Jump to content

Archived

This topic is now archived and is closed to further replies.

sw0o0sh

Trouble with a member log-in type script

Recommended Posts

Hi, I'm not really any good at PHP or MySQL, hence why I am here. This script is not working, and I tried everything in my 'knowledge' to try and get it to work. I created a username 'Tim' with the password 'password' on a table called "chaoworld_b" without quotes in my database to test out on this script. Unforunately, it still says "invalid user ID / Password". Another thing that makes this script bit more complex is it includes an anti-spam key required to type in. When I type it in the right way, apparently my script knows I did, but when I type in my username and password the right way, it says it is invalid.

The query is:

[code]
$sql = "SELECT username
FROM chaoworld_b
WHERE username = '$userId' AND password = PASSWORD('$password')";
[/code]

And in chaoworld_b , as said before, I have the rows username and password.

I have no clue whats wrong with this script in general, so I am going to post the whole thing.

Here is where I am testing it out.. username: Tim , password: password, but doesn't work..

http://cw.davessonicsite.com/php/test.php


heres the code:

[code]

<?php
// we must never forget to start the session
session_start();

if (!$link = mysql_connect('localhost', 'davessonicsite', 'password')){
  echo 'Could not connect to mysql';
  exit;
}


if (!mysql_select_db('davessonicsite', $link)){
  echo 'Could not select database';
  exit;
}

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
    // first check if the number submitted is correct
    $number  = $_POST['txtNumber'];
   
    if (md5($number) == $_SESSION['image_random_value']) {
      //  include 'library/config.php';
      //  include 'library/opendb.php';
       
        $userId  = $_POST['txtUserId'];
        $password = $_POST['txtPassword'];
   
       
        // check if the user id and password combination exist in database

        $sql = "SELECT username
                FROM chaoworld_b
                WHERE username = '$userId' AND password = PASSWORD('$password')";
       
        $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 
       
        if (mysql_num_rows($result) == 1) {
            // the user id and password match, 
            // set the session
            $_SESSION['image_is_logged_in'] = true;

            // remove the random value from session           
            $_SESSION['image_random_value'] = '';
           
            // after login we move to the main page
            header('Location: login.php');
            exit;
        } else {
            $errorMessage = 'Sorry, wrong user id / password';
        }
       
      //  include 'library/closedb.php';
    } else {
        $errorMessage = 'Sorry, wrong number. Please try again';
    }   
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="500" border="1" align="center" cellpadding="2" cellspacing="2">
  <tr>
  <td width="150">User Id</td>
  <td><input name="txtUserId" type="text" id="txtUserId"></td>
  </tr>
  <tr>
  <td width="150">Password</td>
  <td><input name="txtPassword" type="password" id="txtPassword"></td>
  </tr>
  <tr>
  <td width="150">Enter Number</td>
  <td><input name="txtNumber" type="text" id="txtNumber" value="">
    &nbsp;&nbsp;<img src="randomImage.php"></td>
  </tr>

  <tr>
  <td width="150">&nbsp;</td>
  <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
  </tr>
</table>
</form>
</body>
</html>


[/code]

Share this post


Link to post
Share on other sites
Try changing the query to this:
[code]$sql = "SELECT username
FROM chaoworld_b
WHERE username = '$userId' AND password = '$password'";[/code]

Share this post


Link to post
Share on other sites
i think u scripted that weird
try
[code]

<?php
// we must never forget to start the session
session_start();

if (!$link = mysql_connect('localhost', 'davessonicsite', 'password')){
  echo 'Could not connect to mysql';
  exit;
}


if (!mysql_select_db('davessonicsite', $link)){
  echo 'Could not select database';
  exit;
}

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
    // first check if the number submitted is correct
    $number  = $_POST['txtNumber'];
   
    if (md5($number) == $_SESSION['image_random_value']) {
      //  include 'library/config.php';
      //  include 'library/opendb.php';
       
        $userId  = $_POST['txtUserId'];
        $password = $_POST['txtPassword'];
   
       
        // check if the user id and password combination exist in database
        $sql = mysql_query("SELECT * FROM chaoworld_b WHERE username = '$userId' ") or die(mysql_error()); //second change
        $sql = mysql_fetch_array($sql);

        if ($sql['password']==$password) { // I don't really know wat the PASSWORD($password) thing did so i left it out u can add it tho
            // the user id and password match, 
            // set the session
            $_SESSION['image_is_logged_in'] = true;

            // remove the random value from session           
            $_SESSION['image_random_value'] = '';
           
