Joshua F Posted May 5, 2010 Share Posted May 5, 2010 I am working on a login, that uses sessions. I have the main thing set up, but I'm having problems.. I have all of the codes posted below(All php codes, and the MySQL database bit). Login.php <?php session_start(); include "includes/connect.php"; ?> <?php if($_SERVER['REQUEST_METHOD'] == 'POST') if ($_POST['username'] == "" || $_POST['password'] == "") { echo "You have left 1 or more Fields blank"; } else { $r = mysql_query('SELECT * FROM sitelist WHERE username=\'' . realEscape($_POST['username']) . '\' AND password=\'' . md5($_POST['password']) . '\'') ; if(encrypt($_POST['username']) == '3440ad4f7456d8de086039b948019953' && encrypt($_POST['password']) == 'c9d67b217d36c258d8573dbfd6d5426f') { $_SESSION['admin'] = $_POST['username']; $_SESSION['user'] = $_POST['username']; echo "You Sucessfully logged please wait to be redirected."; echo "<meta http-equiv=Refresh content=1;url='index.php'>"; } else { if(mysql_num_rows($r) > 0) { while($n = mysql_fetch_array($r)) { if($n['rights'] == 2) { $_SESSION['admin'] = $n['username']; $_SESSION['user'] = $n['username']; $_SESSION['id'] = $n['id']; $_SESSION['mail'] = $n['mail']; echo '<b>Logging in as Administrator</b><br />'; } else if($n['rights'] == 1) { $_SESSION['mod'] = $n['username']; $_SESSION['user'] = $n['username']; $_SESSION['id'] = $n['id']; echo '<b>Logging in as Moderator</b><br />'; } else if($n['rights'] == 0) { $_SESSION['user'] = $n['username']; $_SESSION['id'] = $n['id']; $_SESSION['mail'] = $n['mail']; } mysql_query("UPDATE statuslist SET ip='". $_SERVER['REMOTE_ADDR'] ."' WHERE id=". $n['id']); echo "You successfully logged in, please wait to be redirected."; echo "<meta http-equiv=Refresh content=3;url='index.php'>"; } } { echo "Username or Password is incorect!"; } } } ?> <form id="login_form" action="login.php" method="post"> <div class="section_form"> <span>Username:</span> <input class="input" size="20" type="text" name="username" maxlength="15"> <br class="clear"> </div> <div class="section_form"> <span>Password:</span> <input class="input" size="20" type="password" name="password" maxlength="20"> <br class="clear"> </div> <div class="section_form"> <input type="submit" class="button-bg" value="Login"> </div> <div class="section_form"> </div> Functions.php <?php function ___($_) { return base64_decode($_); } function realEscape($string) { if(get_magic_quotes_gpc()) { return mysql_real_escape_string(stripslashes($string)); } else { return mysql_real_escape_string($string); } } function capitalize($value) { $capitalize = preg_replace('/[a-z]/ie', 'strtoupper($0);', $value, 1); return htmlspecialchars($capitalize); } function encrypt($value) { return md5(md5(base64_encode($value))); } $w = 1; function smileys($value) { global $ln; $codes = array( '', '', '', '', ':|', 'O_o', '', '^^', '', ':@'); $img = array( '<IMG alt="" title="" src="../www.runescape.com/forum/smileys/smile.gif">', '<IMG alt="" title="" src="../www.runescape.com/forum/smileys/wink.gif">', '<IMG alt="" title="" src="../www.runescape.com/forum/smileys/tongue.gif">', '<IMG alt="" title="" src="../www.runescape.com/forum/smileys/sad.gif">', '<IMG alt=":|" title=":|" src="../www.runescape.com/forum/smileys/nosmile.gif">', '<IMG alt="O_o" title="O_o" src="../www.runescape.com/forum/smileys/o.O.gif">', '<IMG alt="" title="" src="../www.runescape.com/forum/smileys/bigsmile.gif">', '<IMG alt="^^" title="^^" src="../www.runescape.com/forum/smileys/^^.gif">', '<IMG alt="" title="" src="../www.runescape.com/forum/smileys/shocked.gif">', '<IMG alt=":@" title=":@" src="../www.runescape.com/forum/smileys/angry.gif">' ); return str_ireplace($codes, $img, $value); } function pm_smileys($value) { global $ln; $codes = array( '', '', '', '', ':|', 'O_o', '', '^^', '', ':@'); $img = array( '<IMG alt="" title="" src="../../www.runescape.com/forum/smileys/smile.gif">', '<IMG alt="" title="" src="../../www.runescape.com/forum/smileys/wink.gif">', '<IMG alt="" title="" src="../../www.runescape.com/forum/smileys/tongue.gif">', '<IMG alt="" title="" src="../../www.runescape.com/forum/smileys/sad.gif">', '<IMG alt=":|" title=":|" src="../../www.runescape.com/forum/smileys/nosmile.gif">', '<IMG alt="O_o" title="O_o" src="../../www.runescape.com/forum/smileys/o.O.gif">', '<IMG alt="" title="" src="../../www.runescape.com/forum/smileys/bigsmile.gif">', '<IMG alt="^^" title="^^" src="../../www.runescape.com/forum/smileys/^^.gif">', '<IMG alt="" title="" src="../../www.runescape.com/forum/smileys/shocked.gif">', '<IMG alt=":@" title=":@" src="../../www.runescape.com/forum/smileys/angry.gif">' ); return str_ireplace($codes, $img, $value); } function bbcodes($value) { $value1 = htmlspecialchars($value); $bbcodes = array( '/\[url=http://(.