Jump to content

Help with this code (login system)


Elusid

Recommended Posts

Ok so I have a login system I got from a tutorial and I am having some problems getting it to work right. I want it so that it will only let you see a page if you are registered. This is what I have

[code]
<?php
session_start();
include("login.php")
include("database.php")


if($logged_in){?>
<!-------->
<body bgcolor='000000' text='ffffff' link='880000' vlink='880000' alink='880000'>

Welcome to the Flame Licker file hosting section. You can upload files here to use on forums, blogs, or anything that needs

a file to be saved. The max upload size is 2.5MB's. DO NOT upload copyrighted material because it will be deleted. Enjoy!

<p>

<center>
<form id="form1" name="form1" enctype="multipart/form-data" method="post" action="upload.php">
Max upload size: 2500kb
<input name="file" type="file">
<input type='submit' value='submit'>
</form>
</center>

</body>
<!-------->
<?php
      }
      else{
?>
<body bgcolor='000000' text='ffffff' link='880000' vlink='880000' alink='880000'>
I'm sorry, you need to be registered to use this function on the site.
</body>
<?php
      }
 
?>
[/code]

and this is the error I get


Parse error: parse error, unexpected T_INCLUDE in /home/www/flamelicker.com/newsite/uploads/filehosting.php on line 4
Link to comment
Share on other sites

Hmm ok that fixed one part but now it brought up another.

Here is my code now for the page I want protected.

[code]
<?php
session_start();
include("login.php");
include("database.php");


if($logged_in){?>
<!-------->
<body bgcolor='000000' text='ffffff' link='880000' vlink='880000' alink='880000'>

Welcome to the Flame Licker file hosting section. You can upload files here to use on forums, blogs, or anything that needs a file to be saved. The max upload size is 2.5MB's. DO NOT upload copyrighted material because it will be deleted. Enjoy! <p>

<center>
<form id="form1" name="form1" enctype="multipart/form-data" method="post" action="upload.php">
Max upload size: 2500kb
<input name="file" type="file">
<input type='submit' value='submit'>
</form>
</center>

</body>
<!-------->
<?php
      }
      else{
?>
<body bgcolor='000000' text='ffffff' link='880000' vlink='880000' alink='880000'>
I'm sorry, you need to be registered to use this function on the site.
</body>
<?php
      }
 
?>
[/code]

this is the error I get

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/www/flamelicker.com/newsite/uploads/login.php on line 14
I'm sorry, you need to be registered to use this function on the site.

so I went over to login.php and this is what I have

[code]
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<?


function confirmUser($username, $password){
  global $conn;
 
  if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
  }

 
    $q = "select password from users where username = '$username'";
    $result = mysql_query($q,$conn);
    if(!$result || (mysql_numrows($result) < 1)){
      return 1; //Indicates username failure
    }

 
  $dbarray = mysql_fetch_array($result);
  $dbarray['password']  = stripslashes($dbarray['password']);
  $password = stripslashes($password);

 
  if($password == $dbarray['password']){
      return 0; //Success! Username and password confirmed
  }
  else{
      return 2; //Indicates password failure
  }
}


function checkLogin(){
 
  if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
      $_SESSION['username'] = $_COOKIE['cookname'];
      $_SESSION['password'] = $_COOKIE['cookpass'];
  }

 
  if(isset($_SESSION['username']) && isset($_SESSION['password'])){
     
      if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
       
        unset($_SESSION['username']);
        unset($_SESSION['password']);
        return false;
      }
      return true;
  }
 
  else{
      return false;
  }
}


function displayLogin(){
  global $logged_in;
  if($logged_in){
      echo "<h1>Logged In!</h1>";
      echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";
  }
  else{
?>

<h1>Login</h1>
<form action="" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username</td></tr>
<tr><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password</td></tr>
<tr><td><input type="password" name="pass" maxlength="32"></td></tr>
<tr><td colspan="2" align="left"><input type="checkbox" name="remember">
<font size="2">Remember me next time</td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
<tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr>
</table>
</form>

<?
  }
}



if(isset($_POST['sublogin'])){
 
  if(!$_POST['user'] || !$_POST['pass']){
      die('You didn\'t fill in a required field.');
  }
 
