Jump to content

i cant login to my php login page


silverglade

Recommended Posts

hi, i have a php login page and it wont take my user and password, the page is here

 

http://oddnerdrum.info and the test user and pass is "user" and "password" without the quotes. notice it wont work though. i get the hack=Y message. here is all the code, any help GREATLY appreciated. thanks. derek

 

 

 

CODE TO THE LOGIN PAGE INDEX.PHP

<?php
include("connect1.php");

session_start();  
$u = $_POST['username'];
$p = $_POST['password'];  
$logoff = $_GET['logoff']; 
$hack = $_GET['hack'];  


  



if($logoff){

    
   unset($_SESSION['userid']);
   
    

   $message = "You have been logged off";  

    
     

         }

  
if($hack){    

   $message = "Naughty Naughty!  "; // COOL

    }


// escape username and password for use in SQL//person said on board "looks fine" like this
//to prevent sql injections
$u = mysql_real_escape_string($u);
$p = mysql_real_escape_string($p);


// if fields username and password have contents, then...
if(isset($u) && isset($p) && !empty($u) && !empty($p)){ ///changed from if ($u && $p)
   
   $query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

   $result = mysql_fetch_array($query);  
                                       
                                            
   if($result['username']){ // if username is set, go on...username is a key for $result, and a field in the table.
      
      $message = "You have been logged in";
       
      
      $_SESSION['userid'] = $result['username'];
   
      header("Location:old.mainsite.php"); // this will redirect them to the application.php page. and exit the script here.
      exit;
   
   
   }else{
      
      $message = "You do not exist on the system";
      
   }
   
   

}
?>
<?php
//IP BANNING CODE START HERE
$s=$_SERVER["REMOTE_ADDR"];
//draws IP address of visitor
$ipbancheck="SELECT * from banip where IP='$s'";
$ipbancheck2=mysql_query($ipbancheck);
while($ipbancheck3=mysql_fetch_array($ipbancheck2))
{
$IPBANNED=$ipbancheck3[iP];
}
//above lines check to see if user Ip is in banned IPs
if ($IPBANNED)
{
header('Location: http://derekvanderven.com/hacker.html');
//print "You have been banned ";

}
else
{

}
?>

 

CODE TO THE BOUNCER SCRIPT TO KEEP OUTSIDERS OUT

 

<?php

session_start();// this is a session start declaration call. to let us know we are using sessions on this page.
                  // when you create a session you create an actual file on server that it writes to.

if(!isset($_SESSION["userid"])){ // why would they be on this page if session is not set!!!! this code is a bouncer..a cop.

header("Location:index.php?hack=y"); // if it hasnt been set and they are on this page, hack=y and redirect them back with the naught naughty message.


exit;
}

?>

 

CODE TO THE CONNECT1.PHP SCRIPT

 

<?php
// connect to database include file

$host		= " ";//I LEFT THIS OUT FOR THE POST
$database 	= " ";
$username 	= " ";
$password 	= " ";

mysql_connect($host, $username, $password) or die("Could not connect: " . mysql_error());

mysql_select_db($database);

?>

Link to comment
https://forums.phpfreaks.com/topic/180734-i-cant-login-to-my-php-login-page/
Share on other sites

try changing this:

if($result['username']){

 

to this:

if(mysql_num_rows($query) > 0){

 

in this line:

if(isset($u) && isset($p) && !empty($u) && !empty($p)){

 

you can remove this isset prams because they will always be set because you set them at the beginning of your script:

if(!empty($u) && !empty($p)){

 

also, your $logoff and $hack variables will be strings, not booleans.

Right before this query:

$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

 

and after this if:

if(!empty($u) && !empty($p)){

 

put an echo in, so it would look something like this:

 

if(!empty($u) && !empty($p)){
echo "You made it here";
$query = mysql_query("SELECT * FROM table2 WHERE username = '$u' AND password = '$p'");

 

That will let you know if it is even going into that if statement.

 

 

You should move the IP banning stuff to the top of the page.

 

and you should do a proper log off:

http://php.net/session_destroy

i contacted my hosting company and they messed it up more. here is the error i get on my index.php login page now. any help GREATLY appreciated. thanks

derek

 

 

Warning: mysql_query() [function.mysql-query]: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /hermes/bosweb/web161/b1611/sl.brendansite2/public_html/index.php on line 6

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /hermes/bosweb/web161/b1611/sl.brendansite2/public_html/index.php on line 6

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /hermes/bosweb/web161/b1611/sl.brendansite2/public_html/index.php on line 7

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /hermes/bosweb/web161/b1611/sl.brendansite2/public_html/index.php:6) in /hermes/bosweb/web161/b1611/sl.brendansite2/public_html/index.php on line 26

assuming include("connect1.php"); has your database info, such as login and stuff, check to make sure that that is all correct, other wise, if you moved the ip banning stuff to the very top, make sure it is after your include connect1.

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /hermes/bosweb/web161/b1611/sl.brendansite2/public_html/index.php:6) in /hermes/bosweb/web161/b1611/sl.brendansite2/public_html/index.php on line 26

 

That means that you are doing session_start(); after out put is sent to the browser

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.