Question about php script

[44justin]

hallo everybody

 

i have a problem with my php script i bought 1 week ago

 

the login system doesn't work fine

 

registeren- works fine  the files are correctly write into te database.

but when someone whants to login its not possible he sais the username and password dont maths.

 

this is the login file

 

<?php

ob_start();

$tit = 'Inloggen op Partybox4u.com';

$loc1 = 'Inloggen';

include("top.php");

 

if(isset($_POST['submit']))

{

$query_login = mysql_query("SELECT id, geactiveerd, status FROM leden WHERE gebruikersnaam ='". $_POST['username'] ."' && wachtwoord='". md5(strtolower($_POST['wachtwoord'])) ."'") or die(mysql_error());

$check = mysql_num_rows($query_login);

     

while($list = mysql_fetch_array($query_login))

  {

$geactiveerd = $list['geactiveerd'];

$gebruikersid = $list['id'];

$status = $list['status'];

}

       

if(empty($_POST['username']) || empty($_POST['wachtwoord']))

{

error("Vul een gebruikersnaam en wachtwoord in! Verander dit!","0");

}

elseif($check == "0")

{

error("De opgegeven gebruikersnaam en wachtwoord komen niet overeen! Verander dit!","0");

}

elseif($geactiveerd != "1")

{

error('Je account is nog niet geactiveerd. Activeer je account door op de link te klikken die in je activeringsmailtje staat. Als je geen mailtje hebt ontvangen neem dan contact met ons op! <a href="algemeen/contact.php">Klik daarvoor hier</a>!',"0");

}

elseif($status == "9")

{

error('Deze account is gebanned! Neem contact met ons op om je te laten unbannen! <a href="algemeen/contact.php">Klik daarvoor hier</a>!',"0");

}

else

{

$menu = "0";

$menu2 = "0";

 

$_SESSION['id'] = $gebruikersid;

$_SESSION['naam'] = $_POST['username'];

$_SESSION['status'] = $status;

 

if(!isset($_POST['ingelogd']))

{

$verlooptijd = time()+60*30;

setcookie("dt_user",strtolower($_POST['username']), $verlooptijd);

setcookie("dt_wacht",md5(strtolower($_POST['wachtwoord'])), $verlooptijd);

}

else

{

$verlooptijd = time()+60*60*24*362;

setcookie("dt_user",strtolower($_POST['username']), $verlooptijd);

setcookie("dt_wacht",md5(strtolower($_POST['wachtwoord'])), $verlooptijd);

}

 

header("Location: index.php");

}

}

else

{

echo'

<center>Vul het onderstaande formuliertje in om in te loggen op Partybox4u.com!<br><br>

<form method="post" action="inloggen.php">

<table width="250" border="0" cellspacing="0" cellpadding="0">

<tr><td class="titel" colspan="2">Inloggen</td></tr>

<tr><td class="content">Gebruikersnaam</td><td class="content"><input type="text" name="username"></td></tr>

<tr><td class="content">Wachtwoord</td><td class="content"><input type="password" name="wachtwoord"></td></tr>

<tr><td class="content">Ingelogd Blijven?</td><td class="content"><input name="ingelogd" type="checkbox" value="blijven" checked style="border: 0px; background:#F5FAFE;"></td></tr>

<tr><td class="content"> </td><td class="content"><input type="submit" name="submit" value="Inloggen!"></td></tr>

<tr><td class="bottom" colspan="2"> </td></tr>

</table></form></center><br>

 

 

<center><table width="90%" cellpadding="0" cellspacing="6"><tr>

<td class="titel"><font color="#9F141A">Nog Geen Lid? Registeer Nu. !!</font></td>

        <tr><td class="content">

<center>Word <b>gratis</b> lid op <b>partybox4u.com</b><br>

de leukste <b>profielen</b> site van<br>

<font color="#9F141A"><b>NEDERLAND</b></font><br>

<br><img src="extra_images/aanmelden.gif" border="0" /><br />

 

<br>Gewenste gebruikersnaam:<br />

 

<form  method="get" action="leden/registreren.php?naam=<? echo"".$gebruikersnaam.""?>

 

<input type="text" name="gebruikersnaam" maxlength="40"> <br>

 

<br><input type="submit" value="Registreren!" name="submit"></form></center>

 

<tr><td class="bottom"><td class="bottom"><td class="bottom"></td></tr></table>';

}

 

include("bottom.php");

ob_end_flush();

?>

 

 

 

so maybe somone can help me

[Full-Demon]

Are you sure that when ppl register, the password is encrypted and formatted to lower case before being saved in the database?

