blong4life Posted December 27, 2006 Share Posted December 27, 2006 So I am designing an arcade script for my new website, and am having a problem with this script:[code=php:0]<?phpsession_start();ob_start();include("config.php");?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Login - Admin Panel - Brandon's Games</title> </head><body><?phpif (!isset($_GET['action'])) { echo '<div align="center"> <p>Please login below to continue to the admin panel.</p> <form id="login" name="login" method="post" action="login.php?action=login"> <label>Username <input name="username" type="text" id="username" /> </label> <br /> <label>Password <input name="password" type="password" id="password" /> </label> <br /> <label> <input type="submit" name="Submit" value="Submit" /> </label> </form> ';} $error = $_GET['error']; if (isset($_GET['error'])){ if (($error) == '1'){ echo '<p><font color="red">You are not an administrator. Please login <a href="http://www.brandonsgames.com/login.php">here</a>.</font></p>'; }elseif (($error) == '2'){ echo '<p><font color="red">You have entered an invalid password. Please try logging in again.</font></p>'; }elseif (($error) == '3'){ echo '<p><font color="red">You are a moderator. Please login to the moderator control panel <a href="http://moderator.brandonsgames.com/login.php">here</a>.</font></p>'; }elseif (($error) == '4'){ echo '<p><font color="red">You never attempted to login. Please fill out the above form fully and try again.</font></p>'; }elseif (($error) == '5'){ echo '<p><font color="red">You didnt enter a username/password. Please fill out the above form fully and try again.</font></p>'; }elseif (($error) == '6'){ echo '<p><font color="red">Username dosnt exist.</font></p>'; }else{ echo 'That is not a valid error.'; } echo '</div>'; }if (isset($_GET['action'])){ if ($_GET['action'] == 'login') { $username = $_POST['username']; $password = $_POST['password']; if (($username) OR ($password) != '') { $userbase = mysql_query("SELECT * FROM `users` WHERE `username` ='$username'"); $num = mysql_num_rows($userbase); if ((num) == '0'){ header("Location: http://admin.brandonsgames.com/login.php?error=6"); }else{ $user = mysql_fetch_array($userbase); $userpass = $user['password']; $usergroup = $user['usergroup']; if ((password) == $userpass){ if (($usergroup) == 'admin'){ ($_SESSION['username']) == ($user['username']); ($_SESSION['userid']) == ($user['userid']); ($_SESSION['adminloggedin']) == ('true'); header("Location: http://admin.brandonsgames.com/index.php"); }elseif (($usergroup) == 'moderator'){ header("Location: http://admin.brandonsgames.com/login.php?error=3"); }elseif (($usergroup) == 'member' OR 'vip'){ header("Location: http://admin.brandonsgames.com/login.php?error=1"); }else{ echo 'You are not in a valid usergroup'; } } } } }else{ header("Location: http://admin.brandonsgames.com/login.php?error=5"); } }?></body></html><?phpob_end_flush();?> [/code]Sometimes it shows blank, sometimes it will go to error=5 saying i didnt enter information when I did.The rest of the time itll load but the session wont save...any ideas on prob, ive been trying to fix this scripts all day, had 2 people help me but nothing. Link to comment https://forums.phpfreaks.com/topic/31991-solved-script-problem/ Share on other sites More sharing options...
trq Posted December 27, 2006 Share Posted December 27, 2006 A few problems. For starters, integers should not be wrapped in quotes, so this...[code=php:0]if (($error) == '1'){[/code]and all others should be....[code=php:0]if (($error) == 1){[/code]The next prblem I see is that your checking to see if the username has been submitted OR the password is empty. This line just doesnt make sense.[code=php:0]if (($username) OR ($password) == '') {[/code]Should probably be...[code=php:0]if (isset($username) && (isset($password)) {[/code]Then... if you want your users to validate via a password you really need to use it within your query. eg;[code=php:0]"SELECT * FROM `users` WHERE `username` ='$username' && `password` = '$password'"[/code] Link to comment https://forums.phpfreaks.com/topic/31991-solved-script-problem/#findComment-148470 Share on other sites More sharing options...
blong4life Posted December 27, 2006 Author Share Posted December 27, 2006 Thanks...i also noticed md5() wasnt wrapping password, its working better now Link to comment https://forums.phpfreaks.com/topic/31991-solved-script-problem/#findComment-148506 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.