Xtremer360 Posted November 24, 2009 Share Posted November 24, 2009 I keep getting the response "Invalid username" no matter what I put which is wrong because I'm only putting in usernames that are in the DB. Is there something wrong with my coding. <?php ob_start("ob_gzhandler"); // cache system require "backstageconfig.php"; require "backstagefunctions.php"; if ((!empty($_POST)) && (isset($_POST['action']))) { $action=$_POST{'action'}; } else { $action="mainmenu"; } if ((isset($_POST['uname'])) && (isset($_POST['pword']))) { $uname=$_POST{'uname'}; $pword=md5($_POST{'pword'}); validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile); $action="mainmenu"; } elseif ((!(isset($_COOKIE['uname']))) && (!(isset($_COOKIE['pword'])))) { require_once "backstage_libs/login.php"; login($admincssfile,$fed,$url); } else { $uname=$_COOKIE["uname"]; $pword=$_COOKIE["pword"]; validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile); if (isset($_POST['newdefaultcharacterid'])) { $newdefaultcharacterid = (integer)$_POST["newdefaultcharacterid"]; $query = "UPDATE efed_handler SET default_char_id = '$newdefaultcharacterid' WHERE login = '$uname' and fed_id = '$fedid'"; mysql_db_query($dbname, $query) or Die (mysql_error()); } } $query = "SELECT h.id as userid, h.surname as surname, h.firstname as firstname, h.isadmin as isadmin, newscat.id as defaultcategoryid, bio.id as defaultcharacterid, bio.style_id as styleid, bio.username as defaultcharacterusername, bio.charactername as defaultcharactername, styles.name as style FROM efed_handler as h LEFT JOIN efed_bio as bio ON ( h.default_char_id = bio.id and bio.fed_id = '$fedid' ) LEFT JOIN efed_list_styles as styles ON ( bio.style_id = styles.id and bio.fed_id = '$fedid' ) LEFT JOIN efed_list_newscategory as newscat ON ( h.default_news_id = newscat.id and newscat.fed_id = '$fedid' ) WHERE h.login = '$uname' and h.password = '$pword' and h.fed_id = '$fedid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $fieldarray=array('userid','surname','firstname','isadmin','defaultcharacterid','defaultcharacterusername','defaultcharactername','defaultcategoryid','styleid','username','style','charactername'); foreach ($fieldarray as $fieldlabel) { if (isset($row[$fieldlabel])) { $$fieldlabel=$row[$fieldlabel]; $$fieldlabel=cleanquerydata($$fieldlabel); } } } if ($action != "logout") { headercode($fedid,$admincssfile,$userid,$isadmin,$defaultcharacterid,$defaultcharacterusername,$defaultcharactername,$surname,$firstname,$action,$dirpath,$folder,$headshot,$bioheadheight,$bioheadwidth,$surname,$firstname,$forums); } else { headercode($fedid,$admincssfile,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0); } // print "<center>\n"; switch ($action) { case "mainmenu": mainscreen(); print "</div>\n"; footercode(); break; case "login": require_once "backstage_libs/login.php"; login($admincssfile,$fed,$url); break; case "handler": if ($isadmin == "1") { require_once "backstage_libs/handler.php"; handler($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$ip); } break; case "character": require_once "backstage_libs/character.php"; character($fedid,$uname,$pword,$userid,$dirpath,$isadmin,$admincssfile,$dbname,$sortorderarray,$iframe,$defaultcharacterid,$styleid,$defaultcharacterusername,$heatmetersenabled,$heatmeters); break; case "newscategory": if ($isadmin == "1") { require_once "backstage_libs/newscategory.php"; newscategory($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$targetarray); } break; case "news": require_once "backstage_libs/news.php"; news($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcategoryid,$ip,$defaultcharacterid,$defaultcharactername); break; case "content": if ($isadmin == "1") { require_once "backstage_libs/content.php"; content($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "template": if ($isadmin == "1") { require_once "backstage_libs/template.php"; template($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "biolayout": if ($isadmin == "1") { require_once "backstage_libs/biolayout.php"; biolayout($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "quotes": require_once "backstage_libs/quotes.php"; quotes($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcharacterid,$defaultcharactername); break; case "alliesrivals": require_once "backstage_libs/alliesrivals.php"; alliesrivals($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$numalliesrivals,$defaultcharacterid,$defaultcharactername,$defaultcharacterusername); break; case "roleplay": require_once "backstage_libs/roleplay.php"; roleplay($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcharacterid,$defaultcharactername); break; case "champions": if ($isadmin == "1") { require_once "backstage_libs/champions.php"; champions($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "title": if ($isadmin == "1") { require_once "backstage_libs/title.php"; title($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "titlehistory": if ($isadmin == "1") { require_once "backstage_libs/titlehistory.php"; titlehistory($uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "division": if ($isadmin == "1") { require_once "backstage_libs/division.php"; division($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "eventname": if ($isadmin == "1") { require_once "backstage_libs/eventname.php"; eventname($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "eventbooker": if ($isadmin == "1") { require_once "backstage_libs/eventbooker.php"; eventbooker($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot); } break; case "submitmatch": require_once "backstage_libs/submitmatch.php"; submitmatch($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot); break; case "submitseg": require_once "backstage_libs/submitseg.php"; submitseg($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot); break; case "resultscompilation": if ($isadmin == "1") { require_once "backstage_libs/resultscompilation.php"; resultscompilation($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot); } break; case "resultsediting": if ($isadmin == "1") { require_once "backstage_libs/resultsediting.php"; resultsediting($uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot,$url); } break; case "menustructures": if ($isadmin == "1") { require_once "backstage_libs/menustructures.php"; menustructures($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot,$url); } break; case "arenas": if ($isadmin == "1") { require_once "backstage_libs/arenas.php"; arenas($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$url); } break; case "manageapplications": if ($isadmin == "1") { require_once "backstage_libs/manageapplications.php"; manageapplications($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$url); } break; case "logout": SetCookie ("uname", ""); SetCookie ("pword", ""); require_once "backstage_libs/login.php"; login($admincssfile,$fed,$url); break; default: print "Default Screen<br />"; footercode(); break; } exit; ?