Jump to content

is there a way for me to stop 100 people from using the same password & user?


Recommended Posts

I assume your posting to index.php, if the details are correct it should redirect you do old.mainsite.php

try adding a die just after the login (if blocks) to check the login is fine

ie

die('We are HERE'); //<----THIS
     $message = "You have been logged in";

 

When you login it should say "We are HERE", if it doesn't then the login part if failing,

and we can debug your login code, first add this

var_dump($_POST); //<---ADD
if(!empty($u) && !empty($p)){ ///changed from if ($u && $p)

 

If the login if okay then trying commenting out the include("bouncer.php"); line, if it still failed then we're look at "auth.php"

i commented out the bouncer code include and it still goes the WE ARE HERE page

 

when u log in make the cookie, and add to databse a hashed random number and on every page check they are both the same.

 

its easier to write it yourself if you are learning, just break down what i said take it step by step and find a solution once step at a time.

Okay remove the line

die('We are HERE'); //<----THIS

 

and update auth.php to the following (this is just for testing)

 

<?php
session_start();
include("connect1.php");
//Check the current users session ID and HASH with the ones in the database
$result = mysql_query("SELECT loginHASH FROM table2 WHERE username = '".$_SESSION['userid']."' LIMIT 0,1");
$row = $row = mysql_fetch_assoc($result);
var_dump($row,$_SESSION['loginHASH']);
die();

//if not found then kick out
if(mysql_num_rows($result) < 1){
   $_SESSION = array();
   if (isset($_COOKIE[session_name()])) {
      setcookie(session_name(), '', time()-86400, '/');
   }
   session_destroy();
   header("location: index.php"); //redirect home
}
?>

you should get some array info, can you post that back

 

Okay it seams either the database is not updating or its not pulling the correct data,

first change

var_dump($row,$_SESSION['loginHASH']);

to

var_dump($row,$_SESSION);

 

that will check the userid, can you check the database via phpmyadmin, (or another database manager) to check the loginHASH in the Table2 table has a hash, or see if its empty

 

 

sorry about this but im going to have to stop here. i totally ruined the login and lost my old code. then i had to rebuild it and now im too tired to go on. ill just have to settle for the fact that ill have to make it a point to require all password changes periodically. im sorry for your trouble. at least i did learn a lot from you for the future. i have all the code you wrote and im going to implement it when i know more. im still a newbie. im sorry for the trouble. thanks for being patient with me again. derek

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.