Jump to content

Won't Ever Match DB

Xtremer360

By Xtremer360
in PHP Coding Help

 Share

Recommended Posts

Xtremer360 Advanced Member

Xtremer360

Posted
Posted

I keep getting the response "Invalid username" no matter what I put which is wrong because I'm only putting in usernames that are in the DB. Is there something wrong with my coding.

 

<?php
ob_start("ob_gzhandler");  // cache system

require "backstageconfig.php";
require "backstagefunctions.php";

if ((!empty($_POST)) && (isset($_POST['action']))) 
{
	$action=$_POST{'action'};
} 
else
{
	$action="mainmenu";
}

if ((isset($_POST['uname'])) && (isset($_POST['pword'])))
{
	$uname=$_POST{'uname'};
	$pword=md5($_POST{'pword'});
	validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile);
	$action="mainmenu";
}
elseif ((!(isset($_COOKIE['uname']))) && (!(isset($_COOKIE['pword']))))
{
	require_once "backstage_libs/login.php";
	login($admincssfile,$fed,$url);
}
else
{
	$uname=$_COOKIE["uname"];
	$pword=$_COOKIE["pword"];
	validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile);

	if (isset($_POST['newdefaultcharacterid']))
	{
		$newdefaultcharacterid = (integer)$_POST["newdefaultcharacterid"];
		$query = "UPDATE
				efed_handler
			SET
				default_char_id = '$newdefaultcharacterid'
			WHERE
				login = '$uname' and
				fed_id = '$fedid'"; 
		mysql_db_query($dbname, $query) or Die (mysql_error());
	}
}

$query = "SELECT
		h.id as userid,
		h.surname as surname,
		h.firstname as firstname,
		h.isadmin as isadmin,
		newscat.id as defaultcategoryid,
		bio.id as defaultcharacterid,
		bio.style_id as styleid,
		bio.username as defaultcharacterusername,
		bio.charactername as defaultcharactername,
		styles.name as style
	FROM
		efed_handler as h
	LEFT JOIN
		efed_bio as bio
	ON
		(
			h.default_char_id = bio.id and
			bio.fed_id = '$fedid'
		)
	LEFT JOIN
		efed_list_styles as styles
	ON
		(
			bio.style_id = styles.id and
			bio.fed_id = '$fedid'
		)
	LEFT JOIN
		efed_list_newscategory as newscat
	ON
		(
			h.default_news_id = newscat.id and
			newscat.fed_id = '$fedid'
		)
	WHERE
		h.login = '$uname' and
		h.password = '$pword' and
		h.fed_id = '$fedid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$fieldarray=array('userid','surname','firstname','isadmin','defaultcharacterid','defaultcharacterusername','defaultcharactername','defaultcategoryid','styleid','username','style','charactername');
	foreach ($fieldarray as $fieldlabel)
	{
		if (isset($row[$fieldlabel])) 
		{ 
			$$fieldlabel=$row[$fieldlabel];
			$$fieldlabel=cleanquerydata($$fieldlabel);
		}
	}
}

if ($action != "logout")
{
	headercode($fedid,$admincssfile,$userid,$isadmin,$defaultcharacterid,$defaultcharacterusername,$defaultcharactername,$surname,$firstname,$action,$dirpath,$folder,$headshot,$bioheadheight,$bioheadwidth,$surname,$firstname,$forums);
}
else
{
	headercode($fedid,$admincssfile,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0);
}
// print "<center>\n";

switch ($action)	
{
	case "mainmenu":
		mainscreen();
		print "</div>\n";
		footercode();
		break;

	case "login":
		require_once "backstage_libs/login.php";
		login($admincssfile,$fed,$url);
		break;

	case "handler":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/handler.php";
			handler($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$ip); 
		}
		break;

	case "character":
		require_once "backstage_libs/character.php";
		character($fedid,$uname,$pword,$userid,$dirpath,$isadmin,$admincssfile,$dbname,$sortorderarray,$iframe,$defaultcharacterid,$styleid,$defaultcharacterusername,$heatmetersenabled,$heatmeters);
		break;

	case "newscategory":
		if ($isadmin == "1") 
		{
			require_once "backstage_libs/newscategory.php";
			newscategory($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$targetarray); 
		}
		break;

	case "news":
		require_once "backstage_libs/news.php";
		news($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcategoryid,$ip,$defaultcharacterid,$defaultcharactername);
		break;

	case "content":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/content.php";
			content($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "template":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/template.php";
			template($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "biolayout":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/biolayout.php";
			biolayout($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "quotes":
		require_once "backstage_libs/quotes.php";
		quotes($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcharacterid,$defaultcharactername);
		break;

	case "alliesrivals":
		require_once "backstage_libs/alliesrivals.php";
		alliesrivals($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$numalliesrivals,$defaultcharacterid,$defaultcharactername,$defaultcharacterusername);
		break;

	case "roleplay":
		require_once "backstage_libs/roleplay.php";
		roleplay($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcharacterid,$defaultcharactername);
		break;

	case "champions":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/champions.php";
			champions($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "title":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/title.php";
			title($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "titlehistory":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/titlehistory.php";
			titlehistory($uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "division":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/division.php";
			division($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "eventname":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/eventname.php";
			eventname($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "eventbooker":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/eventbooker.php";
			eventbooker($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot); 
		}
		break;

	case "submitmatch":
		require_once "backstage_libs/submitmatch.php";
		submitmatch($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot);
		break;

	case "submitseg":
		require_once "backstage_libs/submitseg.php";
		submitseg($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot);
		break;