            // after login we move to the main page
            header('Location: login.php');
            exit;
        } else {
            $errorMessage = 'Sorry, wrong user id / password';
        }
       
      //  include 'library/closedb.php';
    } else {
        $errorMessage = 'Sorry, wrong number. Please try again';
    }   
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
if ($errorMessage != '') {  // first change i dont like coding practice u used
echo("<p align=\"center\"><strong><font color=\"#990000\">");
echo $errorMessage;
echo("</font></strong></p> ");
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="500" border="1" align="center" cellpadding="2" cellspacing="2">
  <tr>
  <td width="150">User Id</td>
  <td><input name="txtUserId" type="text" id="txtUserId"></td>
  </tr>
  <tr>
  <td width="150">Password</td>
  <td><input name="txtPassword" type="password" id="txtPassword"></td>
  </tr>
  <tr>
  <td width="150">Enter Number</td>
  <td><input name="txtNumber" type="text" id="txtNumber" value="">
    &nbsp;&nbsp;<img src="randomImage.php"></td>
  </tr>

  <tr>
  <td width="150">&nbsp;</td>
  <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
  </tr>
</table>
</form>
</body>
</html>


[/code]

Share this post


Link to post
Share on other sites
I got a little to ahead of myself, the only credential your fix makes me need to log in is the verification code. It will not work..

Go to my test page and see for yourself, all you need to type in is the number and you can log in.. That page is updated with your fix..

Share this post


Link to post
Share on other sites
that is a easy fix

[code]

<?php
// we must never forget to start the session
session_start();

if (!$link = mysql_connect('localhost', 'davessonicsite', 'password')){
  echo 'Could not connect to mysql';
  exit;
}


if (!mysql_select_db('davessonicsite', $link)){
  echo 'Could not select database';
  exit;
}

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
    // first check if the number submitted is correct
    $number  = $_POST['txtNumber'];
   
    if (md5($number) == $_SESSION['image_random_value']) {
      //  include 'library/config.php';
      //  include 'library/opendb.php';
       
        $userId  = $_POST['txtUserId'];
        $password = $_POST['txtPassword'];
   
       
        // check if the user id and password combination exist in database
        $sql = mysql_query("SELECT * FROM chaoworld_b WHERE username = '$userId' ") or die(mysql_error()); //second change
        $sql = mysql_fetch_array($sql);
        if($userId==''|$password==''){
            $errorMessage = 'Sorry, you left somthing blank!';
           
        }else{
        if ($sql['password']==$password) { // I don't really know wat the PASSWORD($password) thing did so i left it out u can add it tho
            // the user id and password match, 
            // set the session
            $_SESSION['image_is_logged_in'] = true;

            // remove the random value from session           
            $_SESSION['image_random_value'] = '';
           
            // after login we move to the main page
            header('Location: login.php');
            exit;
        } else {
            $errorMessage = 'Sorry, wrong user id / password';
        }
        }
      //  include 'library/closedb.php';
    } else {
        $errorMessage = 'Sorry, wrong number. Please try again';
    }   
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
if ($errorMessage != '') {  // first change i dont like coding practice u used
echo("<p align=\"center\"><strong><font color=\"#990000\">");
echo $errorMessage;
echo("</font></strong></p> ");
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="500" border="1" align="center" cellpadding="2" cellspacing="2">
  <tr>
  <td width="150">User Id</td>
  <td><input name="txtUserId" type="text" id="txtUserId"></td>
  </tr>
  <tr>
  <td width="150">Password</td>
  <td><input name="txtPassword" type="password" id="txtPassword"></td>
  </tr>
  <tr>
  <td width="150">Enter Number</td>
  <td><input name="txtNumber" type="text" id="txtNumber" value="">
    &nbsp;&nbsp;<img src="randomImage.php"></td>
  </tr>

  <tr>
  <td width="150">&nbsp;</td>
  <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
  </tr>
</table>
</form>
</body>
</html>


[/code]

try it again plz it was the exit();
u didnt put the () on urs thats why it dont work the same as mine

Share this post


Link to post
Share on other sites
Well thanks, but now when somebody only types in the verification code.. , or types in just the name and the verification code , or password + verification code, they get a blank page

Share this post


Link to post
Share on other sites
Alright, thanks for helping me settling this :)

Time to work on the other hell of it.

Share this post


Link to post
Share on other sites
lol tell me about it i have been working a site for like a month
http://dreamshowstudios.net

:)

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.