Jump to content

is there a way for me to stop 100 people from using the same password & user?


silverglade

Recommended Posts

I assume your posting to index.php, if the details are correct it should redirect you do old.mainsite.php

try adding a die just after the login (if blocks) to check the login is fine

ie

die('We are HERE'); //<----THIS
     $message = "You have been logged in";

 

When you login it should say "We are HERE", if it doesn't then the login part if failing,

and we can debug your login code, first add this

var_dump($_POST); //<---ADD
if(!empty($u) && !empty($p)){ ///changed from if ($u && $p)

 

If the login if okay then trying commenting out the include("bouncer.php"); line, if it still failed then we're look at "auth.php"

Link to comment
Share on other sites

i commented out the bouncer code include and it still goes the WE ARE HERE page

 

when u log in make the cookie, and add to databse a hashed random number and on every page check they are both the same.

 

its easier to write it yourself if you are learning, just break down what i said take it step by step and find a solution once step at a time.

Link to comment
Share on other sites

Okay remove the line

die('We are HERE'); //<----THIS

 

and update auth.php to the following (this is just for testing)

 

<?php
session_start();
include("connect1.php");
//Check the current users session ID and HASH with the ones in the database
$result = mysql_query("SELECT loginHASH FROM table2 WHERE username = '".$_SESSION['userid']."' LIMIT 0,1");
$row = $row = mysql_fetch_assoc($result);
var_dump($row,$_SESSION['loginHASH']);
die();

//if not found then kick out
if(mysql_num_rows($result) < 1){
   $_SESSION = array();
   if (isset($_COOKIE[session_name()])) {
      setcookie(session_name(), '', time()-86400, '/');
   }
   session_destroy();
   header("location: index.php"); //redirect home
}
?>

you should get some array info, can you post that back

 

Link to comment
Share on other sites

Okay it seams either the database is not updating or its not pulling the correct data,

first change

var_dump($row,$_SESSION['loginHASH']);

to

var_dump($row,$_SESSION);

 

that will check the userid, can you check the database via phpmyadmin, (or another database manager) to check the loginHASH in the Table2 table has a hash, or see if its empty

 

 

Link to comment
Share on other sites

sorry about this but im going to have to stop here. i totally ruined the login and lost my old code. then i had to rebuild it and now im too tired to go on. ill just have to settle for the fact that ill have to make it a point to require all password changes periodically. im sorry for your trouble. at least i did learn a lot from you for the future. i have all the code you wrote and im going to implement it when i know more. im still a newbie. im sorry for the trouble. thanks for being patient with me again. derek

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.