Jump to content

Trouble with a member log-in type script


sw0o0sh

Recommended Posts

Hi, I'm not really any good at PHP or MySQL, hence why I am here. This script is not working, and I tried everything in my 'knowledge' to try and get it to work. I created a username 'Tim' with the password 'password' on a table called "chaoworld_b" without quotes in my database to test out on this script. Unforunately, it still says "invalid user ID / Password". Another thing that makes this script bit more complex is it includes an anti-spam key required to type in. When I type it in the right way, apparently my script knows I did, but when I type in my username and password the right way, it says it is invalid.

The query is:

[code]
$sql = "SELECT username
FROM chaoworld_b
WHERE username = '$userId' AND password = PASSWORD('$password')";
[/code]

And in chaoworld_b , as said before, I have the rows username and password.

I have no clue whats wrong with this script in general, so I am going to post the whole thing.

Here is where I am testing it out.. username: Tim , password: password, but doesn't work..

http://cw.davessonicsite.com/php/test.php


heres the code:

[code]

<?php
// we must never forget to start the session
session_start();

if (!$link = mysql_connect('localhost', 'davessonicsite', 'password')){
  echo 'Could not connect to mysql';
  exit;
}


if (!mysql_select_db('davessonicsite', $link)){
  echo 'Could not select database';
  exit;
}

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
    // first check if the number submitted is correct
    $number  = $_POST['txtNumber'];
   
    if (md5($number) == $_SESSION['image_random_value']) {
      //  include 'library/config.php';
      //  include 'library/opendb.php';
       
        $userId  = $_POST['txtUserId'];
        $password = $_POST['txtPassword'];
   
       
        // check if the user id and password combination exist in database

        $sql = "SELECT username
                FROM chaoworld_b
                WHERE username = '$userId' AND password = PASSWORD('$password')";
       
        $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 
       
        if (mysql_num_rows($result) == 1) {
            // the user id and password match, 
            // set the session
            $_SESSION['image_is_logged_in'] = true;

            // remove the random value from session           
            $_SESSION['image_random_value'] = '';
           
            // after login we move to the main page
            header('Location: login.php');
            exit;
        } else {
            $errorMessage = 'Sorry, wrong user id / password';
        }
       
      //  include 'library/closedb.php';
    } else {
        $errorMessage = 'Sorry, wrong number. Please try again';
    }   
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="500" border="1" align="center" cellpadding="2" cellspacing="2">
  <tr>
  <td width="150">User Id</td>
  <td><input name="txtUserId" type="text" id="txtUserId"></td>
  </tr>
  <tr>
  <td width="150">Password</td>
  <td><input name="txtPassword" type="password" id="txtPassword"></td>
  </tr>
  <tr>
  <td width="150">Enter Number</td>
  <td><input name="txtNumber" type="text" id="txtNumber" value="">
    &nbsp;&nbsp;<img src="randomImage.php"></td>
  </tr>

  <tr>
  <td width="150">&nbsp;</td>
  <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
  </tr>
</table>
</form>
</body>
</html>


[/code]
Link to comment
Share on other sites

i think u scripted that weird
try
[code]

<?php
// we must never forget to start the session
session_start();

if (!$link = mysql_connect('localhost', 'davessonicsite', 'password')){
  echo 'Could not connect to mysql';
  exit;
}


if (!mysql_select_db('davessonicsite', $link)){
  echo 'Could not select database';
  exit;
}

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
    // first check if the number submitted is correct
    $number  = $_POST['txtNumber'];
   
    if (md5($number) == $_SESSION['image_random_value']) {
      //  include 'library/config.php';
      //  include 'library/opendb.php';
       
        $userId  = $_POST['txtUserId'];
        $password = $_POST['txtPassword'];
   
       
        // check if the user id and password combination exist in database
        $sql = mysql_query("SELECT * FROM chaoworld_b WHERE username = '$userId' ") or die(mysql_error()); //second change
        $sql = mysql_fetch_array($sql);

        if ($sql['password']==$password) { // I don't really know wat the PASSWORD($password) thing did so i left it out u can add it tho
            // the user id and password match, 
            // set the session
            $_SESSION['image_is_logged_in'] = true;

            // remove the random value from session           
            $_SESSION['image_random_value'] = '';
           
