Jump to content

Please help can figure this out.


chris270

Recommended Posts

Okay this is the login script for encrupted passwords.. it give me this messege: Operand should contain 1 column(s)

here is the code:

<?php 

include 'dbc.php';


if ($_POST['doLogin']=='Login')
{
$Account = ($_POST['taccount']);
$md5_password = md5($_POST['tpassword']);

$sql = "SELECT (login, encrypted_password, gm, banned, lastlogin, lastip, email, flags, muted, reward_points, banreason) FROM accounts WHERE login = '".$Account."' AND encrypted_password = '".$md5_password."'"; 

                        
$result = mysql_query($sql) or die (mysql_error());
$num = mysql_num_rows($result);

    if ( $num == 0 ) { 
        
        list($login, $encrypted_password, $gm, $banned, $lastlogin, $lastip, $email, $flags, $muted, $reward_points, $banreason) = mysql_fetch_row($result);
        
         
  
       
           session_start(); 

                $_SESSION['account_name']= $login;  
                $_SESSION['account_password'] = $encrypted_password;
                

                
           if(isset($_POST['remember'])){
                                  setcookie("account_name", $_SESSION['account_name'], time()+60*60*24*60, "/");
                                  setcookie("account_password", $_SESSION['account_password'], time()+60*60*24*60, "/");
                                   }
                
                        
                header("Location: myaccount.php");
                }
                else
                {
                $msg = urlencode("Invalid Login. Please try again with correct account name and password. ");
                header("Location: login.php?msg=$msg");
                }
                
}
                                         
                                         

?>
<html>
<head>
<title>Members Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="Javascript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script>
<script language="Javascript" type="text/javascript" src="js/jquery.validate.js"></script>
  <script>
  $(document).ready(function(){
    $("#logForm").validate();
  });
  </script>
<link href="styles.css" rel="stylesheet" type="text/css">

</head>

<body>
<table width="100%" border="0" cellspacing="0" cellpadding="5" class="main">
  <tr> 
    <td colspan="3"> </td>
  </tr>
  <tr> 
    <td width="160" valign="top"><p> </p>
      <p>  </p>
      <p> </p>
      <p> </p>
      <p> </p></td>
    <td width="732" valign="top"><p> </p>
      <h3 class="titlehdr">Muppets Account Login
      </h3>  
          <p>
          <?

      if (isset($_GET['msg'])) {
          $msg = mysql_real_escape_string($_GET['msg']);
          echo "<div class=\"msg\">$msg</div>";
          }
          
          ?></p>
      <form action="login.php" method="post" name="logForm" id="logForm" >
        <table width="65%" border="0" cellpadding="4" cellspacing="4" class="loginform">
          <tr> 
            <td colspan="2"> </td>
          </tr>
          <tr> 
            <td width="28%">Account Name</td>
            <td width="72%"><input name="taccount" type="text" class="required" id="txtbox" size="25"></td>
          </tr>
          <tr> 
            <td>Password</td>
            <td><input name="tpassword" type="password" class="required" id="txtbox" size="25"></td>
          </tr>
          <tr> 
            <td colspan="2"><div align="center">
                <input name="remember" type="checkbox" id="remember" value="1">
                Remember me</div></td>
          </tr>
          <tr> 
            <td colspan="2"> <div align="center"> 
                <p> 
                  <input name="doLogin" type="submit" id="doLogin3" value="Login">
                </p>
                <p></font> <a href="forgot.php">Forgot Password</a> <font color="#FF6600"> 
              </div></td>
          </tr>
        </table>
        <div align="center"></div>
        <p align="center">  </p>
      </form>
      <p> </p>
           
      </td>
    <td width="196" valign="top"> </td>
  </tr>
  <tr> 
    <td colspan="3"> </td>
  </tr>
</table>

</body>
</html>

 

thanks in advance

Link to comment
https://forums.phpfreaks.com/topic/179625-please-help-can-figure-this-out/
Share on other sites

Hi chris270,

 

You're missing the final ) from the end of your MySQL statement.  Change it to read:

 

$sql = "SELECT (login, encrypted_password, gm, banned, lastlogin, lastip, email, flags, muted, reward_points, banreason) FROM accounts WHERE login = '".$Account."' AND encrypted_password = '".$md5_password."'"); 

 

Also, you're not validating or sanitizing your $_POST data which is a major security flaw.  Have a look at Daniel's excellent security tutorial for more information on this.

 

Hope this helps.

Whoops!  Typo!  Change it to read:

 

$sql = "SELECT (login, encrypted_password, gm, banned, lastlogin, lastip, email, flags, muted, reward_points, banreason) FROM accounts WHERE login = '".$Account."' AND encrypted_password = '".$md5_password."'); 

 

There was an extra " at the end of the query I posted.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.