Jump to content


Photo

Help with this code (login system)


  • Please log in to reply
16 replies to this topic

#1 Elusid

Elusid
  • Members
  • PipPipPip
  • Advanced Member
  • 38 posts

Posted 05 August 2006 - 06:14 AM

Ok so I have a login system I got from a tutorial and I am having some problems getting it to work right. I want it so that it will only let you see a page if you are registered. This is what I have

<?php
 session_start();
 include("login.php")
 include("database.php")


if($logged_in){?>
<!-------->
<body bgcolor='000000' text='ffffff' link='880000' vlink='880000' alink='880000'>

Welcome to the Flame Licker file hosting section. You can upload files here to use on forums, blogs, or anything that needs 

a file to be saved. The max upload size is 2.5MB's. DO NOT upload copyrighted material because it will be deleted. Enjoy! 

<p>

<center>
<form id="form1" name="form1" enctype="multipart/form-data" method="post" action="upload.php">
Max upload size: 2500kb
<input name="file" type="file">
<input type='submit' value='submit'>
</form>
</center>

</body>
<!-------->
<?php
      } 
      else{ 
 ?>
<body bgcolor='000000' text='ffffff' link='880000' vlink='880000' alink='880000'>
I'm sorry, you need to be registered to use this function on the site. 
</body>
<?php
      } 
   
?>

and this is the error I get


Parse error: parse error, unexpected T_INCLUDE in /home/www/flamelicker.com/newsite/uploads/filehosting.php on line 4


#2 Prismatic

Prismatic
  • Members
  • PipPipPip
  • Advanced Member
  • 503 posts
  • LocationSan Diego

Posted 05 August 2006 - 06:16 AM

You're missing a ";" at the end of your includes.

<?php
 include("login.php");
 include("database.php");
?>

Will fix the issue.

#3 Elusid

Elusid
  • Members
  • PipPipPip
  • Advanced Member
  • 38 posts

Posted 05 August 2006 - 06:35 AM

Hmm ok that fixed one part but now it brought up another.

Here is my code now for the page I want protected.

<?php
 session_start();
 include("login.php");
 include("database.php");


if($logged_in){?>
<!-------->
<body bgcolor='000000' text='ffffff' link='880000' vlink='880000' alink='880000'>

Welcome to the Flame Licker file hosting section. You can upload files here to use on forums, blogs, or anything that needs a file to be saved. The max upload size is 2.5MB's. DO NOT upload copyrighted material because it will be deleted. Enjoy! <p>

<center>
<form id="form1" name="form1" enctype="multipart/form-data" method="post" action="upload.php">
Max upload size: 2500kb
<input name="file" type="file">
<input type='submit' value='submit'>
</form>
</center>

</body>
<!-------->
<?php
      } 
      else{ 
 ?>
<body bgcolor='000000' text='ffffff' link='880000' vlink='880000' alink='880000'>
I'm sorry, you need to be registered to use this function on the site. 
</body>
<?php
      } 
   
?>

this is the error I get

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/www/flamelicker.com/newsite/uploads/login.php on line 14
I'm sorry, you need to be registered to use this function on the site.

so I went over to login.php and this is what I have

<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<?


function confirmUser($username, $password){
   global $conn;
   
   if(!get_magic_quotes_gpc()) {
	$username = addslashes($username);
   }

   
    $q = "select password from users where username = '$username'"; 
    $result = mysql_query($q,$conn); 
    if(!$result || (mysql_numrows($result) < 1)){ 
       return 1; //Indicates username failure 
    }

