chris270 Posted October 30, 2009 Share Posted October 30, 2009 Okay this is the login script for encrupted passwords.. it give me this messege: Operand should contain 1 column(s) here is the code: <?php include 'dbc.php'; if ($_POST['doLogin']=='Login') { $Account = ($_POST['taccount']); $md5_password = md5($_POST['tpassword']); $sql = "SELECT (login, encrypted_password, gm, banned, lastlogin, lastip, email, flags, muted, reward_points, banreason) FROM accounts WHERE login = '".$Account."' AND encrypted_password = '".$md5_password."'"; $result = mysql_query($sql) or die (mysql_error()); $num = mysql_num_rows($result); if ( $num == 0 ) { list($login, $encrypted_password, $gm, $banned, $lastlogin, $lastip, $email, $flags, $muted, $reward_points, $banreason) = mysql_fetch_row($result); session_start(); $_SESSION['account_name']= $login; $_SESSION['account_password'] = $encrypted_password; if(isset($_POST['remember'])){ setcookie("account_name", $_SESSION['account_name'], time()+60*60*24*60, "/"); setcookie("account_password", $_SESSION['account_password'], time()+60*60*24*60, "/"); } header("Location: myaccount.php"); } else { $msg = urlencode("Invalid Login. Please try again with correct account name and password. "); header("Location: login.php?msg=$msg"); } } ?> <html> <head> <title>Members Login</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <script language="Javascript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script> <script language="Javascript" type="text/javascript" src="js/jquery.validate.js"></script> <script> $(document).ready(function(){ $("#logForm").validate(); }); </script> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellspacing="0" cellpadding="5" class="main"> <tr> <td colspan="3"> </td> </tr> <tr> <td width="160" valign="top"><p> </p> <p> </p> <p> </p> <p> </p> <p> </p></td> <td width="732" valign="top"><p> </p> <h3 class="titlehdr">Muppets Account Login </h3> <p> <? if (isset($_GET['msg'])) { $msg = mysql_real_escape_string($_GET['msg']); echo "<div class=\"msg\">$msg</div>"; } ?></p> <form action="login.php" method="post" name="logForm" id="logForm" > <table width="65%" border="0" cellpadding="4" cellspacing="4" class="loginform"> <tr> <td colspan="2"> </td> </tr> <tr> <td width="28%">Account Name</td> <td width="72%"><input name="taccount" type="text" class="required" id="txtbox" size="25"></td> </tr> <tr> <td>Password</td> <td><input name="tpassword" type="password" class="required" id="txtbox" size="25"></td> </tr> <tr> <td colspan="2"><div align="center"> <input name="remember" type="checkbox" id="remember" value="1"> Remember me</div></td> </tr> <tr> <td colspan="2"> <div align="center"> <p> <input name="doLogin" type="submit" id="doLogin3" value="Login"> </p> <p></font> <a href="forgot.php">Forgot Password</a> <font color="#FF6600"> </div></td> </tr> </table> <div align="center"></div> <p align="center"> </p> </form> <p> </p> </td> <td width="196" valign="top"> </td> </tr> <tr> <td colspan="3"> </td> </tr> </table> </body> </html> thanks in advance Quote Link to comment https://forums.phpfreaks.com/topic/179625-please-help-can-figure-this-out/ Share on other sites More sharing options...
Bricktop Posted October 30, 2009 Share Posted October 30, 2009 Hi chris270, You're missing the final ) from the end of your MySQL statement. Change it to read: $sql = "SELECT (login, encrypted_password, gm, banned, lastlogin, lastip, email, flags, muted, reward_points, banreason) FROM accounts WHERE login = '".$Account."' AND encrypted_password = '".$md5_password."'"); Also, you're not validating or sanitizing your $_POST data which is a major security flaw. Have a look at Daniel's excellent security tutorial for more information on this. Hope this helps. Quote Link to comment https://forums.phpfreaks.com/topic/179625-please-help-can-figure-this-out/#findComment-947779 Share on other sites More sharing options...
Bricktop Posted October 30, 2009 Share Posted October 30, 2009 Whoops! Typo! Change it to read: $sql = "SELECT (login, encrypted_password, gm, banned, lastlogin, lastip, email, flags, muted, reward_points, banreason) FROM accounts WHERE login = '".$Account."' AND encrypted_password = '".$md5_password."'); There was an extra " at the end of the query I posted. Quote Link to comment https://forums.phpfreaks.com/topic/179625-please-help-can-figure-this-out/#findComment-947794 Share on other sites More sharing options...
Bricktop Posted October 30, 2009 Share Posted October 30, 2009 Ignore that, the extra " is needed. Doh! Quote Link to comment https://forums.phpfreaks.com/topic/179625-please-help-can-figure-this-out/#findComment-947842 Share on other sites More sharing options...
chris270 Posted November 1, 2009 Author Share Posted November 1, 2009 can some of you post this where it works i really need this fast Quote Link to comment https://forums.phpfreaks.com/topic/179625-please-help-can-figure-this-out/#findComment-948685 Share on other sites More sharing options...
PFMaBiSmAd Posted November 1, 2009 Share Posted November 1, 2009 SELECT queries don't have parenthesis () around the list of select items. Everything else about your original $sql = statement appears to be correct. Quote Link to comment https://forums.phpfreaks.com/topic/179625-please-help-can-figure-this-out/#findComment-948688 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.