is there a way for me to stop 100 people from using the same password & user?

[MadTechie]

I assume your posting to index.php, if the details are correct it should redirect you do old.mainsite.php

try adding a die just after the login (if blocks) to check the login is fine

ie

die('We are HERE'); //<----THIS
     $message = "You have been logged in";

 

When you login it should say "We are HERE", if it doesn't then the login part if failing,

and we can debug your login code, first add this

var_dump($_POST); //<---ADD
if(!empty($u) && !empty($p)){ ///changed from if ($u && $p)

 

If the login if okay then trying commenting out the include("bouncer.php"); line, if it still failed then we're look at "auth.php"

[silverglade]

thanks VERY much for helping! i added your code and i get to a white page that says "we are HERE", so im not sure what its doing, ill try commenting out the bouncer code. thanks. derek

[silverglade]

i commented out the bouncer code include and it still goes the WE ARE HERE page

[nadeemshafi9]

i commented out the bouncer code include and it still goes the WE ARE HERE page

 

when u log in make the cookie, and add to databse a hashed random number and on every page check they are both the same.

 

its easier to write it yourself if you are learning, just break down what i said take it step by step and find a solution once step at a time.

[MadTechie]

Okay remove the line

die('We are HERE'); //<----THIS

 

and update auth.php to the following (this is just for testing)

 

<?php
session_start();
include("connect1.php");
//Check the current users session ID and HASH with the ones in the database
$result = mysql_query("SELECT loginHASH FROM table2 WHERE username = '".$_SESSION['userid']."' LIMIT 0,1");
$row = $row = mysql_fetch_assoc($result);
var_dump($row,$_SESSION['loginHASH']);
die();

//if not found then kick out
if(mysql_num_rows($result) < 1){
   $_SESSION = array();
   if (isset($_COOKIE[session_name()])) {
      setcookie(session_name(), '', time()-86400, '/');
   }
   session_destroy();
   header("location: index.php"); //redirect home
}
?>

you should get some array info, can you post that back

 

[silverglade]

ok thanks again madtechie, heres what i got in the post

 

a white page after i logged in with this

 

array(1) { ["loginHASH"]=>  NULL } string(32) "c666d8de62f3a2b3f211451b2e3e27b5" 

[MadTechie]

Okay it seams either the database is not updating or its not pulling the correct data,

first change

var_dump($row,$_SESSION['loginHASH']);

to

var_dump($row,$_SESSION);

 

that will check the userid, can you check the database via phpmyadmin, (or another database manager) to check the loginHASH in the Table2 table has a hash, or see if its empty

 

 

[silverglade]

sorry about this but im going to have to stop here. i totally ruined the login and lost my old code. then i had to rebuild it and now im too tired to go on. ill just have to settle for the fact that ill have to make it a point to require all password changes periodically. im sorry for your trouble. at least i did learn a lot from you for the future. i have all the code you wrote and im going to implement it when i know more. im still a newbie. im sorry for the trouble. thanks for being patient with me again. derek