  $_POST['user'] = trim($_POST['user']);
  if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
  }

 
  $md5pass = md5($_POST['pass']);
  $result = confirmUser($_POST['user'], $md5pass);

 
  if($result == 1){
      die('That username doesn\'t exist in our database.');
  }
  else if($result == 2){
      die('Incorrect password, please try again.');
  }

 
  $_POST['user'] = stripslashes($_POST['user']);
  $_SESSION['username'] = $_POST['user'];
  $_SESSION['password'] = $md5pass;


  if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
  }


  echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
  return;
}


$logged_in = checkLogin();

?>
</body>
[/code]

All I want this to do is check if the user is loged in and if they are show them the page and if not don't! AH!
Link to comment
Share on other sites

Ok well hello again ppl and I have a new problem. I tryed to put in a system where it would have a "Re type password" and users arn't able to. It keeps saying the registration failed error.

Register.php

[code]
<?
session_start();


function usernameTaken($username){
  global $conn;
  if(!get_magic_quotes_gpc()){
      $username = addslashes($username);
  }
  $q = "select username from users where username = '$username'";
  $result = mysql_query($q,$conn);
  return (mysql_numrows($result) > 0);
}


function addNewUser($username, $password){
  global $conn;
  $q = "INSERT INTO users VALUES ('$username', '$password')";
  return mysql_query($q,$conn);
}


function displayStatus(){
  $uname = $_SESSION['reguname'];
  if($_SESSION['regresult']){
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registered!</h1>
<p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p>
</body>
</html>


<?
  }
  else{
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registration Failed</h1>
<p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
Please try again at a later time.</p>
</body>
</html>

<?
  }
  unset($_SESSION['reguname']);
  unset($_SESSION['registered']);
  unset($_SESSION['regresult']);
}

if(isset($_SESSION['registered'])){

?>

<html>
<title>Registration Page</title>
<body>

<? displayStatus(); ?>

</body>
</html>

<?
  return;
}


if(isset($_POST['subjoin'])){
   
    if(!$_POST['user'] || !$_POST['pass'] || !$_POST['passcon']){
      die('You didn\'t fill in a required field.');
    }

if($_POST['pass'] <> $_POST['passcon']){
die('Error, your password didn\'t match.');
}

 
  $_POST['user'] = trim($_POST['user']);
  if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
  }

 
  if(usernameTaken($_POST['user'])){
      $use = $_POST['user'];
      die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
  }

 
  $md5pass = md5($_POST['pass']);
  $_SESSION['reguname'] = $_POST['user'];
  $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);
  $_SESSION['registered'] = true;
  echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
  return;
}
else{

?>
<html>
<title>Registration Page</title>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Register</h1>
<form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username</td></tr>
<tr><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password</td></tr>
<tr><td><input type="password" name="pass" maxlength="32"></td></tr>
<tr><td>Re-type Password</td></tr>
<tr><td><input type="password" name="passcon" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
</table>
</form>
</body>
</html>


<?
}
?>
[/code]


[code][/code]
Link to comment
Share on other sites

I am not 100% sure if this will work, but it is worth a try:

[code]
<?
session_start();


function usernameTaken($username){
  global $conn;
  if(!get_magic_quotes_gpc()){
      $username = addslashes($username);
  }
  $q = "select username from users where username = '$username'";
  $result = mysql_query($q,$conn);
  return (mysql_numrows($result) > 0);
}


function addNewUser($username, $password){
  global $conn;
  $q = "INSERT INTO users VALUES ('$username', '$password')";
  return mysql_query($q,$conn);
}


function displayStatus(){
  $uname = $_SESSION['reguname'];
  if($_SESSION['regresult']){
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registered!</h1>
<p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p>
</body>
</html>


<?
  }
  else{
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registration Failed</h1>
<p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
Please try again at a later time.</p>
</body>
</html>

<?
  }
  unset($_SESSION['reguname']);
  unset($_SESSION['registered']);
  unset($_SESSION['regresult']);
}

if(isset($_SESSION['registered'])){

?>

<html>
<title>Registration Page</title>
<body>

<? displayStatus(); ?>

</body>
</html>

<?
  return;
}


if(isset($_POST['subjoin'])){
   
    if(!$_POST['user'] || !$_POST['pass'] || !$_POST['passcon']){
      die('You didn\'t fill in a required field.');
    }

if($_POST['pass'] == $_POST['passcon']){
$result = 1;
return $result;
} else {
die('Error, your password didn\'t match.');
}