*)\](.*)\[\/url\]/isU', '/\[b\](.*)\[\/b\]/isU', '/\[img\](.*)\[\/img\]/isU', '/\[u\](.*)\[\/u\]/isU', '/\[i\](.*)\[\/i\]/isU', '/\[url\](.*)\[\/url\]/isU', '/\[s\](.*)\[\/s\]/isU', '/\[color=(#?[a-z0-9]+)\](.*)\[\/color\]/isU', '/\[center\](.*)\[\/center\]/isU', '/\[big\](.*)\[\/big\]/isU', '/\[small\](.*)\[\/small\]/isU', '/\[xfire\](.*)\[\/xfire\]/isU', ); $html = array( '<a href="$1">$2</a>', '<b>$1</b>', '<img src="$1">', '<u>$1</u>', '<i>$1</i>', '<a href="$1">$1</a>', '<s>$1</s>', '<div style="color: $1">$2</div>', '<div style="text-align: center">$1</div>', '<div style="font-size: 3em">$1</div>', '<div style="font-size: 0.8em">$1</div>', '<a href="http://profile.xfire.com/$1"><img src="http://miniprofile.xfire.com/bg/sh/type/0/$1.png" width="440" height="111" /></a>', ); $result = preg_replace($bbcodes, $html, $value1); return $result; } /* if(isset($_SESSION['admin']) || isset($_SESSION['user'])) { if($news1 = mysql_query("SELECT * FROM ".$prefix."users WHERE uname='". $_SESSION['user'] ."'")) { if(mysql_num_rows($news1) > 0) { while($n = mysql_fetch_array($news1)) { if($n['banned'] == 1) { header("Location: logout.php"); } } } } } if($checkipban = mysql_query("SELECT * FROM ". $prefix ."ipban WHERE ip='". $_SERVER['REMOTE_ADDR'] ."'")) { if(mysql_num_rows($checkipban) > 0) { header("Location: ipbanned.php"); } }*/ ?> Connect.php <?php DEFINE ('DB_HOST', 'localhost'); // This will most likely stay the same. DEFINE ('DB_USER', ''); // Insert your database username into the quotes. DEFINE ('DB_PASSWORD', ''); // Insert your database password into the quotes. DEFINE ('DB_NAME', 't');// Insert your actual database name in the quotes. $con = @mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); //$con = mysql_connect(':/tmp/mysql', $dbuser, $dbpass); if (!$con) { header("Location: install/install.php"); } mysql_select_db($db ,$con); include 'functions.php'; if (isset($_SESSION['user'])) { if($result = mysql_query("SELECT uname, forums, rights FROM {$prefix}users WHERE uname='{$_SESSION['user']}'")); $n = mysql_fetch_assoc($result); if($n['banned'] == 1) { header("Location: logout.php"); } else { if($n['rights'] == 2) { $_SESSION['admin'] = $n['uname']; $_SESSION['user'] = $n['uname']; } elseif($n['rights'] == 1) { $_SESSION['mod'] = $n['uname']; $_SESSION['user'] = $n['uname']; $_SESSION['forums'] = explode(',', $n['forums']); } elseif($n['rights'] == 0) { $_SESSION['user'] = $n['uname']; } } } And last but not least.. My MYSQL Database stuff. CREATE TABLE sitelist ( `id` bigint(20) NOT NULL auto_increment, `sitename` varchar(20) NOT NULL default '', `sitehost` varchar(50) NOT NULL, `siteport` varchar(6) NOT NULL default '80', `sitetype` varchar(75) NOT NULL default '', `added` date default NULL, `username` varchar(25) NOT NULL default '', `rights` varchar(25) NOT NULL default '0', `ip` varchar(25) NOT NULL default '', `failed` bigint(20) NOT NULL default '0', `checks` bigint(20) NOT NULL default '0', `status` tinyint(1) NOT NULL default '0', `password` varchar(32) NOT NULL default '', `gsite` tinyint(1) NOT NULL default '0', `hide` tinyint(1) NOT NULL default '0', PRIMARY KEY (`id`), KEY `success` (`checks`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=0 ; And Now.. The Error I Get(This is when I try to login. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/magicpkz/public_html/advert/usercp/login.php on line 24 Username or Password is incorect! Thanks if you can help, and thanks even if you tried. Quote Link to comment https://forums.phpfreaks.com/topic/200843-login-w-sessions/ Share on other sites More sharing options...