 

So that before you write the account details of someone who registered, you do this with the password:

 

md5(strtolower($_POST['wachtwoord']))

 

and input that into MySQL.

 

Not sure what else it could be...

 

Full-Demon

[44justin]

what code can i use instead of that????

 

 

i will try it en reply here what happen

[neel_basu]

HI!

That much code is not required.

Would You try If I Make one for You in 10 lines But More Powerful than 100 lines??

[44justin]

here i have the register script

 

<?php

if(isset($_GET['ref']))

{setcookie("ref",strtolower($_GET['ref']), 60*60*24*7);}

 

$tit = 'Je Gratis Aanmelden op Partybox4u!';

$loc1 = 'Leden';

$loc2 = 'Aanmelden';

include("../top.php");

 

 

function GeneratePWD($tekens)

{

  $sleutel = "";   

  $array = array ("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "v", "x", "y", "z", 1, 2, 3, 4, 5, 6, 7, 8, 9, 0);

 

  for ($i = 0; $i < $tekens; $i++)

      $sleutel .= $array[rand(0, 33)];

           

  return strtoupper($sleutel);

        }

 

if(isset($_SESSION['id']))

{error('Je kunt je alleen aanmelden als je niet bent ingelogd!','0');}

elseif(isset($_POST['submit']))

{

    $query = mysql_query("SELECT id FROM leden WHERE email='".$_POST['email']."' || gebruikersnaam='".$_POST['gebruikersnaam']."'");

    $check = mysql_num_rows($query);

 

if(empty($_POST['gebruikersnaam']) || strlen($_POST['gebruikersnaam']) < "3" || strlen($_POST['gebruikersnaam']) > "12")

{error('Je gebruikersnaam moet uit minstens 3 tekens bestaan!<br>en mag maximaal 12 tekens lang zijn Verander dit!','0');}

 

//elseif(strpos($_POST['gebruikersnaam'],"$") || strpos($_POST['gebruikersnaam'],"/") || strpos($_POST['gebruikersnaam'],".") || strpos($_POST['gebruikersnaam'],"^") || strpos($_POST['gebruikersnaam']," "))

// {error('Je gebruikersnaam mag geen $, ^, ., / of een spatie bevatten! Verander dit!','0');}

elseif(!eregi("^[A-Za-z0-9_!~*\$-]+$",$_POST['gebruikersnaam']))

{error('Je gebruikersnaam mag alleen uit letters, cijfers, en de tekens _ ! ~ $ * - bestaan!','0');}

 

elseif(empty($_POST['email']) || !eregi("[A-Za-z0-9_-]+([.]{1}[A-Za-z0-9_-]+)*@[A-Za-z0-9-]+([.]{1}[A-Za-z0-9-]+)+", $_POST["email"]))

{error('Je moet een geldig e-mail adres opgeven! Verander dit!','0');}

 

elseif($check != "0")

{error("De door jouw gekozen gebruikersnaam of het opgegeven e-mail adres is al ingebruik!","0");}

 

elseif(empty($_POST['wachtwoord1']) || strlen($_POST['wachtwoord1']) < "3" || strlen($_POST['wachtwoord1']) > "15")

{error('Je wachtwoord moet uit minstens 3 tekens bestaan! Verander dit!','0');}

 

elseif($_POST['wachtwoord1'] != $_POST['wachtwoord2'])

{error('De opgegeven wachtwoorden komen niet overeen! Verander dit!','0');}

 

else

{

$pwd = GeneratePWD(15);

 

if(isset($_GET['ref']))

{

$ref = $_GET['ref'];

$result = mysql_query("UPDATE leden SET dp=dp+20 WHERE id='".$_GET['ref']."'");

}

elseif(isset($_COOKIE['ref']))

{

$ref = $_COOKIE['ref'];

$result = mysql_query("UPDATE leden SET dp=dp+20 WHERE id='".$_COOKIE['ref']."'");

