Jump to content

[SOLVED] help with login confirm

chris_rulez001

By chris_rulez001
in PHP Coding Help

 Share

Recommended Posts

chris_rulez001 Member

chris_rulez001

Posted
Posted

hi ive made this login confirm code and it doesnt work, it brings up an error

 

the error:

 

Parse error: parse error, unexpected T_VARIABLE in /www/1111mb.com/m/i/n/minispace/htdocs/temp/loginconfirm.php on line 7

 

loginconfirm.php:

 

<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
include('includes/mysql_connect_users.php')

$sql_user_check = "SELECT * FROM users WHERE username=$username";
$result_name_check = mysql_query($sql_user_check);
$usersfound = mysql_num_rows($result_name_check);
// if user not found, note that and end
if ($usersfound < 1) {
    $error = "Username $user not found.";
// if user does exist, continue with processing
} else {
    // checking if passwords match
    $sql_pass_get = "SELECT * FROM users WHERE username='$username'";
    $user_info = mysql_fetch_array(mysql_query($sql_pass_get));
    $pass = $user_info['password'];
    // if doesn't match, note that and end
    if ($pass != md5($password)) {
        $error = "Invalid password.  Try again.";
} else {
        $_SESSION['userid'] = $user_info['id'];
        $_SESSION['username'] = $user_info['username'];
        $_SESSION['password'] = $user_info['password'];
        $_SESSION['email'] = $user_info['email'];
        $_SESSION['firstname'] = $user_info['firstname'];
        $_SESSION['lastname'] = $user_info['lastname'];
        $_SESSION['age'] = $user_info['age'];
        $_SESSION['gender'] = $user_info['gender'];
        $_SESSION['ip'] = $user_info['ip'];
        $_SESSION['open'] = $user_info['open'];
        $_SESSION['photo'] = $user_info['photo'];
        $_SESSION['webs'] = $user_info['webs'];
        $_SESSION['paid'] = $user_info['paid'];
    }
if (!$_SESSION['username']) {
    if ($error) {
        echo $error;
        include("login.php")
    } else {
        include("index.php")
    }
} else {
    echo "<html><head><title>Welcome Back</title></head><body>Welcome back ".$_SESSION['name']."  <a href=\"settings.php\">Click here</a> to view your current settings.</body></html>";
} 
}
?>

 

mysql_connect_users.php:

 

<?php
$location = "localhost";
$mysqlusername = "myusername";
$mysqlpassword = "mypassword";
$database = "mysite_users";

$conn = mysql_connect("$location","$mysqlusername","$mysqlpassword");
if (!$conn) die ("Could not connect MySQL");
mysql_select_db($database,$conn) or die ("Could not open database");
?>

Link to comment
https://forums.phpfreaks.com/topic/55590-solved-help-with-login-confirm/
Share on other sites
chris_rulez001 Member

chris_rulez001

Posted
  • Author
Posted

thanks, im getting more errors:

 

the errors:

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/1111mb.com/m/i/n/minispace/htdocs/temp/loginconfirm.php on line 9

 

Notice: Undefined variable: user in /www/1111mb.com/m/i/n/minispace/htdocs/temp/loginconfirm.php on line 12

 

the code:

<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
include('includes/mysql_connect_users.php');

$sql_user_check = "SELECT * FROM users WHERE username=$username";
$result_name_check = mysql_query($sql_user_check);
$usersfound = mysql_num_rows($result_name_check);
// if user not found, note that and end
if ($usersfound < 1) {
    $error = "Username $user not found.";
// if user does exist, continue with processing
} else {
    // checking if passwords match
    $sql_pass_get = "SELECT * FROM users WHERE username='$username'";
    $user_info = mysql_fetch_array(mysql_query($sql_pass_get));
    $pass = $user_info['password'];
    // if doesn't match, note that and end
    if ($pass != md5($password)) {
        $error = "Invalid password.  Try again.";
} else {
        $_SESSION['userid'] = $user_info['id'];
        $_SESSION['username'] = $user_info['username'];
        $_SESSION['password'] = $user_info['password'];
        $_SESSION['email'] = $user_info['email'];
        $_SESSION['firstname'] = $user_info['firstname'];
        $_SESSION['lastname'] = $user_info['lastname'];
        $_SESSION['age'] = $user_info['age'];
        $_SESSION['gender'] = $user_info['gender'];
        $_SESSION['ip'] = $user_info['ip'];
        $_SESSION['open'] = $user_info['open'];
        $_SESSION['photo'] = $user_info['photo'];
        $_SESSION['webs'] = $user_info['webs'];
        $_SESSION['paid'] = $user_info['paid'];
    }
if (!$_SESSION['username']) {
    if ($error) {
        echo $error;
        include("login.php");
    } 
else {
        include("index.php");
    }
} else {
    echo "<html><head><title>Welcome Back</title></head><body>Welcome back ".$_SESSION['name']."  <a href=\"settings.php\">Click here</a> to view your current settings.</body></html>";
} 
}
?>

per1os Member

per1os

Posted
Posted

wow...

