WAMFT1 Posted October 8, 2015 Share Posted October 8, 2015 Hi There I am trying to create a login screen within a framed site that when you log in it takes you to a new page for the portal. When I enter the login credentials the frame I am working in goes blank and does not take me to the portal. Can someone please help me out with the coding I have. The coding itself has 2 parts... 1) login and 2) if already logged in gives you a button to open to portal. <? if(isset($_POST['submit'])){ //protect the posted value then store them to variables $Username = protect($_POST['Username']); $Password = protect(sha1($_POST['Password'])); //Check if the username or password boxes were not filled in if(!$Username || !$Password){ //if not display an error message echo "<center>Please enter your <b>Username</b> and <b>Password</b>!</center>"; }else{ //if the were continue checking //select all rows from the table where the username matches the one entered by the user $res = mysql_query("SELECT * FROM `eusers` WHERE `Username` = '".$Username."'"); $num = mysql_num_rows($res); //check if there was not a match if($num == 0){ //if not display an error message echo "<center>The <b>Username</b> or <b>Password</b> you supplied is incorrect!</center>"; }else{ //if there was a match continue checking //select all rows where the username and password match the ones submitted by the user $res = mysql_query("SELECT * FROM `eusers` WHERE `Username` = '".$Username."' AND `Password` = '".$Password."'"); $num = mysql_num_rows($res); //check if there was not a match if($num == 0){ //if not display error message echo "<center>The <b>Username</b> or <b>Password</b> you supplied is incorrect!</center>"; }else{ //if there was continue checking //split all fields fom the correct row into an associative array $row = mysql_fetch_assoc($res); //check to see if the user has not activated their account yet if($row['Active'] != 1){ //if not display error message echo "<center>Your login has been <b>deactivated</b>, Please contact Website Administrator for assistance.</center>"; }else{ //if they have log them in //set the login session storing there id - we use this to see if they are logged in or not $_SESSION['uid'] = $row['id']; //show message echo "<center>You have successfully logged in!</center>"; //update the online field to 50 seconds into the future $time = date('U')+50; mysql_query("UPDATE `eusers` SET `Online` = '".$time."' WHERE `id` = '".$_SESSION['uid']."'"); //redirect them to the usersonline page echo"<a target=\'_blank\" href='portal/index2.php'></a>";?> <?php if(isset($_POST['submit2'])){ //update the online field to 50 seconds into the future $time = date('U')+50; mysql_query("UPDATE `eusers` SET `Online` = '".$time."' WHERE `id` = '".$_SESSION['uid']."'"); //redirect them to the usersonline page echo"<script type='text/javascript' language='Javascript'>window.open('portal/index2.php');</script>";}}}}}}?> <?php include "portal/edb.php"; //if the login session does not exist therefore meaning the user is not logged in if(strcmp($_SESSION['uid'],"") == 0){ //display and error message echo "<form name='main.php' method='post' action=''> <table bgcolor='#FFFFFF' width='320' border='0' align='center' cellpadding='0' cellspacing='0'> <tr> <td ><table border='0' align='center' cellpadding='2' cellspacing='0' class='page-border'> <tr><td colspan='2' class='text_heading_center'>Portal</td> </tr> <tr> <td width='100' class='text_standard_right'>Username:</td> <td width='150' class='text_standard_right'><input name='Username' type='text' class='text_standard_left' /></td> </tr> <tr> <td class='text_standard_right'>Password:</td> <td class='text_standard_right'><input name='Password' type='password' class='text_standard_left' /></td> </tr> <tr> <td height='29' colspan='2' align='right'><input type='submit' name='submit' value='Login' /></td> </tr> </table>"; }else{ $time = date('U')+50; $update = mysql_query("UPDATE `eusers` SET `Online` = '".$time."' WHERE `id` = '".$_SESSION['uid']."'"); $id =$_REQUEST['id']; $result=mysql_query("SELECT * FROM `eusers` WHERE id='".$_SESSION['uid']."'"); print"<form name='main.php' method='post' action=''>"; print"<br/>"; print"You are already logged into the Portal"; print"<br/>"; print"Click here to return the the Portal"; print"<br/>"; print"<input name='submit2' type='button' value='Return to Portal' />"; print"</form>"; }?> Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 8, 2015 Share Posted October 8, 2015 (edited) The coding you have is obsolete and will not work at all in the latest version of Php. You need to us PDO or Mysqli. Besides that, your flow is a mess. Why are you checking the login info twice? Edited October 8, 2015 by benanamen Quote Link to comment Share on other sites More sharing options...
seandisanti Posted October 8, 2015 Share Posted October 8, 2015 Benanamen beat me to it. I would say to go with pdo http://php.net/pdo https://www.youtube.com/watch?v=dF8hoPj-1bc is a good quick video to help explain it. Once that's done, you should attack your issue in the opposite order. #2 first, and then #1. It will be easiest to code your login bypass if you're able to assume that the user is already logged in, and once that's done and you begin working on the login, you'll know when it's working because it'll send you through via the passthrough you will already know works. Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted October 8, 2015 Share Posted October 8, 2015 I agree with the others, nothing you have there is current or secure. Time to rewrite this script, a lot of users would be mad if they knew what they were signing into. Look into password_hash and password_verify. Not sure what your protect function does, always escape input for your queries. Use mysqli_real_escape_string with mysqli or pdo and prepared statements Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.