   
   $dbarray = mysql_fetch_array($result);
   $dbarray['password']  = stripslashes($dbarray['password']);
   $password = stripslashes($password);

  
   if($password == $dbarray['password']){
      return 0; //Success! Username and password confirmed
   }
   else{
      return 2; //Indicates password failure
   }
}


function checkLogin(){
   
   if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
      $_SESSION['username'] = $_COOKIE['cookname'];
      $_SESSION['password'] = $_COOKIE['cookpass'];
   }

  
   if(isset($_SESSION['username']) && isset($_SESSION['password'])){
      
      if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
         
         unset($_SESSION['username']);
         unset($_SESSION['password']);
         return false;
      }
      return true;
   }
  
   else{
      return false;
   }
}


function displayLogin(){
   global $logged_in;
   if($logged_in){
      echo "<h1>Logged In!</h1>";
      echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";
   }
   else{
?>

<h1>Login</h1>
<form action="" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username</td></tr>
<tr><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password</td></tr>
<tr><td><input type="password" name="pass" maxlength="32"></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember">
<font size="2">Remember me next time</td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
<tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr>
</table>
</form>

<?
   }
}



if(isset($_POST['sublogin'])){
   
   if(!$_POST['user'] || !$_POST['pass']){
      die('You didn\'t fill in a required field.');
   }
   
   $_POST['user'] = trim($_POST['user']);
   if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
   }

   
   $md5pass = md5($_POST['pass']);
   $result = confirmUser($_POST['user'], $md5pass);

  
   if($result == 1){
      die('That username doesn\'t exist in our database.');
   }
   else if($result == 2){
      die('Incorrect password, please try again.');
   }

  
   $_POST['user'] = stripslashes($_POST['user']);
   $_SESSION['username'] = $_POST['user'];
   $_SESSION['password'] = $md5pass;

 
   if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
   }

 
   echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
   return;
}


$logged_in = checkLogin();

?>
</body>

All I want this to do is check if the user is loged in and if they are show them the page and if not don't! AH!

#4 beamerrox

beamerrox
  • Members
  • PipPipPip
  • Advanced Member
  • 35 posts
  • LocationGrimshaw, Alberta, Canada

Posted 05 August 2006 - 06:40 AM

how do you add the username to the database? try using no addslashes or try stripslashes

#5 Elusid

Elusid
  • Members
  • PipPipPip
  • Advanced Member
  • 38 posts

Posted 05 August 2006 - 06:49 AM

Well the username is alreary there. This is just to make it so that people who are already registered can view the page.

#6 beamerrox

beamerrox
  • Members
  • PipPipPip
  • Advanced Member
  • 35 posts
  • LocationGrimshaw, Alberta, Canada

Posted 05 August 2006 - 06:50 AM

how do people register, do you addslashes while inserting their name into the db, or do you just add it plain?

#7 Elusid

Elusid
  • Members
  • PipPipPip
  • Advanced Member
  • 38 posts

Posted 05 August 2006 - 06:59 AM

IDK I used this

http://evolt.org/art...0265/index.html

NVM I got it

#8 hostfreak

hostfreak
  • Members
  • PipPipPip
  • Advanced Member
  • 581 posts

Posted 05 August 2006 - 08:03 AM

Too late I guess, anyways I suspect the problem was:

$q = "select password from users where username = '$username'";

should be:

$q = "select password from users where username = $username";

On your login.php file.

#9 ignace

ignace
  • Moderators
  • Now mod flavored
  • 6,429 posts
  • LocationBelgium

Posted 05 August 2006 - 02:04 PM

hostfreak the problem surely doesn't rely in the fact he used single quotes in his query

#10 hostfreak

hostfreak
  • Members
  • PipPipPip
  • Advanced Member
  • 581 posts

Posted 05 August 2006 - 02:48 PM

Alright, for my own knowledge, can you tell me where the problem does rely?

#11 hostfreak

hostfreak
  • Members
  • PipPipPip
  • Advanced Member
  • 581 posts

Posted 05 August 2006 - 03:18 PM

doesn't matter it's solved, case closed.


I am just asking for my own knowledge. It matters to me. So if you do not know, dont respond. I would still like the op to post what the problem was.