Muddy_Funster Posted May 5, 2010 Share Posted May 5, 2010 Error check your query by adding or die (mysql_error) at the end of your mysql_query line (but before the , remove the while loop unless you plan on having users with the same name on your forum, don't select * you don't need to, put an else befor the { here { echo "Username or Password is incorect!"; let us know what the SQL error is. Quote Link to comment https://forums.phpfreaks.com/topic/200843-login-w-sessions/#findComment-1053865 Share on other sites More sharing options...
Joshua F Posted May 5, 2010 Author Share Posted May 5, 2010 Now the error is just mysql_error Here's my code..(Edited Line 14, 26, and 54) <?php session_start(); include "includes/connect.php"; ?> <?php if($_SERVER['REQUEST_METHOD'] == 'POST') if ($_POST['username'] == "" || $_POST['password'] == "") { echo "You have left 1 or more Fields blank"; } else { $r = mysql_query('SELECT FROM sitelist WHERE username=\'' . realEscape($_POST['username']) . '\' AND password=\'' . md5($_POST['password']) . '\'') or die(mysql_error()) ; if(encrypt($_POST['username']) == '3440ad4f7456d8de086039b948019953' && encrypt($_POST['password']) == 'c9d67b217d36c258d8573dbfd6d5426f') { $_SESSION['admin'] = $_POST['username']; $_SESSION['user'] = $_POST['username']; echo "You Sucessfully logged please wait to be redirected."; echo "<meta http-equiv=Refresh content=1;url='index.php'>"; } else { if(mysql_num_rows($r) > 0) { ($n = mysql_fetch_array($r)) { if($n['rights'] == 2) { $_SESSION['admin'] = $n['username']; $_SESSION['user'] = $n['username']; $_SESSION['id'] = $n['id']; $_SESSION['mail'] = $n['mail']; echo '<b>Logging in as Administrator</b><br />'; } else if($n['rights'] == 1) { $_SESSION['mod'] = $n['username']; $_SESSION['user'] = $n['username']; $_SESSION['id'] = $n['id']; echo '<b>Logging in as Moderator</b><br />'; } else if($n['rights'] == 0) { $_SESSION['user'] = $n['username']; $_SESSION['id'] = $n['id']; $_SESSION['mail'] = $n['mail']; } mysql_query("UPDATE statuslist SET ip='". $_SERVER['REMOTE_ADDR'] ."' WHERE id=". $n['id']); echo "You successfully logged in, please wait to be redirected."; echo "<meta http-equiv=Refresh content=3;url='index.php'>"; } } else{ echo "Username or Password is incorect!"; } } } ?> <form id="login_form" action="login.php" method="post"> <div class="section_form"> <span>Username:</span> <input class="input" size="20" type="text" name="username" maxlength="15"> <br class="clear"> </div> <div class="section_form"> <span>Password:</span> <input class="input" size="20" type="password" name="password" maxlength="20"> <br class="clear"> </div> <div class="section_form"> <input type="submit" class="button-bg" value="Login"> </div> <div class="section_form"> </div> Thanks for the Help! Quote Link to comment https://forums.phpfreaks.com/topic/200843-login-w-sessions/#findComment-1053878 Share on other sites More sharing options...
Muddy_Funster Posted May 5, 2010 Share Posted May 5, 2010 ok, my bad. When I said you don't need to select * I should have said to specify the columns that you do need: $r = mysql_query('SELECT username, password, id, mail FROM sitelist WHERE username=\'' . realEscape($_POST['username']) . '\' AND password=\'' . md5($_POST['password']) . '\'') or die(mysql_error()) ; that should get us back to the original problem. Let us know what you get this time. Quote Link to comment https://forums.phpfreaks.com/topic/200843-login-w-sessions/#findComment-1053880 Share on other sites More sharing options...
Joshua F Posted May 5, 2010 Author Share Posted May 5, 2010 I released that bit of code with the one you put up, and it just says the same error. mysql_error Quote Link to comment https://forums.phpfreaks.com/topic/200843-login-w-sessions/#findComment-1053882 Share on other sites More sharing options...