	case "resultscompilation":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/resultscompilation.php";
			resultscompilation($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot); 
		}
		break;

	case "resultsediting":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/resultsediting.php";
			resultsediting($uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot,$url); 
		}
		break;

	case "menustructures":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/menustructures.php";
			menustructures($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot,$url); 
		}
		break;

	case "arenas":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/arenas.php";
			arenas($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$url); 
		}
		break;

	case "manageapplications":
		if ($isadmin == "1") 
		{
			require_once "backstage_libs/manageapplications.php";
			manageapplications($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$url);
		}
		break;

	case "logout":
		SetCookie ("uname", "");
		SetCookie ("pword", "");
		require_once "backstage_libs/login.php";
		login($admincssfile,$fed,$url);
		break;

	default:
		print "Default Screen<br />";
		footercode();
		break;
}
exit;
?>

 

login.php

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Style-Type" content="text/css">
<meta http-equiv="Content-Language" content="en-us">
<meta name="language" content="en-us">
<title>Backstage V1 Administration Console</title>
<link rel="stylesheet" href="backstage2.css" type="text/css" media="screen">
</head>
<body>
<div id=login>
<form method="POST" action="backstage.php">
<h1>KOW Backstage</h1>
<p><label>Username:<br><input type="text" name="uname" id="log" tabindex="1"></label></p>
<p><label>Password:<br><input type="password" name="pword" id="pwd" tabindex="2"></label></p>
<p style="text-align: center;"><input type="submit" class="button" name="login" id="submit" value="Login »" tabindex="4"></p>
</form>
</div>
</body>
</html> 

 

backstagefunctions.php

function validate($fedid, $uname, $pword, $userid, $isadmin, $cookiedomain, $cookiepath, $admincssfile)
{
$badcharacters=array('\'','<','>','&','=',' ');
foreach ($badcharacters as $badcharacter)
{
	if (preg_match("/[$badcharacter]/i", "$uname"))
	{ 
		SetCookie ( "uname", "");
		SetCookie ( "pword", "");

		print "<h1 class=backstage>Authentication Error!</h1><br />\n";

		print "Error: Invalid Login Details!<br /><br />";

		print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n";

		print "</center></div></div>\n";
		print "</div>\n";
		print "</div>\n";
		print "</body>\n";
		print "</html>\n";
		exit;
	}
} 


$query = "SELECT
		h.password as password,
		h.enabled as enabled
	FROM
		efed_handler as h
	WHERE
		h.login = '$uname' and
		h.fed_id = '$fedid'"; 
$result = mysql_query ($query); 
$num = mysql_numrows( $result );

if ($num != "1")
{
	SetCookie ( "uname", "");
	SetCookie ( "pword", "");

	print "<h1 class=backstage>Authentication Error!</h1><br />\n";

	print "Error: Invalid Username!<br /><br />";

	print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n";

	print "</center></div></div>\n";
	footercode();
	exit;
}

while ($row = mysql_fetch_assoc($result))
{
	$password=$row['password'];
	$enabled=$row['enabled'];
}

if ($pword != $password)
{
	SetCookie ( "uname", "");
	SetCookie ( "pword", "");

	print "<h1 class=backstage>Authentication Error!</h1><br />\n";

	print "Error: Invalid Password<br /><br />";

	print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n";

	print "</center></div>\n";
	footercode();
	exit;
}

if ($enabled == "0")
{
	SetCookie ( "uname", "");
	SetCookie ( "pword", "");

	print "<h1 class=backstage>Login Error!</h1><br />\n";

	print "Error: This Account has been deactivated. Please contact the site administrator.<br /><br />";

	print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n";

	print "</center></div>\n";
	footercode();
	exit;
}

SetCookie( "uname", $uname, 0, $cookiepath, $cookiedomain);
SetCookie( "pword", $pword, 0, $cookiepath, $cookiedomain);

// SetCookie( "uname", $uname, time()+1000000, $cookiepath, $cookiedomain);
// SetCookie( "pword", $pword, time()+1000000, $cookiepath, $cookiedomain);
}

Link to comment
https://forums.phpfreaks.com/topic/182737-wont-ever-match-db/
Share on other sites
Alex Advanced Member

Alex

Posted
Posted

Because you're using it in this query:

 

$query = "SELECT
		h.password as password,
		h.enabled as enabled
	FROM
		efed_handler as h
	WHERE
		h.login = '$uname' and
		h.fed_id = '$fedid'";

 

I also just realized that right under that query you're trying to use mysql_numrows(), which is a function that doesn't exist. It's mysql_num_rows. I suggest you put error_reporting(E_ALL); at the top of your file.

Link to comment
https://forums.phpfreaks.com/topic/182737-wont-ever-match-db/#findComment-964475
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

mysql_numrows() is an old depreciated alias of mysql_num_rows() and would have no direct bearing on the problem.

 

Please debug your code with error_reporting set to E_ALL and display_errors set to ON so that php will help you by displaying ALL the errors it detects.

 

Link to comment
https://forums.phpfreaks.com/topic/182737-wont-ever-match-db/#findComment-964498
Share on other sites
Xtremer360 Advanced Member

Xtremer360

Posted
  • Author
Posted

Okay nvm on it now. I got it to work however it's not loading the control panel. It loads the mainscreen and footercode functions from backstagefunctions.php but does not load the actual control panel with all the rest of the stuff.

Link to comment
https://forums.phpfreaks.com/topic/182737-wont-ever-match-db/#findComment-964500
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.