need help member area

[Ahmedamer]

hey i was trying to make a new login system with member area the problem is that i wanted to add point system which i can add points manual to members by creating a new column called 'points' and add the following code to member area echo 'you got , '.$_SESSION['points']; but it didn`t work here is my member.php page any tip or advice would be helpful much appreciated ♥

<?php 

session_start();

$user = $_SESSION['points'];

 

 

//Connects to your Database 

 mysql_connect("sql206.byethost15.com", "b15_15261909", "7076300") or die(mysql_error()); 

 mysql_select_db("b15_15261909_logim") or die(mysql_error()); 

 

 

 //checks cookies to make sure they are logged in 

 

 if(isset($_COOKIE['ID_my_site'])) 

 

 { 

 

  $username = $_COOKIE['ID_my_site']; 

 

  $pass = $_COOKIE['Key_my_site']; 

 

  $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); 

 

  while($info = mysql_fetch_array( $check ))

 

  { 

 

 

 

 //if the cookie has the wrong password, they are taken to the login page 

 

  if ($pass != $info['password']) 

 

  { header("Location: login.php"); 

 

  } 

 

 

 

 //otherwise they are shown the admin area

 

  else 

 

  { 

 

  echo "Admin Area<p>"; 

 

 echo "Your Content<p>"; 

echo 'Welcome, '.$_SESSION['username']; 

echo 'you got 34, '.$_SESSION['points'];

 

 echo "<a href=logout.php>Logout</a>"; 

 

  } 

 

  } 

 

  } 

 

 else 

 

 

 

 //if the cookie does not exist, they are taken to the login screen 

 

 {

 

 header("Location: login.php"); 

 

 } 

 

 ?> 

my login.php page 

<?php 

session_start();

$_SESSION['points'] = $_POST['points'];

 

 

 

include("dbconnect.php");

 

 

 //Checks if there is a login cookie

 if(isset($_COOKIE['ID_my_site']))

 

 

 //if there is, it logs you in and directes you to the members page

 { 

  $username = $_COOKIE['ID_my_site']; 

 

  $pass = $_COOKIE['Key_my_site'];

 

  $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

 

  while($info = mysql_fetch_array( $check ))

 

  {

 

  if ($pass != $info['password']) 

 

  {

 

  }

 

  else

 

  {

 

  header("Location: members.php");

 

 

 

  }

 

  }

 

 }

 

 

 

 //if the login form is submitted 

 

 if (isset($_POST['submit'])) { // if form has been submitted

 

 

 

 // makes sure they filled it in

 

  if(!$_POST['username'] | !$_POST['pass']) {

 

  die('You did not fill in a required field.');

 

  }

 

  // checks it against the database

 

 

 

  if (!get_magic_quotes_gpc()) {

 

  $_POST['email'] = addslashes($_POST['email']);

 

  }

 

  $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

 

 

 

 //Gives error if user dosen't exist

 

 $check2 = mysql_num_rows($check);

 

 if ($check2 == 0) {

 

  die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');

 

  }

 

 while($info = mysql_fetch_array( $check ))

 

 {

 

 $_POST['pass'] = stripslashes($_POST['pass']);

 

  $info['password'] = stripslashes($info['password']);

 

  $_POST['pass'] = md5($_POST['pass']);

 

 

 

 //gives error if the password is wrong

 

  if ($_POST['pass'] != $info['password']) {

 

  die('Incorrect password, please try again.');

 

  }

 else 

 

 { 

 

 

 // if login is ok then we add a cookie 

 

$_POST['username'] = stripslashes($_POST['username']); 

$hour = time() + 3600; 

setcookie(ID_my_site, $_POST['username'], $hour); 

setcookie(Key_my_site, $_POST['pass'], $hour);

 

//then redirect them to the members area 

header("Location: members.php"); 

 } 

} 

} 

 

else 

 

{

 

 

 

 // if they are not logged in 

 

 ?> 

 

 <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 

 

 <table border="0"> 

 

 <tr><td colspan=2><h1>Login</h1></td></tr> 

 

 <tr><td>Username:</td><td> 

 

 <input type="text" name="username" maxlength="40"> 

 

 </td></tr> 

 

 <tr><td>Password:</td><td> 

 

 <input type="password" name="pass" maxlength="50"> 

 

 </td></tr> 

 

 <tr><td colspan="2" align="right"> 

 

 <input type="submit" name="submit" value="Login"> 

 

 </td></tr> 

 

 </table> 

 

 </form> 

 

 <?php 

 

 } 

 

 

 

 ?> 

 

[CroNiX]

please wrap your code in [ code][ /code] (remove spaces) tags so it's more readable by humans.

[Jacques1]

If those are your actual database credentials, now it's time to change them.

 

Guys, please stop stealing crap code from the Internet. That stuff is at least 6 years old, and it's absolutely horrible. I wouldn't even call it code, it's actually malware waiting to be executed by unsuspecting newbies:

• Plaintext passwords stored in cookies? WTF?
• The SQL injection vulnerabilities can be used to steal arbitrary data or take over your entire server through the database system.
• The cross-site scripting vulnerabilities can be used to attack your users.
• The inevitable MD5 hashes are just laughable given the computing power of current hardware.
• The entire session code is broken beyond repair.
• And so on ...

Would you download a random executable file and run it on your PC? No? Then don't download random PHP code and run it on your server.

 

C'mon, you can do better than this. With a little brainpower from you and help from us, I'm sure you can write your own, sane code.

[Ahmedamer]

That`s because i`m totally new to php and mysql and i googled the internet for working codes and finally was able to make the run probably if you can give me a login script that would be helpful 

[Ahmedamer]

 if you can help me creating a new login script that would be much appreciated at least some info about the  variables  or giving  me a login script that would be helpful Thanks ♥

[Ahmedamer]

up :/

[Strider64]

Look at my signature below for a login/registration script....I really hate tooting my own horn.  You can even find it in mysqli or PDO format, I personally would recommend the PDO tutorial for that's one I'm most comfortable with.