            // after login we move to the main page
            header('Location: login.php');
            exit;
        } else {
            $errorMessage = 'Sorry, wrong user id / password';
        }
       
      //  include 'library/closedb.php';
    } else {
        $errorMessage = 'Sorry, wrong number. Please try again';
    }   
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
if ($errorMessage != '') {  // first change i dont like coding practice u used
echo("<p align=\"center\"><strong><font color=\"#990000\">");
echo $errorMessage;
echo("</font></strong></p> ");
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="500" border="1" align="center" cellpadding="2" cellspacing="2">
  <tr>
  <td width="150">User Id</td>
  <td><input name="txtUserId" type="text" id="txtUserId"></td>
  </tr>
  <tr>
  <td width="150">Password</td>
  <td><input name="txtPassword" type="password" id="txtPassword"></td>
  </tr>
  <tr>
  <td width="150">Enter Number</td>
  <td><input name="txtNumber" type="text" id="txtNumber" value="">
    &nbsp;&nbsp;<img src="randomImage.php"></td>
  </tr>

  <tr>
  <td width="150">&nbsp;</td>
  <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
  </tr>
</table>
</form>
</body>
</html>


[/code]
Link to comment
Share on other sites

I got a little to ahead of myself, the only credential your fix makes me need to log in is the verification code. It will not work..

Go to my test page and see for yourself, all you need to type in is the number and you can log in.. That page is updated with your fix..
Link to comment
Share on other sites

that is a easy fix

[code]

<?php
// we must never forget to start the session
session_start();

if (!$link = mysql_connect('localhost', 'davessonicsite', 'password')){
  echo 'Could not connect to mysql';
  exit;
}


if (!mysql_select_db('davessonicsite', $link)){
  echo 'Could not select database';
  exit;
}

$errorMessage = '';
if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) {
    // first check if the number submitted is correct
    $number  = $_POST['txtNumber'];
   
    if (md5($number) == $_SESSION['image_random_value']) {
      //  include 'library/config.php';
      //  include 'library/opendb.php';
       
        $userId  = $_POST['txtUserId'];
        $password = $_POST['txtPassword'];
   
       
        // check if the user id and password combination exist in database
        $sql = mysql_query("SELECT * FROM chaoworld_b WHERE username = '$userId' ") or die(mysql_error()); //second change
        $sql = mysql_fetch_array($sql);
        if($userId==''|$password==''){
            $errorMessage = 'Sorry, you left somthing blank!';
           
        }else{
        if ($sql['password']==$password) { // I don't really know wat the PASSWORD($password) thing did so i left it out u can add it tho
            // the user id and password match, 
            // set the session
            $_SESSION['image_is_logged_in'] = true;

            // remove the random value from session           
            $_SESSION['image_random_value'] = '';
           
            // after login we move to the main page
            header('Location: login.php');
            exit;
        } else {
            $errorMessage = 'Sorry, wrong user id / password';
        }
        }
      //  include 'library/closedb.php';
    } else {
        $errorMessage = 'Sorry, wrong number. Please try again';
    }   
}
?>
<html>
<head>
<title>Basic Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<?php
if ($errorMessage != '') {  // first change i dont like coding practice u used
echo("<p align=\"center\"><strong><font color=\"#990000\">");
echo $errorMessage;
echo("</font></strong></p> ");
}
?>
<form action="" method="post" name="frmLogin" id="frmLogin">
<table width="500" border="1" align="center" cellpadding="2" cellspacing="2">
  <tr>
  <td width="150">User Id</td>
  <td><input name="txtUserId" type="text" id="txtUserId"></td>
  </tr>
  <tr>
  <td width="150">Password</td>
  <td><input name="txtPassword" type="password" id="txtPassword"></td>
  </tr>
  <tr>
  <td width="150">Enter Number</td>
  <td><input name="txtNumber" type="text" id="txtNumber" value="">
    &nbsp;&nbsp;<img src="randomImage.php"></td>
  </tr>

  <tr>
  <td width="150">&nbsp;</td>
  <td><input name="btnLogin" type="submit" id="btnLogin" value="Login"></td>
  </tr>
</table>
</form>
</body>
</html>


[/code]

try it again plz it was the exit();
u didnt put the () on urs thats why it dont work the same as mine
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.