Ahmedamer Posted September 3, 2014 Share Posted September 3, 2014 (edited) hey i was trying to make a new login system with member area the problem is that i wanted to add point system which i can add points manual to members by creating a new column called 'points' and add the following code to member area echo 'you got , '.$_SESSION['points']; but it didn`t work here is my member.php page any tip or advice would be helpful much appreciated ♥<?php session_start(); $user = $_SESSION['points']; //Connects to your Database mysql_connect("sql206.byethost15.com", "b15_15261909", "7076300") or die(mysql_error()); mysql_select_db("b15_15261909_logim") or die(mysql_error()); //checks cookies to make sure they are logged in if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: login.php"); } //otherwise they are shown the admin area else { echo "Admin Area<p>"; echo "Your Content<p>"; echo 'Welcome, '.$_SESSION['username']; echo 'you got 34, '.$_SESSION['points']; echo "<a href=logout.php>Logout</a>"; } } } else //if the cookie does not exist, they are taken to the login screen { header("Location: login.php"); } ?> my login.php page <?php session_start(); $_SESSION['points'] = $_POST['points']; include("dbconnect.php"); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: members.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: members.php"); } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> Edited September 3, 2014 by Ahmedamer Quote Link to comment Share on other sites More sharing options...
CroNiX Posted September 3, 2014 Share Posted September 3, 2014 (edited) please wrap your code in [ code][ /code] (remove spaces) tags so it's more readable by humans. Edited September 3, 2014 by CroNiX Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted September 3, 2014 Share Posted September 3, 2014 If those are your actual database credentials, now it's time to change them. Guys, please stop stealing crap code from the Internet. That stuff is at least 6 years old, and it's absolutely horrible. I wouldn't even call it code, it's actually malware waiting to be executed by unsuspecting newbies: Plaintext passwords stored in cookies? WTF? The SQL injection vulnerabilities can be used to steal arbitrary data or take over your entire server through the database system. The cross-site scripting vulnerabilities can be used to attack your users. The inevitable MD5 hashes are just laughable given the computing power of current hardware. The entire session code is broken beyond repair. And so on ... Would you download a random executable file and run it on your PC? No? Then don't download random PHP code and run it on your server. C'mon, you can do better than this. With a little brainpower from you and help from us, I'm sure you can write your own, sane code. Quote Link to comment Share on other sites More sharing options...
Ahmedamer Posted September 3, 2014 Author Share Posted September 3, 2014 (edited) That`s because i`m totally new to php and mysql and i googled the internet for working codes and finally was able to make the run probably if you can give me a login script that would be helpful Edited September 3, 2014 by Ahmedamer Quote Link to comment Share on other sites More sharing options...
Ahmedamer Posted September 3, 2014 Author Share Posted September 3, 2014 if you can help me creating a new login script that would be much appreciated at least some info about the variables or giving me a login script that would be helpful Thanks ♥ Quote Link to comment Share on other sites More sharing options...
Ahmedamer Posted September 3, 2014 Author Share Posted September 3, 2014 up :/ Quote Link to comment Share on other sites More sharing options...
Strider64 Posted September 3, 2014 Share Posted September 3, 2014 (edited) Look at my signature below for a login/registration script....I really hate tooting my own horn. You can even find it in mysqli or PDO format, I personally would recommend the PDO tutorial for that's one I'm most comfortable with. Edited September 3, 2014 by Strider64 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.