}

else{$ref = "0";}

 

mysql_query("INSERT INTO leden (id, gebruikersnaam, wachtwoord, email, geboortedatum, status, ip, aangemeld, geactiveerd, gewijzigd, geslacht, naam, ref) VALUES('','". $_POST['gebruikersnaam'] ."','". md5($wachtwoord1) ."','". $_POST['email'] ."', '".$_POST['geboorte1']."-".$_POST['geboorte2']."-".$_POST['geboorte3']."', '1', '".$ip."', '". time() ."', '1', '". time() ."', '".$_POST['geslacht']."', '".$_POST['echtenaam']."', '".$ref."')")or die(mysql_error());

mysql_query("UPDATE site_stats SET aangemeld=aangemeld+1 WHERE dag='".date("dmy")."'");

mail($_POST['email'],"Je registratie voltooien!",

'<html><body><font size="2" face="arial">Beste '. $_POST['echtenaam'] .',<br><br>

Je hebt je onlangs op Partybox4u.com geregistreerd,<br><br>

Je bent geregistreerd met de volgende gegevens:<br>

  Gebruikersnaam: <b>'. $_POST['gebruikersnaam'] .'</b><br>

                  Wachtwoord: <b>'. $_POST['wachtwoord1'] .'</b><br>

                  Profiel URl: <b><a href="http://www.partybox4u.com/leden/profiel.php?naam='. $_POST['gebruikersnaam'] .'">http://www.partybox4u.com/leden/profiel.php?naam='. $_POST['gebruikersnaam'] .'</a></b><br><br>

                We wensen je veel plezier op http://www.partybox4u.com Je kunt nu inloggen en een profiel aanmaken of mee praten in het forum, maar je kunt natuurlijk ook gebruik maken van al onze andere stuff!<br><br>

                MvG,<br><br>

                De Crew<br>

<a href="http://www.partybox4u.com/">http://www.partybox4u.com/</a></body></html>',

"From: Partybox4u.com<$emailwebmaster>\nContent-type: text/html; charset=iso-8859-1") or die("De bevestigingsmail is niet verzonden! Laat je account handmatig activeren, stuur ons een mailtje via het contact formulier!"); 

    echo"<br><center><b><h5>Gefeliciteerd!<br><br>Je bent geregistreerd, je hoeft nu alleen nog maar inloggen.</h5></b></center>";

 

echo'

<center><form name="mailafriend" method="post" action="mailafriend.php">

<h3>Vertel een Vriend <img src="http://www.partybox4u.com/leden/extra_images/boy_status.gif"> of Vriendin <img src="http://www.partybox4u.com/leden/extra_images/girl_status.gif"> over ons. !!</h3>

<b><i>Afzender:</i></b><br />

Uw naam:<br />

<input type="text" name="naam" /><br />

E-mailadres:<br />

<input type="text" name="from" /><br /><br />

<br><b><i>Bestemming:</i></b><br />

Naam ontvanger:<br />

<input type="text" name="vriend" /><br />

E-mailadres:<br />

<input type="text" name="to" /><br />

<input type="submit" value="Verstuur >>" class="button">

</form><br>

PS: Hou wel rekening dat de e-mail in de map <font color="FF0000">ongewenst</font> kan komen.</center>';

}

}else{

echo'

<table cellspacing="0" width="100%"><form action="registreren.php'; if(isset($_GET['ref'])) {echo'?ref='.$_GET['ref'];} echo'" method="post">

<tr><td class="titel" colspan="2">Gratis Aanmelden</td></tr>

<tr><td width="120" class="content">Gebruikersnaam</td><td class="content"><input type="text" name="gebruikersnaam" maxlength="25" value="'.$_GET['gebruikersnaam'].'"></td></tr>

<tr><td class="content">Wachtwoord</td><td class="content"><input type="password" name="wachtwoord1" maxlength="25"></td></tr>

<tr><td class="content">Wachtwoord Herhalen</td><td class="content"><input type="password" name="wachtwoord2" maxlength="20"></td></tr>

<tr><td class="content" colspan="2"> </td></tr>

<tr><td class="content">Echte Naam</td><td class="content"><input type="text" name="echtenaam" maxlength="30"></td></tr>

<tr><td class="content">Geslacht</td><td class="content"><select name="geslacht"><option value="Man">Man</option><option value="Vrouw">Vrouw</option></select></td></tr>

<tr><td class="content">Geboorte Datum</td><td class="content"><select name="geboorte1">';

$dag = "1";

while($dag < 32)

