chris270 Posted October 30, 2009 Share Posted October 30, 2009 Okay this is the login script for encrupted passwords.. it give me this messege: Operand should contain 1 column(s) here is the code: <?php include 'dbc.php'; if ($_POST['doLogin']=='Login') { $Account = ($_POST['taccount']); $md5_password = md5($_POST['tpassword']); $sql = "SELECT (login, encrypted_password, gm, banned, lastlogin, lastip, email, flags, muted, reward_points, banreason) FROM accounts WHERE login = '".$Account."' AND encrypted_password = '".$md5_password."'"; $result = mysql_query($sql) or die (mysql_error()); $num = mysql_num_rows($result); if ( $num == 0 ) { list($login, $encrypted_password, $gm, $banned, $lastlogin, $lastip, $email, $flags, $muted, $reward_points, $banreason) = mysql_fetch_row($result); session_start(); $_SESSION['account_name']= $login; $_SESSION['account_password'] = $encrypted_password; if(isset($_POST['remember'])){ setcookie("account_name", $_SESSION['account_name'], time()+60*60*24*60, "/"); setcookie("account_password", $_SESSION['account_password'], time()+60*60*24*60, "/"); } header("Location: myaccount.php"); } else { $msg = urlencode("Invalid Login. Please try again with correct account name and password. "); header("Location: login.php?msg=$msg"); } } ?> <html> <head> <title>Members Login</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <script language="Javascript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script> <script language="Javascript" type="text/javascript" src="js/jquery.validate.js"></script> <script> $(document).ready(function(){ $("#logForm").validate(); }); </script> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellspacing="0" cellpadding="5" class="main"> <tr> <td colspan="3"> </td> </tr> <tr> <td width="160" valign="top"><p> </p> <p> </p> <p> </p> <p> </p> <p> </p></td> <td width="732" valign="top"><p> </p> <h3 class="titlehdr">Muppets Account Login </h3> <p> <? if (isset($_GET['msg'])) { $msg = mysql_real_escape_string($_GET['msg']); echo "<div class=\"msg\">$msg</div>"; } ?></p> <form action="login.php" method="post" name="logForm" id="logForm" > <table width="65%" border="0" cellpadding="4" cellspacing="4" class="loginform"> <tr> <td colspan="2"> </td> </tr> <tr> <td width="28%">Account Name</td> <td width="72%"><input name="taccount" type="text" class="required" id="txtbox" size="25"></td> </tr> <tr> <td>Password</td> <td><input name="tpassword" type="password" class="required" id="txtbox" size="25"></td> </tr> <tr> <td colspan="2"><div align="center"> <input name="remember" type="checkbox" id="remember" value="1"> Remember me</div></td> </tr> <tr> <td colspan="2"> <div align="center"> <p> <input name="doLogin" type="submit" id="doLogin3" value="Login"> </p> <p></font> <a href="forgot.php">Forgot Password</a> <font color="#FF6600"> </div></td> </tr> </table> <div align="center"></div> <p align="center"> </p> </form> <p> </p> </td> <td width="196" valign="top"> </td> </tr> <tr> <td colspan="3"> </td> </tr> </table> </body> </html> thanks in advance Link to comment https://forums.phpfreaks.com/topic/179625-please-help-can-figure-this-out/ Share on other sites More sharing options...
Bricktop Posted October 30, 2009 Share Posted October 30, 2009 Hi chris270, You're missing the final ) from the end of your MySQL statement. Change it to read: $sql = "SELECT (login, encrypted_password, gm, banned, lastlogin, lastip, email, flags, muted, reward_points, banreason) FROM accounts WHERE login = '".$Account."' AND encrypted_password = '".$md5_password."'"); Also, you're not validating or sanitizing your $_POST data which is a major security flaw. Have a look at Daniel's excellent security tutorial for more information on this. Hope this helps. Link to comment https://forums.phpfreaks.com/topic/179625-please-help-can-figure-this-out/#findComment-947779 Share on other sites More sharing options...
Bricktop Posted October 30, 2009 Share Posted October 30, 2009 Whoops! Typo! Change it to read: $sql = "SELECT (login, encrypted_password, gm, banned, lastlogin, lastip, email, flags, muted, reward_points, banreason) FROM accounts WHERE login = '".$Account."' AND encrypted_password = '".$md5_password."'); There was an extra " at the end of the query I posted. Link to comment https://forums.phpfreaks.com/topic/179625-please-help-can-figure-this-out/#findComment-947794 Share on other sites More sharing options...
Bricktop Posted October 30, 2009 Share Posted October 30, 2009 Ignore that, the extra " is needed. Doh! Link to comment https://forums.phpfreaks.com/topic/179625-please-help-can-figure-this-out/#findComment-947842 Share on other sites More sharing options...
chris270 Posted November 1, 2009 Author Share Posted November 1, 2009 can some of you post this where it works i really need this fast Link to comment https://forums.phpfreaks.com/topic/179625-please-help-can-figure-this-out/#findComment-948685 Share on other sites More sharing options...
PFMaBiSmAd Posted November 1, 2009 Share Posted November 1, 2009 SELECT queries don't have parenthesis () around the list of select items. Everything else about your original $sql = statement appears to be correct. Link to comment https://forums.phpfreaks.com/topic/179625-please-help-can-figure-this-out/#findComment-948688 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.