Jump to content

Archived

This topic is now archived and is closed to further replies.

Elusid

Help with this code (login system)

Recommended Posts

Ok so I have a login system I got from a tutorial and I am having some problems getting it to work right. I want it so that it will only let you see a page if you are registered. This is what I have

[code]
<?php
session_start();
include("login.php")
include("database.php")


if($logged_in){?>
<!-------->
<body bgcolor='000000' text='ffffff' link='880000' vlink='880000' alink='880000'>

Welcome to the Flame Licker file hosting section. You can upload files here to use on forums, blogs, or anything that needs

a file to be saved. The max upload size is 2.5MB's. DO NOT upload copyrighted material because it will be deleted. Enjoy!

<p>

<center>
<form id="form1" name="form1" enctype="multipart/form-data" method="post" action="upload.php">
Max upload size: 2500kb
<input name="file" type="file">
<input type='submit' value='submit'>
</form>
</center>

</body>
<!-------->
<?php
      }
      else{
?>
<body bgcolor='000000' text='ffffff' link='880000' vlink='880000' alink='880000'>
I'm sorry, you need to be registered to use this function on the site.
</body>
<?php
      }
 
?>
[/code]

and this is the error I get


Parse error: parse error, unexpected T_INCLUDE in /home/www/flamelicker.com/newsite/uploads/filehosting.php on line 4

Share this post


Link to post
Share on other sites
You're missing a ";" at the end of your includes.

[code]
<?php
include("login.php");
include("database.php");
?>
[/code]

Will fix the issue.

Share this post


Link to post
Share on other sites
Hmm ok that fixed one part but now it brought up another.

Here is my code now for the page I want protected.

[code]
<?php
session_start();
include("login.php");
include("database.php");


if($logged_in){?>
<!-------->
<body bgcolor='000000' text='ffffff' link='880000' vlink='880000' alink='880000'>

Welcome to the Flame Licker file hosting section. You can upload files here to use on forums, blogs, or anything that needs a file to be saved. The max upload size is 2.5MB's. DO NOT upload copyrighted material because it will be deleted. Enjoy! <p>

<center>
<form id="form1" name="form1" enctype="multipart/form-data" method="post" action="upload.php">
Max upload size: 2500kb
<input name="file" type="file">
<input type='submit' value='submit'>
</form>
</center>

</body>
<!-------->
<?php
      }
      else{
?>
<body bgcolor='000000' text='ffffff' link='880000' vlink='880000' alink='880000'>
I'm sorry, you need to be registered to use this function on the site.
</body>
<?php
      }
 
?>
[/code]

this is the error I get

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/www/flamelicker.com/newsite/uploads/login.php on line 14
I'm sorry, you need to be registered to use this function on the site.

so I went over to login.php and this is what I have

[code]
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<?


function confirmUser($username, $password){
  global $conn;
 
  if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
  }

 
    $q = "select password from users where username = '$username'";
    $result = mysql_query($q,$conn);
    if(!$result || (mysql_numrows($result) < 1)){
      return 1; //Indicates username failure
    }

 
  $dbarray = mysql_fetch_array($result);
  $dbarray['password']  = stripslashes($dbarray['password']);
  $password = stripslashes($password);

 
  if($password == $dbarray['password']){
      return 0; //Success! Username and password confirmed
  }
  else{
      return 2; //Indicates password failure
  }
}


function checkLogin(){
 
  if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
      $_SESSION['username'] = $_COOKIE['cookname'];
      $_SESSION['password'] = $_COOKIE['cookpass'];
  }

 
  if(isset($_SESSION['username']) && isset($_SESSION['password'])){
     
      if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
       
        unset($_SESSION['username']);
        unset($_SESSION['password']);
        return false;
      }
      return true;
  }
 
  else{
      return false;
  }
}


function displayLogin(){
  global $logged_in;
  if($logged_in){
      echo "<h1>Logged In!</h1>";
      echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";
  }
  else{
?>

<h1>Login</h1>
<form action="" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username</td></tr>
<tr><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password</td></tr>
<tr><td><input type="password" name="pass" maxlength="32"></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember">
<font size="2">Remember me next time</td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
<tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr>
</table>
</form>

<?
  }
}



if(isset($_POST['sublogin'])){
 
  if(!$_POST['user'] || !$_POST['pass']){
      die('You didn\'t fill in a required field.');
  }
 