> login.php <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta http-equiv="Content-Style-Type" content="text/css"> <meta http-equiv="Content-Language" content="en-us"> <meta name="language" content="en-us"> <title>Backstage V1 Administration Console</title> <link rel="stylesheet" href="backstage2.css" type="text/css" media="screen"> </head> <body> <div id=login> <form method="POST" action="backstage.php"> <h1>KOW Backstage</h1> <p><label>Username:<br><input type="text" name="uname" id="log" tabindex="1"></label></p> <p><label>Password:<br><input type="password" name="pword" id="pwd" tabindex="2"></label></p> <p style="text-align: center;"><input type="submit" class="button" name="login" id="submit" value="Login »" tabindex="4"></p> </form> </div> </body> </html> backstagefunctions.php function validate($fedid, $uname, $pword, $userid, $isadmin, $cookiedomain, $cookiepath, $admincssfile) { $badcharacters=array('\'','<','>','&','=',' '); foreach ($badcharacters as $badcharacter) { if (preg_match("/[$badcharacter]/i", "$uname")) { SetCookie ( "uname", ""); SetCookie ( "pword", ""); print "<h1 class=backstage>Authentication Error!</h1><br />\n"; print "Error: Invalid Login Details!<br /><br />"; print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n"; print "</center></div></div>\n"; print "</div>\n"; print "</div>\n"; print "</body>\n"; print "</html>\n"; exit; } } $query = "SELECT h.password as password, h.enabled as enabled FROM efed_handler as h WHERE h.login = '$uname' and h.fed_id = '$fedid'"; $result = mysql_query ($query); $num = mysql_numrows( $result ); if ($num != "1") { SetCookie ( "uname", ""); SetCookie ( "pword", ""); print "<h1 class=backstage>Authentication Error!</h1><br />\n"; print "Error: Invalid Username!<br /><br />"; print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n"; print "</center></div></div>\n"; footercode(); exit; } while ($row = mysql_fetch_assoc($result)) { $password=$row['password']; $enabled=$row['enabled']; } if ($pword != $password) { SetCookie ( "uname", ""); SetCookie ( "pword", ""); print "<h1 class=backstage>Authentication Error!</h1><br />\n"; print "Error: Invalid Password<br /><br />"; print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n"; print "</center></div>\n"; footercode(); exit; } if ($enabled == "0") { SetCookie ( "uname", ""); SetCookie ( "pword", ""); print "<h1 class=backstage>Login Error!</h1><br />\n"; print "Error: This Account has been deactivated. Please contact the site administrator.<br /><br />"; print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n"; print "</center></div>\n"; footercode(); exit; } SetCookie( "uname", $uname, 0, $cookiepath, $cookiedomain); SetCookie( "pword", $pword, 0, $cookiepath, $cookiedomain); // SetCookie( "uname", $uname, time()+1000000, $cookiepath, $cookiedomain); // SetCookie( "pword", $pword, time()+1000000, $cookiepath, $cookiedomain); } Quote Link to comment Share on other sites More sharing options...
Alex Posted November 24, 2009 Share Posted November 24, 2009 Where is $fedid defined? Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted November 24, 2009 Author Share Posted November 24, 2009 Why would that matter for the login? Quote Link to comment Share on other sites More sharing options...
Alex Posted November 24, 2009 Share Posted November 24, 2009 Because you're using it in this query: $query = "SELECT h.password as password, h.enabled as enabled FROM efed_handler as h WHERE h.login = '$uname' and h.fed_id = '$fedid'"; I also just realized that right under that query you're trying to use mysql_numrows(), which is a function that doesn't exist. It's mysql_num_rows. I suggest you put error_reporting(E_ALL); at the top of your file. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted November 24, 2009 Author Share Posted November 24, 2009 Would the num rows affect it not working. Quote Link to comment Share on other sites More sharing options...
Alex Posted November 24, 2009 Share Posted November 24, 2009 Of course. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted November 24, 2009 Author Share Posted November 24, 2009 I adjusted the num rows part and tested it but that still didn't work either. Quote Link to comment Share on other sites More sharing options...
Alex Posted November 24, 2009 Share Posted November 24, 2009 As I said before, $fedid isn't defined anywhere. You're just passing a null value into the query. Are there values for the fedid in the database? Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted November 24, 2009 Author Share Posted November 24, 2009 I finally filled them in as 1 in all the records. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted November 24, 2009 Share Posted November 24, 2009 mysql_numrows() is an old depreciated alias of mysql_num_rows() and would have no direct bearing on the problem. Please debug your code with error_reporting set to E_ALL and display_errors set to ON so that php will help you by displaying ALL the errors it detects. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted November 24, 2009 Author Share Posted November 24, 2009 Okay nvm on it now. I got it to work however it's not loading the control panel. It loads the mainscreen and footercode functions from backstagefunctions.php but does not load the actual control panel with all the rest of the stuff. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.