Jump to content

[SOLVED] Can log in with multiple accounts, but they all have the same name


trecool999

Recommended Posts

Ok, so I've got this problem where I can create a couple of accounts using my register form.

The thing is, when I log in they all come up with the same 'Hello, trecool999!' message even if they are different usernames and in the code it displays 'echo "Hello, ".$user."!"'
Link to comment
Share on other sites

[quote author=jesirose link=topic=124327.msg514894#msg514894 date=1169928332]
Where's the code where you define $user?
[/quote]

I meant show us the code, not show me the file where it runs. I can't help you without seeing the code.
Link to comment
Share on other sites

Ok.

Login HTML:

[code]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>PSPRock - Welcome!</title>
<style type="text/css">
<!--
#Layer1 {
position:absolute;
left:0;
top:1px;
width:100%;
height:180;
z-index:1;
background-image: url(Images/Site/Backdrop.jpg);
}
body {
background-color: #0099FF;
}
body,td,th {
font-family: Segoe UI;
color: #333333;
}
#Layer2 {
position:absolute;
left:1px;
top:210px;
width:224px;
height:456px;
z-index:2;
}
#Strip {
position:absolute;
left:0px;
top:182px;
width:100%;
height:27;
z-index:3;
background-image: url(Images/Site/StripMiddle.jpg);
}
#Layer3 {
position:absolute;
left:0px;
top:182px;
width:659px;
height:27px;
z-index:4;
}
.style1 {font-size: 14px}
.style2 {color: #666666}
.style3 {color: #333333}
-->
</style>
</head>

<body>
<div id="Layer1"><img src="Images/Site/Logo.jpg" width="700" height="180" /></div>
<div id="Layer2"></div>
<div id="Strip">
  <div align="right">
    <form action="authenticate.php" method="post">
      <span class="style1">Username:</span>
      <input type="text" name="username" size="10">
      <span class="style1">Password:</span>
      <input type="password" name="password" size="10">
<input type="submit" value="Log in" name="submit">
</form>
</div>
</div>
<div class="style1" id="Layer3"><span class="style2"><a href="index.html">Home</a> <span class="style3">-</span> Forums  <span class="style3"></span></span>- <span class="style2">Info</span></div>
</div>
</body>
</html>
[/code]

Login PHP:

[code]
<?php
//Begin PHP file authenticate.php

//Retrieve the data the form passed us. All form data passed to PHP
//will be in the super global array, $_REQUEST. This is automatically
//set for you by PHP (depending on version) You can also use
//$_POST or $_GET autoglobals, but for the sake of learning use the one
//below
$user = $_REQUEST['username'];//get username from form
$pass = $_REQUEST['password'];//get password from form

//Now strip away an potentially harmful code:
$user=strip_tags($user);
$pass=strip_tags($pass);

//To foil any possible attempts at SQL injection, do the following function
//$variable=str_replace("what to look for","what to replace it with",$what_variable_to_use);

//Now use the replace function on our variables
$user=str_replace(" ","",$user);//remove spaces from username
$pass=str_replace(" ","",$pass);//remove spaces from password
$user=str_replace("%20","",$user);//remove escaped spaces from username
$pass=str_replace("%20","",$pass);//remove escaped spaces from password



//And finally, add slashes to escape things like quotes and apostrophes
//because they can be used to hijack SQL statements!
//use the function, addslashes(), pretty self explanatory
$user=addslashes($user);//remove spaces from username
$pass=addslashes($pass);//remove spaces from password
//First, we need to connect to the server
//the format is $connection = mysql_connect("address","username","password");
$conn = mysql_connect("localhost","trecool999_user","*password*");

//now choose the database to use
mysql_select_db("trecool999_user");

//Remember how we encrypted the password in step 1? Well we do
//the same thing here. We stored the encrypted password
//so it couldn't be stolen, but to check what was entered as
//the password, we encrypt it, then check it against the
//encrypted password in the database. This is pretty standard.
//almost EVERY site is going to use a 32 character md5 hash or
//an 8 character cipher with a 2 character salt. Don't worry
//about what that means :)
$pass=md5($pass);

//the function md5 creates a unique 32 character string,
//no matter what the length of the data you encrypt!

//Search for a password  AND username match, then return a value
//of true if we get any results
$request = "SELECT * FROM users WHERE password='".$pass."' AND username='".$user."'";

//Pass the request to the mysql connection,
//and the data is returned in a blob and
//saved in $results
$results = mysql_query($request,$conn);


//if mysql returns any number of rows great than 0, we know we had a match,
//right? Right.
if(mysql_num_rows($results))//function returns true if any matches are found
{
    echo "Hello ".$user.", please wait to be redirected...";
$_SESSION['user'] = $user;
$_SESSION['auth'] = true;
}
else
{
echo "Connection failed, please try again.";
$_SESSION['auth'] = false;
}


//End PHP file authenticate.php
?>
[/code]

Register HTML:

[code]
<form action="signup.php" method="post">
  <p>Username:
    <input type="text" name="username" size="10">
    <br>
    Password: 
    <input type="password" name="password" size="10">
    <br>
    <input type="submit" value="submit" name="submit">
  </p>
  </form>
[/code]

Register PHP:

[code]
<?php
//Begin PHP file signup.php

//Retrieve the data the form passed us. All form data passed to PHP
//will be in the super global array, $_REQUEST. This is automatically
//set for you by PHP (depending on version) You can also use
//$_POST or $_GET autoglobals, but for the sake of learning use the one
//below
$user = $_REQUEST['username'];//get username from form
$pass = $_REQUEST['password'];//get password from form

//Now strip away an potentially harmful code:
$user=strip_tags($user);
$pass=strip_tags($pass);

//To foil any possible attempts at SQL injection, do the following function
//$variable=str_replace("what to look for","what to replace it with",$what_variable_to_use);

//Now use the replace function on our variables
$user=str_replace(" ","",$user);//remove spaces from username
$pass=str_replace(" ","",$pass);//remove spaces from password
$user=str_replace("%20","",$user);//remove escaped spaces from username
$pass=str_replace("%20","",$pass);//remove escaped spaces from password



//And finally, add slashes to escape things like quotes and apostrophes
//because they can be used to hijack SQL statements!
//use the function, addslashes(), pretty self explanatory
$user=addslashes($user);//remove spaces from username
$pass=addslashes($pass);//remove spaces from password


//Now, after all that replacing, see if the password or username less than the required length
//Note that it is good to require a minimum pass/user length to provide greater security
$min_len = 6;

if(strlen($user) < $min_len || strlen($pass) < $min_len)
{
die("User/password was not long enough!");//Kick us out of PHP
}
//First, we need to connect to the server
//the format is $connection = mysql_connect("address","username","password");
$conn = mysql_connect("localhost","trecool999_user","*password*");

//now choose the database to use
mysql_select_db("trecool999_user");

//encrypt the users password so it cannot be retrieved by anyone!
$pass=md5($pass);

//the function md5 creates a unique 32 character string,
//no matter what the length of the data you encrypt!

//Save the request in SQL syntax to a string
$request = "INSERT INTO users values(0,'".$user."','".$pass."')";

//Pass the request to the mysql connection,
//and the data is returned in a blob and
//saved in $results
$results = mysql_query($request,$conn);

if($results)
{
echo "User account created";
}
else
{
echo "There was an error. The user account was not created.";
}


//End PHP file signup.php
?>
[/code]

Someone help quickly! I only have 1 hour and 43 minutes til' I have to go to bed! 13 isn't the best age for going at late times  :-[.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.