 

$sql_user_check = "SELECT * FROM users WHERE username='$username'"; // any literal values need to have single quotes around them.
$result_name_check = mysql_query($sql_user_check) OR DIE(mysql_error()); // gives an error message if the sql is invalid

chris_rulez001 Member

chris_rulez001

Posted
  • Author
Posted

thanks, im getting another error:

 

error:

 

Notice: Undefined index: username in /www/1111mb.com/m/i/n/minispace/htdocs/temp2/loginconfirm.php on line 37

 

the code:

<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
include('includes/mysql_connect_users.php');

$sql_user_check = "SELECT * FROM users WHERE username='$username'"; // any literal values need to have single quotes around them.
$result_name_check = mysql_query($sql_user_check) OR DIE(mysql_error()); // gives an error message if the sql is invalid
$usersfound = mysql_num_rows($result_name_check);
// if user not found, note that and end
if ($usersfound < 1) {
    $error = "Username $user not found.";
// if user does exist, continue with processing
} else {
    // checking if passwords match
    $sql_pass_get = "SELECT * FROM users WHERE username='$username'";
    $user_info = mysql_fetch_array(mysql_query($sql_pass_get));
    $pass = $user_info['password'];
    // if doesn't match, note that and end
    if ($pass != md5($password)) {
        $error = "Invalid password.  Try again.";
} else {
        $_SESSION['userid'] = $user_info['id'];
        $_SESSION['username'] = $user_info['username'];
        $_SESSION['password'] = $user_info['password'];
        $_SESSION['email'] = $user_info['email'];
        $_SESSION['firstname'] = $user_info['firstname'];
        $_SESSION['lastname'] = $user_info['lastname'];
        $_SESSION['age'] = $user_info['age'];
        $_SESSION['gender'] = $user_info['gender'];
        $_SESSION['ip'] = $user_info['ip'];
        $_SESSION['open'] = $user_info['open'];
        $_SESSION['photo'] = $user_info['photo'];
        $_SESSION['webs'] = $user_info['webs'];
        $_SESSION['paid'] = $user_info['paid'];
    }
if (!$_SESSION['username']) {
    if ($error) {
        echo $error;
        include("login.php");
    } 
else {
        include("index.php");
    }
} else {
    echo "<html><head><title>Welcome Back</title></head><body>Welcome back ".$_SESSION['name']."  <a href=\"settings.php\">Click here</a> to view your current settings.</body></html>";
} 
}
?>

Trium918 Advanced Member

Trium918

Posted
Posted

ok ive changed that and it doesnt show the error now but when i type my password in it comes up saying invalid password when it is the correct password, can you help?

 

The password that you enter into the form isn't

matching the password stored in the database.

per1os Member

per1os

Posted
Posted

Alright man, let's try and think here ok?

 

The password in the database does it look something like this:

3ecodr493j39r9jr93j9j39w (MD5 Hashed)

 

Or like this:

jackthedog

 

If the password that is IN the DATABASE looks like jackthedog, than it is not MD5 hashed and you are essentially checking

3ecodr493j39r9jr93j9j39w

against

jackthedog

 

which they obviously do not match.

 

So if the password in the database is not md5 hashed, and it appears like a real word. Than you do not need to md5($password) in the check as it will not work.

 

For security it is best to store the password in the database as MD5 and not the actual word.

 

At any rate, think for a second and check that out, chances are the password in the database looks like "jackthedog".

chris_rulez001 Member

chris_rulez001

Posted
  • Author
Posted

Alright man, let's try and think here ok?

 

The password in the database does it look something like this:

3ecodr493j39r9jr93j9j39w (MD5 Hashed)

 

Or like this:

jackthedog

 

If the password that is IN the DATABASE looks like jackthedog, than it is not MD5 hashed and you are essentially checking

3ecodr493j39r9jr93j9j39w

against

jackthedog

 

which they obviously do not match.

 

So if the password in the database is not md5 hashed, and it appears like a real word. Than you do not need to md5($password) in the check as it will not work.

 

For security it is best to store the password in the database as MD5 and not the actual word.

 

At any rate, think for a second and check that out, chances are the password in the database looks like "jackthedog".

 

thats right you can see the word how do i md5 it then so then the login works?

per1os Member

per1os

Posted
Posted

When the user registers make sure that password gets hashed, if you just did an insert statement on your own than run this via phpMyAdmin

 

UPDATE users SET `password` = MD5(`password`);

 

Should take care of all user passwords to be md5 hashed.

chris_rulez001 Member

chris_rulez001

Posted
  • Author
Posted

Well i dont know, can you post your registration and login page please.