#12 beamerrox

beamerrox
  • Members
  • PipPipPip
  • Advanced Member
  • 35 posts
  • LocationGrimshaw, Alberta, Canada

Posted 05 August 2006 - 05:30 PM

@Elusid: use the "Login System with administration panel" version of JP's OLD script

#13 Elusid

Elusid
  • Members
  • PipPipPip
  • Advanced Member
  • 38 posts

Posted 06 August 2006 - 05:55 AM

Ok well hello again ppl and I have a new problem. I tryed to put in a system where it would have a "Re type password" and users arn't able to. It keeps saying the registration failed error.

Register.php

<?
session_start(); 


function usernameTaken($username){
   global $conn;
   if(!get_magic_quotes_gpc()){
      $username = addslashes($username);
   }
   $q = "select username from users where username = '$username'";
   $result = mysql_query($q,$conn);
   return (mysql_numrows($result) > 0);
}


function addNewUser($username, $password){
   global $conn;
   $q = "INSERT INTO users VALUES ('$username', '$password')";
   return mysql_query($q,$conn);
}


function displayStatus(){
   $uname = $_SESSION['reguname'];
   if($_SESSION['regresult']){
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registered!</h1>
<p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p>
</body>
</html>


<?
   }
   else{
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registration Failed</h1>
<p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
Please try again at a later time.</p>
</body>
</html>

<?
   }
   unset($_SESSION['reguname']);
   unset($_SESSION['registered']);
   unset($_SESSION['regresult']);
}

if(isset($_SESSION['registered'])){

?>

<html>
<title>Registration Page</title>
<body>

<? displayStatus(); ?>

</body>
</html>

<?
   return;
}


if(isset($_POST['subjoin'])){ 
    
    if(!$_POST['user'] || !$_POST['pass'] || !$_POST['passcon']){ 
       die('You didn\'t fill in a required field.'); 
    }

if($_POST['pass'] <> $_POST['passcon']){ 
 die('Error, your password didn\'t match.'); 
 }

   
   $_POST['user'] = trim($_POST['user']);
   if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
   }

   
   if(usernameTaken($_POST['user'])){
      $use = $_POST['user'];
      die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
   }

  
   $md5pass = md5($_POST['pass']);
   $_SESSION['reguname'] = $_POST['user'];
   $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);
   $_SESSION['registered'] = true;
   echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
   return;
}
else{

?>
<html>
<title>Registration Page</title>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Register</h1>
<form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username</td></tr>
<tr><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password</td></tr>
<tr><td><input type="password" name="pass" maxlength="32"></td></tr>
<tr><td>Re-type Password</td></tr>
<tr><td><input type="password" name="passcon" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
</table>
</form>
</body>
</html>


<?
}
?>




#14 hostfreak

hostfreak
  • Members
  • PipPipPip
  • Advanced Member
  • 581 posts

Posted 06 August 2006 - 06:11 AM

I am not 100% sure if this will work, but it is worth a try:

<?
session_start(); 


function usernameTaken($username){
   global $conn;
   if(!get_magic_quotes_gpc()){
      $username = addslashes($username);
   }
   $q = "select username from users where username = '$username'";
   $result = mysql_query($q,$conn);
   return (mysql_numrows($result) > 0);
}


function addNewUser($username, $password){
   global $conn;
   $q = "INSERT INTO users VALUES ('$username', '$password')";
   return mysql_query($q,$conn);
}


function displayStatus(){
   $uname = $_SESSION['reguname'];
   if($_SESSION['regresult']){
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registered!</h1>
<p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p>
</body>
</html>


<?
   }
   else{
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registration Failed</h1>
<p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
Please try again at a later time.</p>
</body>
</html>

<?
   }
   unset($_SESSION['reguname']);
   unset($_SESSION['registered']);
   unset($_SESSION['regresult']);
}

if(isset($_SESSION['registered'])){

?>

<html>
<title>Registration Page</title>
<body>

<? displayStatus(); ?>

</body>
</html>

<?
   return;
}


if(isset($_POST['subjoin'])){ 
    
    if(!$_POST['user'] || !$_POST['pass'] || !$_POST['passcon']){ 
       die('You didn\'t fill in a required field.'); 
    }

if($_POST['pass'] == $_POST['passcon']){ 
$result = 1;
return $result;
 } else {
die('Error, your password didn\'t match.'); 
}