 
  $_POST['user'] = trim($_POST['user']);
  if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
  }

 
  if(usernameTaken($_POST['user'])){
      $use = $_POST['user'];
      die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
  }

 
  $md5pass = md5($_POST['pass']);
  $_SESSION['reguname'] = $_POST['user'];
  $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);
  $_SESSION['registered'] = true;
  echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
  return;
}
else{

?>
<html>
<title>Registration Page</title>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Register</h1>
<form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username</td></tr>
<tr><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password</td></tr>
<tr><td><input type="password" name="pass" maxlength="32"></td></tr>
<tr><td>Re-type Password</td></tr>
<tr><td><input type="password" name="passcon" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
</table>
</form>
</body>
</html>


<?
}
?>
[/code]
Link to comment
Share on other sites

Try:

[code]
<?
session_start();


function usernameTaken($username){
  global $conn;
  if(!get_magic_quotes_gpc()){
      $username = addslashes($username);
  }
  $q = "select username from users where username = '$username'";
  $result = mysql_query($q,$conn);
  return (mysql_numrows($result) > 0);
}


function addNewUser($username, $password){
  global $conn;
  $q = "INSERT INTO users VALUES ('$username', '$password')";
  return mysql_query($q,$conn);
}


function displayStatus(){
  $uname = $_SESSION['reguname'];
  if($_SESSION['regresult']){
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registered!</h1>
<p>Thank you <b><? echo $uname; ?></b>, your information has been added to the database, you may now <a href="main.php" title="Login">log in</a>.</p>
</body>
</html>


<?
  }
  else{
?>
<html>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Registration Failed</h1>
<p>We're sorry, but an error has occurred and your registration for the username <b><? echo $uname; ?></b>, could not be completed.<br>
Please try again at a later time.</p>
</body>
</html>

<?
  }
  unset($_SESSION['reguname']);
  unset($_SESSION['registered']);
  unset($_SESSION['regresult']);
}

if(isset($_SESSION['registered'])){

?>

<html>
<title>Registration Page</title>
<body>

<? displayStatus(); ?>

</body>
</html>

<?
  return;
}


if(isset($_POST['subjoin'])){
   
    if(!$_POST['user'] || !$_POST['pass'] || !$_POST['passcon']){
      die('You didn\'t fill in a required field.');
    }

if($_POST['pass'] != $_POST['passcon']){
die('Error, your password didn\'t match.');
}

 
  $_POST['user'] = trim($_POST['user']);
  if(strlen($_POST['user']) > 30){
      die("Sorry, the username is longer than 30 characters, please shorten it.");
  }

 
  if(usernameTaken($_POST['user'])){
      $use = $_POST['user'];
      die("Sorry, the username: <strong>$use</strong> is already taken, please pick another one.");
  }

 
  $md5pass = md5($_POST['pass']);
  $_SESSION['reguname'] = $_POST['user'];
  $_SESSION['regresult'] = addNewUser($_POST['user'], $md5pass);
  $_SESSION['registered'] = true;
  echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
  return;
}
else{

?>
<html>
<title>Registration Page</title>
<body bgcolor='000000' text='ffffff' link='ff0000' vlink='880000'>
<h1>Register</h1>
<form action="<? echo $HTTP_SERVER_VARS['PHP_SELF']; ?>" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Username</td></tr>
<tr><td><input type="text" name="user" maxlength="30"></td></tr>
<tr><td>Password</td></tr>
<tr><td><input type="password" name="pass" maxlength="32"></td></tr>
<tr><td>Re-type Password</td></tr>
<tr><td><input type="password" name="passcon" maxlength="30"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="subjoin" value="Join!"></td></tr>
</table>
</form>
</body>
</html>


<?
}
?>
[/code]

I am pretty sure that will work. It's the way you originally had it but instead of using the greater than or less than operator to see if the passwords didn't match I used the Non-equivalence operator (!=)
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.