{if($dag < 10) {$dag = "0".$dag;} echo'<option value="'.$dag.'">'.$dag.'</option>'; $dag++;}

echo'</select> <select name="geboorte2"><option value="01">Januari</option><option value="02">Februari</option><option value="03">Maart</option><option value="04">April</option><option value="05">Mei</option><option value="06">Juni</option><option value="07">Juli</option><option value="08">Augustus</option><option value="09">September</option><option value="10">Oktober</option><option value="11">November</option><option value="12">December</option></select> <select name="geboorte3">';

$jaar = "1930";

while($jaar < date('Y') - 3)

{echo'<option value="'.$jaar.'">'.$jaar.'</option>'; $jaar++;}

echo'</select></td></tr>

<tr><td class="content" colspan="2"> </td></tr>

<tr><td class="content">E-mail Adres</td><td class="content"><input type="text" name="email" maxlength="70"></td></tr>

<tr><td class="content"> </td><td class="content"><input type="submit" value="Registreren!" name="submit"></td></tr>

<tr><td class="bottom" colspan="2"> </td></tr>

</form></table>';

    }

include("../bottom.php");

?>

[44justin]

oke i like the idee

 

edit::    my friend says that it maybe is the cause of the mysql version is that possible??????

[rofl90]

Thats a hell of alot of code, for not much needd..

If you BOUGHT this. I'd remake it for alot cheaper. and alot less load time - Less bandwidth needed - cheaper =D

EDIT: possible; not likely. That PHP/MySQL isn't very advanced/version 5 material, it'd workin version 4+ atleastwhat are you running?

[44justin]

i have bought a holl script but its a bit of a mess so i would like if someone has time to look at it

 

edit::: my bluehost server is runnning on 4.1.21

[rofl90]

What script ;P

A Content Mangement System?

I'll build a complete personalised one.. Cost ya tho.

;P take about a week (I hve other people that will help me ;P)

[neel_basu]

But All The Above Is Possible With This 5 Line Of Codes

<?php
$conn = mysql_connect("localhost", "root", "");//Your DB Connection Variable
$getdb = new sign_in("php", "usr", $conn);//db_name, Table_name, Connection Var
$getdb->set("frm_usr", "db_usr");//Form_field_name, DB_Field_name
$getdb->set("frm_psw", "db_psw");//Form_field, DB_Field
$chk = $getdb->done();//Returns True If everything is OK else false
?>

if($chk)

{

echo "Yes";

}

else

{

echo "No";

}

[Full-Demon]

md5($wachtwoord1)

 

In the mysql query you insert data, and the password is being inserted as above.

 

This should be: md5(strtolower($_POST['wachtwoord1']))

 

Btw, this code looks awfull, where did you actually bought it? And for how much? :S

 

Full-Demon

[44justin]

thank you  ill will try it rightaway

 

 

its a profiel script

[rofl90]

Precisely I could put that scipt to a fifth.

Just ask. and seriously. If you BOUGHT this.. ask aroud before you buy.. Ill design & build a script.

If you're paying mate, I'd get a pro, not bu a premade one.

[rofl90]

Profile?

LOOOOOOL.

I could make that in 3 hours.

[neel_basu]

thank you  ill will try it rightaway

its a profiel script

But You have to include 3 php scripts for it config.php, ums/login.php, and done.php You will find them on http://sourceforge.net/project/showfiles.php?group_id=192566

[44justin]

but is there someone who whant to take a look at the script

[rofl90]

Cher-ching?

[44justin]

cher-ching???

[Full-Demon]

Just try what ive said, and dont buy anything like that again .

 

What I do? I make include scripts of things like this, and include them in whatever code I need to use the functions.

 

If you encounter any more problem, just post it

 

Full-Demon

 

ps whats cher-ching?

[rofl90]

It means is there a payment?

Im looking for freelance work ill recode it all. and make it alot smaller script. thats too much code for basic things.

[neel_basu]

I've Posted a Sign In Sign In Script first Test It And Then Add more 4 lines To make it a profile or i am upload an Working Example You Download that and Change Your table name / firld name.... and use it

[44justin]

i bought the script for like 150 dollar      100 euro

[44justin]

oke thanks

[Full-Demon]

OhmyGOSH!!! 100 euro? I would have tried it myself twice before I paid that anyway. Who created this, or is it made by a program...?

 

Full-Demon

[rofl90]

OMG! $150 JESSUSS!

For tha load o' junk.

Ill do one 5 times better for £50!

Wow.