  $_POST['user'] = trim($_POST['user']);
  if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
  }

 
  $md5pass = md5($_POST['pass']);
  $result = confirmUser($_POST['user'], $md5pass);

 
  if($result == 1){
      die('That username doesn\'t exist in our database.');
  }
  else if($result == 2){
      die('Incorrect password, please try again.');
  }

 
  $_POST['user'] = stripslashes($_POST['user']);
  $_SESSION['username'] = $_POST['user'];
  $_SESSION['password'] = $md5pass;


  if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
  }


  echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
  return;
}


$logged_in = checkLogin();

?>
</body>
[/code]

All I want this to do is check if the user is loged in and if they are show them the page and if not don't! AH!

Share this post


Link to post
Share on other sites
how do you add the username to the database? try using no addslashes or try stripslashes

Share this post


Link to post
Share on other sites
Well the username is alreary there. This is just to make it so that people who are already registered can view the page.

Share this post


Link to post
Share on other sites
how do people register, do you addslashes while inserting their name into the db, or do you just add it plain?

Share this post


Link to post
Share on other sites
IDK I used this

http://evolt.org/article/comment/17/60265/index.html

NVM I got it

Share this post


Link to post
Share on other sites
Too late I guess, anyways I suspect the problem was:

$q = "select password from users where username = '$username'";

should be:

$q = "select password from users where username = $username";

On your login.php file.

Share this post


Link to post
Share on other sites
hostfreak the problem surely doesn't rely in the fact he used single quotes in his query

Share this post


Link to post
Share on other sites
[quote author=ignace]
doesn't matter it's solved, case closed.
[/quote]

I am just asking for my own knowledge. It matters to me. So if you do not know, dont respond. I would still like the op to post what the problem was.

Share this post


Link to post
Share on other sites
@Elusid: use the "Login System with administration panel" version of JP's OLD script

Share this post


Link to post
Share on other sites
Ok well hello again ppl and I have a new problem. I tryed to put in a system where it would have a "Re type password" and users arn't able to. It keeps saying the registration failed error.

Register.php

[code]
<?
session_start();


function usernameTaken($username){
  global $conn;
  if(!get_magic_quotes_gpc()){
      $username = addslashes($username);
  }
  $q = "select username from users where username = '$username'";
  $result = mysql_query($q,$conn);
  return (mysql_numrows($result) > 0);
}


function addNewUser($username, $password){
  global $conn;
  $q = "INSERT INTO users VALUES ('$username', '$password')";
  return mysql_query($q,$conn);
}


function displayStatus(){
  $uname = $_SESSION['reguname'];
  if($_SESSION['regresult']){
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registered!</h1>
<p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p>
</body>
</html>


<?
  }
  else{
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registration Failed</h1>
<p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
Please try again at a later time.</p>
</body>
</html>

<?
  }
  unset($_SESSION['reguname']);
  unset($_SESSION['registered']);
  unset($_SESSION['regresult']);
}

if(isset($_SESSION['registered'])){

?>

<html>
<title>Registration Page</title>
<body>

<? displayStatus(); ?>

</body>
</html>

<?
  return;
}


if(isset($_POST['subjoin'])){
   
    if(!$_POST['user'] || !$_POST['pass'] || !$_POST['passcon']){
      die('You didn\'t fill in a required field.');
    }

if($_POST['pass'] <> $_POST['passcon']){
die('Error, your password didn\'t match.');
}

 
  $_POST['user'] = trim($_POST['user']);
  if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
  }

 
  if(usernameTaken($_POST['user'])){
      $use = $_POST['user'];
      die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
  }

 
  $md5pass = md5($_POST['pass']);
  $_SESSION['reguname'] = $_POST['user'];
  $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);
  $_SESSION['registered'] = true;
  echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
  return;
}
else{

?>
<html>
<title>Registration Page</title>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Register</h1>
<form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username</td></tr>
<tr><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password</td></tr>
<tr><td><input type="password" name="pass" maxlength="32"></td></tr>
<tr><td>Re-type Password</td></tr>
<tr><td><input type="password" name="passcon" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
</table>
</form>
</body>
</html>


<?
}
?>
[/code]


[code][/code]

Share this post


Link to post
Share on other sites
I am not 100% sure if this will work, but it is worth a try:

[code]
<?
session_start();


function usernameTaken($username){
  global $conn;
  if(!get_magic_quotes_gpc()){
      $username = addslashes($username);
  }
  $q = "select username from users where username = '$username'";
  $result = mysql_query($q,$conn);
  return (mysql_numrows($result) > 0);
}


function addNewUser($username, $password){
  global $conn;
  $q = "INSERT INTO users VALUES ('$username', '$password')";
  return mysql_query($q,$conn);
}


function displayStatus(){
  $uname = $_SESSION['reguname'];
  if($_SESSION['regresult']){
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registered!</h1>
<p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p>
</body>
</html>


<?
  }
  else{
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registration Failed</h1>
<p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
Please try again at a later time.</p>
</body>
</html>

<?
  }
  unset($_SESSION['reguname']);
  unset($_SESSION['registered']);
  unset($_SESSION['regresult']);
}

if(isset($_SESSION['registered'])){

?>

<html>
<title>Registration Page</title>
<body>

<? displayStatus(); ?>

</body>
</html>

<?
  return;
}


if(isset($_POST['subjoin'])){
   
    if(!$_POST['user'] || !$_POST['pass'] || !$_POST['passcon']){
      die('You didn\'t fill in a required field.');
    }

if($_POST['pass'] == $_POST['passcon']){
$result = 1;
return $result;
} else {
die('Error, your password didn\'t match.');
}

 
  $_POST['user'] = trim($_POST['user']);
  if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
  }

 
  if(usernameTaken($_POST['user'])){
      $use = $_POST['user'];
      die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
  }

 
  $md5pass = md5($_POST['pass']);
  $_SESSION['reguname'] = $_POST['user'];
  $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);
  $_SESSION['registered'] = true;
  echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
  return;
}
else{

?>
<html>
<title>Registration Page</title>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Register</h1>
<form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username</td></tr>
<tr><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password</td></tr>
<tr><td><input type="password" name="pass" maxlength="32"></td></tr>
<tr><td>Re-type Password</td></tr>
<tr><td><input type="password" name="passcon" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
</table>
</form>
</body>
</html>


<?
}
?>
[/code]

Share this post


Link to post
Share on other sites
Try:

[code]
<?
session_start();


function usernameTaken($username){
  global $conn;
  if(!get_magic_quotes_gpc()){
      $username = addslashes($username);
  }
  $q = "select username from users where username = '$username'";
  $result = mysql_query($q,$conn);
  return (mysql_numrows($result) > 0);
}


function addNewUser($username, $password){
  global $conn;
  $q = "INSERT INTO users VALUES ('$username', '$password')";
  return mysql_query($q,$conn);
}


function displayStatus(){
  $uname = $_SESSION['reguname'];
  if($_SESSION['regresult']){
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registered!</h1>
<p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p>
</body>
</html>


<?
  }
  else{
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registration Failed</h1>
<p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
Please try again at a later time.</p>
</body>
</html>

<?
  }
  unset($_SESSION['reguname']);
  unset($_SESSION['registered']);
  unset($_SESSION['regresult']);
}

if(isset($_SESSION['registered'])){

?>

<html>
<title>Registration Page</title>
<body>

<? displayStatus(); ?>

</body>
</html>

<?
  return;
}


if(isset($_POST['subjoin'])){
   
    if(!$_POST['user'] || !$_POST['pass'] || !$_POST['passcon']){
      die('You didn\'t fill in a required field.');
    }

if($_POST['pass'] != $_POST['passcon']){
die('Error, your password didn\'t match.');
}

 
  $_POST['user'] = trim($_POST['user']);
  if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
  }

 
  if(usernameTaken($_POST['user'])){
      $use = $_POST['user'];
      die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
  }

 
  $md5pass = md5($_POST['pass']);
  $_SESSION['reguname'] = $_POST['user'];
  $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);
  $_SESSION['registered'] = true;
  echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
  return;
}
else{

?>
<html>
<title>Registration Page</title>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Register</h1>
<form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username</td></tr>
<tr><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password</td></tr>
<tr><td><input type="password" name="pass" maxlength="32"></td></tr>
<tr><td>Re-type Password</td></tr>
<tr><td><input type="password" name="passcon" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
</table>
</form>
</body>
</html>


<?
}
?>
[/code]

I am pretty sure that will work. It's the way you originally had it but instead of using the greater than or less than operator to see if the passwords didn't match I used the Non-equivalence operator (!=)

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.