="150">&nbsp;</td> 
   <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td> 
  </tr> 
 </table> 
</form> 
</body> 
</html> 




#4 sw0o0sh

sw0o0sh
  • Members
  • PipPipPip
  • Advanced Member
  • 151 posts
  • LocationMassachusetts

Posted 02 August 2006 - 08:05 AM

WOW, thank you. Finally. Thanks.

#5 BillyBoB

BillyBoB
  • Members
  • PipPipPip
  • Advanced Member
  • 630 posts

Posted 02 August 2006 - 08:22 AM

yep no problem


#6 BillyBoB

BillyBoB
  • Members
  • PipPipPip
  • Advanced Member
  • 630 posts

Posted 02 August 2006 - 08:23 AM

i noticed there is no way to logoff are you building that?

#7 sw0o0sh

sw0o0sh
  • Members
  • PipPipPip
  • Advanced Member
  • 151 posts
  • LocationMassachusetts

Posted 02 August 2006 - 08:31 AM

I got a little to ahead of myself, the only credential your fix makes me need to log in is the verification code. It will not work..

Go to my test page and see for yourself, all you need to type in is the number and you can log in.. That page is updated with your fix..

#8 BillyBoB

BillyBoB
  • Members
  • PipPipPip
  • Advanced Member
  • 630 posts

Posted 02 August 2006 - 09:02 AM

that is a easy fix


<?php 
// we must never forget to start the session 
session_start(); 

if (!$link = mysql_connect('localhost', 'davessonicsite', 'password')){
   echo 'Could not connect to mysql';
   exit;
}


if (!mysql_select_db('davessonicsite', $link)){
   echo 'Could not select database';
   exit;
}

$errorMessage = ''; 
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { 
    // first check if the number submitted is correct 
    $number   = $_POST['txtNumber']; 
     
    if (md5($number) == $_SESSION['image_random_value']) { 
      //  include 'library/config.php'; 
      //  include 'library/opendb.php'; 
         
        $userId   = $_POST['txtUserId']; 
        $password = $_POST['txtPassword']; 
     
         
        // check if the user id and password combination exist in database 
        $sql = mysql_query("SELECT * FROM chaoworld_b WHERE username = '$userId' ") or die(mysql_error()); //second change
        $sql = mysql_fetch_array($sql);
        if($userId==''|$password==''){
            $errorMessage = 'Sorry, you left somthing blank!';
            
        }else{
        if ($sql['password']==$password) { // I don't really know wat the PASSWORD($password) thing did so i left it out u can add it tho 
            // the user id and password match,  
            // set the session 
            $_SESSION['image_is_logged_in'] = true; 

            // remove the random value from session             
            $_SESSION['image_random_value'] = ''; 
             
            // after login we move to the main page 
            header('Location: login.php'); 
            exit; 
        } else { 
            $errorMessage = 'Sorry, wrong user id / password'; 
        } 
        }
      //  include 'library/closedb.php'; 
    } else { 
        $errorMessage = 'Sorry, wrong number. Please try again'; 
    }     
} 
?> 
<html> 
<head> 
<title>Basic Login</title> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
</head> 

<body> 
<?php 
if ($errorMessage != '') {  // first change i dont like coding practice u used 
echo("<p align=\"center\"><strong><font color=\"#990000\">");
echo $errorMessage; 
echo("</font></strong></p> ");
} 
?> 
<form action="" method="post" name="frmLogin" id="frmLogin"> 
 <table width="500" border="1" align="center" cellpadding="2" cellspacing="2"> 
  <tr> 
   <td width="150">User Id</td> 
   <td><input name="txtUserId" type="text" id="txtUserId"></td> 
  </tr> 
  <tr> 
   <td width="150">Password</td> 
   <td><input name="txtPassword" type="password" id="txtPassword"></td> 
  </tr> 
  <tr> 
   <td width="150">Enter Number</td> 
   <td><input name="txtNumber" type="text" id="txtNumber" value=""> 
    &nbsp;&nbsp;<img src="randomImage.php"></td> 
  </tr> 

  <tr> 
   <td width="150">&nbsp;</td> 
   <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td> 
  </tr> 
 </table> 
</form> 
</body> 
</html> 



try it again plz it was the exit();
u didnt put the () on urs thats why it dont work the same as mine

#9 sw0o0sh

sw0o0sh
  • Members
  • PipPipPip
  • Advanced Member
  • 151 posts
  • LocationMassachusetts

Posted 02 August 2006 - 09:07 AM

Yeah but I don't see the problem

#10 BillyBoB

BillyBoB
  • Members
  • PipPipPip
  • Advanced Member
  • 630 posts

Posted 02 August 2006 - 09:08 AM

i fixed it


#11 sw0o0sh

sw0o0sh
  • Members
  • PipPipPip
  • Advanced Member
  • 151 posts
  • LocationMassachusetts

Posted 02 August 2006 - 09:14 AM

Well thanks, but now when somebody only types in the verification code.. , or types in just the name and the verification code , or password + verification code, they get a blank page

#12 BillyBoB

BillyBoB
  • Members
  • PipPipPip
  • Advanced Member
  • 630 posts

Posted 02 August 2006 - 09:17 AM

i redited the last one try now

#13 sw0o0sh

sw0o0sh
  • Members
  • PipPipPip
  • Advanced Member
  • 151 posts
  • LocationMassachusetts

Posted 02 August 2006 - 09:23 AM

Alright, thanks for helping me settling this :)

Time to work on the other hell of it.

#14 BillyBoB

BillyBoB
  • Members
  • PipPipPip
  • Advanced Member
  • 630 posts

Posted 02 August 2006 - 09:29 AM

lol tell me about it i have been working a site for like a month
http://dreamshowstudios.net

:)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users