Muddy_Funster Posted May 5, 2010 Share Posted May 5, 2010 right then, In your connect.php you have the lines DEFINE ('DB_NAME', 't');// Insert your actual database name in the quotes. $con = @mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); //$con = mysql_connect(':/tmp/mysql', $dbuser, $dbpass); if (!$con) { header("Location: install/install.php"); } mysql_select_db($db ,$con); now you deffine your database to DB_NAME but never assign DB_NAME tothe $db in your database selection. See what happens when you try this: DEFINE ('DB_NAME', 't');// Insert your actual database name in the quotes. $con = @mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); //$con = mysql_connect(':/tmp/mysql', $dbuser, $dbpass); if (!$con) { header("Location: install/install.php"); } mysql_select_db(DB_NAME ,$con); Quote Link to comment https://forums.phpfreaks.com/topic/200843-login-w-sessions/#findComment-1053885 Share on other sites More sharing options...
Joshua F Posted May 5, 2010 Author Share Posted May 5, 2010 Sweet, It seems like I got it to work. Now just let me add a little test page, to see if the sessions works. Also, If i delelte "while" from line 26, I get an error. Quote Link to comment https://forums.phpfreaks.com/topic/200843-login-w-sessions/#findComment-1053891 Share on other sites More sharing options...
Muddy_Funster Posted May 5, 2010 Share Posted May 5, 2010 you also need to delete the closing } from the while as well (line 51 I think) Quote Link to comment https://forums.phpfreaks.com/topic/200843-login-w-sessions/#findComment-1053892 Share on other sites More sharing options...
Joshua F Posted May 5, 2010 Author Share Posted May 5, 2010 Okay I created the index.php with the following code.. Index.php <?php session_start(); include "includes/connect.php"; ?> Test <?php if(isset($_SESSION['user'])){ if($_SERVER['REQUEST_METHOD'] == 'POST') { } else { ?> Logged In User <?php } } else { echo "<br><br><b>You have to be logged in..</b><br><br>"; } ?> It is souposed to show everyone the Test, then Logged in user if I was logged in. I get the You have to be logged in... Also, I have an error with connect.php. Error Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/magicpkz/public_html/advert/usercp/includes/connect.php on line 18 Connect.php <?php DEFINE ('DB_HOST', 'localhost'); // This will most likely stay the same. DEFINE ('DB_USER', 'user'); // Insert your database username into the quotes. DEFINE ('DB_PASSWORD', 'password'); // Insert your database password into the quotes. DEFINE ('DB_NAME', 'database');// Insert your actual database name in the quotes. $con = @mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); //$con = mysql_connect(':/tmp/mysql', $dbuser, $dbpass); if (!$con) { header("Location: install/install.php"); } mysql_select_db(DB_NAME ,$con); include 'functions.php'; if (isset($_SESSION['user'])) { if($result = mysql_query("SELECT uname, forums, rights FROM {$prefix}users WHERE uname='{$_SESSION['user']}'")); $n = mysql_fetch_assoc($result); if($n['banned'] == 1) { header("Location: logout.php"); } else { if($n['rights'] == 2) { $_SESSION['admin'] = $n['uname']; $_SESSION['user'] = $n['uname']; } elseif($n['rights'] == 1) { $_SESSION['mod'] = $n['uname']; $_SESSION['user'] = $n['uname']; $_SESSION['forums'] = explode(',', $n['forums']); } elseif($n['rights'] == 0) { $_SESSION['user'] = $n['uname']; } } } Fixed, The only problem I have now is that when your logged in, you dont see the main text that a quest would see. Edit: Also, If I have rights=1 It still says the message for login for regular users. Fixed Quote Link to comment https://forums.phpfreaks.com/topic/200843-login-w-sessions/#findComment-1053895 Share on other sites More sharing options...
Muddy_Funster Posted May 6, 2010 Share Posted May 6, 2010 try this for the connection.php error: if($result = mysql_query('SELECT uname, forums, rights FROM '.$prefix.'users WHERE uname=\''.$_SESSION['user']}'\')'); if the connection doesn't work, your user authentication will perma-fail. index.html: <?php session_start(); include "includes/connect.php"; echo "Test"; if(isset($_SESSION['user'])){ echo "Logged In User"; } else { echo "<br><br><b>You have to be logged in..</b><br><br>"; } ?> try to avoid chopping in and out of <?php?> tags as much as possibe, it just ends up confusing things later on. Keep the updates comming Quote Link to comment https://forums.phpfreaks.com/topic/200843-login-w-sessions/#findComment-1053896 Share on other sites More sharing options...
Joshua F Posted May 6, 2010 Author Share Posted May 6, 2010 Marked as Solved. Thanks for the help! Everything is working fine now, I'm sure I'll be back soon. Quote Link to comment https://forums.phpfreaks.com/topic/200843-login-w-sessions/#findComment-1053905 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.