   
   $_POST['user'] = trim($_POST['user']);
   if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
   }

   
   if(usernameTaken($_POST['user'])){
      $use = $_POST['user'];
      die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
   }

  
   $md5pass = md5($_POST['pass']);
   $_SESSION['reguname'] = $_POST['user'];
   $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);
   $_SESSION['registered'] = true;
   echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
   return;
}
else{

?>
<html>
<title>Registration Page</title>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Register</h1>
<form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username</td></tr>
<tr><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password</td></tr>
<tr><td><input type="password" name="pass" maxlength="32"></td></tr>
<tr><td>Re-type Password</td></tr>
<tr><td><input type="password" name="passcon" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
</table>
</form>
</body>
</html>


<?
}
?>


#15 Elusid

Elusid
  • Members
  • PipPipPip
  • Advanced Member
  • 38 posts

Posted 06 August 2006 - 06:14 AM

Nope. It doesn't show anything now and still doesn't add a user


#16 hostfreak

hostfreak
  • Members
  • PipPipPip
  • Advanced Member
  • 581 posts

Posted 06 August 2006 - 06:17 AM

Try:

<?
session_start(); 


function usernameTaken($username){
   global $conn;
   if(!get_magic_quotes_gpc()){
      $username = addslashes($username);
   }
   $q = "select username from users where username = '$username'";
   $result = mysql_query($q,$conn);
   return (mysql_numrows($result) > 0);
}


function addNewUser($username, $password){
   global $conn;
   $q = "INSERT INTO users VALUES ('$username', '$password')";
   return mysql_query($q,$conn);
}


function displayStatus(){
   $uname = $_SESSION['reguname'];
   if($_SESSION['regresult']){
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registered!</h1>
<p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p>
</body>
</html>


<?
   }
   else{
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registration Failed</h1>
<p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
Please try again at a later time.</p>
</body>
</html>

<?
   }
   unset($_SESSION['reguname']);
   unset($_SESSION['registered']);
   unset($_SESSION['regresult']);
}

if(isset($_SESSION['registered'])){

?>

<html>
<title>Registration Page</title>
<body>

<? displayStatus(); ?>

</body>
</html>

<?
   return;
}


if(isset($_POST['subjoin'])){ 
    
    if(!$_POST['user'] || !$_POST['pass'] || !$_POST['passcon']){ 
       die('You didn\'t fill in a required field.'); 
    }

if($_POST['pass'] != $_POST['passcon']){ 
 die('Error, your password didn\'t match.'); 
 }

   
   $_POST['user'] = trim($_POST['user']);
   if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
   }

   
   if(usernameTaken($_POST['user'])){
      $use = $_POST['user'];
      die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
   }

  
   $md5pass = md5($_POST['pass']);
   $_SESSION['reguname'] = $_POST['user'];
   $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);
   $_SESSION['registered'] = true;
   echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
   return;
}
else{

?>
<html>
<title>Registration Page</title>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Register</h1>
<form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username</td></tr>
<tr><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password</td></tr>
<tr><td><input type="password" name="pass" maxlength="32"></td></tr>
<tr><td>Re-type Password</td></tr>
<tr><td><input type="password" name="passcon" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
</table>
</form>
</body>
</html>


<?
}
?>

I am pretty sure that will work. It's the way you originally had it but instead of using the greater than or less than operator to see if the passwords didn't match I used the Non-equivalence operator (!=)

#17 Elusid

Elusid
  • Members
  • PipPipPip
  • Advanced Member
  • 38 posts

Posted 06 August 2006 - 06:42 AM

Nope still get the same prob...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users