 

Thanks,

 

~ Chocopi

 

ok,

 

register.php:

<?php
session_start();
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Register</title>
<link rel="stylesheet" href="css/stylesheet.css" />
<?php
include ('includes/mysql_connect_users.php');
include ('includes/general.php');
?>
<style type="text/css">
<!--
#Layer1 {
position:absolute;
left:481px;
top:148px;
width:339px;
height:132px;
z-index:1;
}
-->
</style>
</head>

<body>
<div id="Layer1">
  <div align="center">
    <h3>Why <span>Register?</span></h3>
  </div>
			<ul>
				<li>Create your very own Custom Profile</li>
				<li>Its 100% <strong>FREE</strong>!</li>
			</ul>
</div>
<table width="86%" border="1" align="center">
<tr>
<td height="26" class="headerback">
<?php echo $site_name; ?>
</td>
</tr>
<tr>
<td class="topnav" height="5">
<a href="index.php">Home</a> |
<a href="members.php">Members</a> |
<a href="forum/index.php">Forum</a> |
<a href="faq.php">FAQ</a> |
<a href="view_user.php?user=<?php $_SESSION['username'] ?>">Profile</a> |
<?php if (!isset($_SESSION['username']) == false) echo "<a href='logout.php'>Logout</a>";
else{
echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>"; }?>
</td>
</tr>
<tr>
<td class="siteback">
<blockquote>
<p><u>
Register
</u><br />
</p>
</blockquote>
<form id="form1" name="form1" method="post" action="add_user.php">
  <blockquote>
    <p>First Name: 
      <input type="text" name="nameFirst" />
      <br />
      <br />
      Last Name: 
      <input type="text" name="nameLast" />
      <br />
      <br />
      Username: 
      <input type="text" name="username" />
      <br />
      <br />
      Password: 
      <input type="password" name="password" maxlength="20" />
      <br />
      <br />
      Password
<br />
      (confirm): 
      <input name="cpassword" type="password" id="cpassword" maxlength="20" />
      <br />
      <br />
	  Email: 
      <input type="text" name="email" />
      <br />
      <br />
      Age: 
      <input name="age" type="text" value="Age (e.g. 14)" />
      <br />
      <br />
      Gender: 
      <input type="text" name="gender" />
      <br />
      <br />
      <input name="tos" type="checkbox" id="tos" value="tos" />
      By checking the box, you confirm that you agree to the Minispace Terms of Service and Privacy Policy which describe how your personal data will be used.
<br />
      <br />
      <input name="id" type="hidden" value="id" />
      <input type="submit" name="Submit" value="Submit" />
            <input type="reset" name="Submit2" value="Reset" />    
          </p>
    </blockquote>
</form>
    </td>
  </tr>
</table>
<br />
<br /><div align="center">
<?php echo $copyright; ?>
</div><br />
</body>
</html>

 

login.php:

<?php
session_start();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
<link rel="stylesheet" href="css/stylesheet.css" />
<?php
include ('includes/mysql_connect_users.php');
include ('includes/general.php');
?>
</head>

<body>
<table width="86%" border="1" align="center">
  <tr>
    <td height="26" class="headerback"><?php echo $site_name; ?></td>
  </tr>
  <tr>
    <td class="topnav" height="5"><a href="index.php">Home</a> | <a href="members.php">Members</a> | <a href="forum/index.php">Forum</a> | <a href="faq.php">FAQ</a> | <a href="view_user.php?user=<?php $_SESSION['username'] ?>">Profile</a> | <?php if (!isset($_SESSION['username']) == false) echo "<a href='logout.php'>Logout</a>";
else{
echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>"; }?></td>
  </tr>
  <tr>
    <td class="siteback" align="center">
Login<br /><br />
      <form id="form1" name="form1" method="post" action="loginconfirm.php">
                 <p>
            Username: 
            <input type="text" name="username" />
            <br />
            <br />
            Password: 
            <input type="password" name="password" />
            <br />
            <br />
            <input type="submit" name="Submit" value="Submit" /> 
            <input type="reset" name="Submit2" value="Reset" />
            </p>
    </form>    </td>
  </tr>
</table><br />
<br /><div align="center"><?php echo $copyright; ?></div><br />
</body>
</html>

 

loginconfirm.php:

<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
include('includes/mysql_connect_users.php');

$sql_user_check = "SELECT * FROM users WHERE username='$username'"; // any literal values need to have single quotes around them.
$result_name_check = mysql_query($sql_user_check) OR DIE(mysql_error()); // gives an error message if the sql is invalid
$usersfound = mysql_num_rows($result_name_check);
// if user not found, note that and end
if ($usersfound < 1) {
    $error = "Username $username not found.";
// if user does exist, continue with processing
} else {
    // checking if passwords match
    $sql_pass_get = "SELECT * FROM users WHERE username='$username'";
    $user_info = mysql_fetch_array(mysql_query($sql_pass_get));
    $pass = $user_info['password'];
    // if doesn't match, note that and end
    if ($pass != md5($password)) {
        $error = "Invalid password.  Try again.";
} else {
        $_SESSION['userid'] = $user_info['id'];
        $_SESSION['username'] = $user_info['username'];
        $_SESSION['password'] = $user_info['password'];
        $_SESSION['email'] = $user_info['email'];
        $_SESSION['firstname'] = $user_info['firstname'];
        $_SESSION['lastname'] = $user_info['lastname'];
        $_SESSION['age'] = $user_info['age'];
        $_SESSION['gender'] = $user_info['gender'];
        $_SESSION['ip'] = $user_info['ip'];
    }
if (!isset($_SESSION['username'])) {
    if ($error) {
        echo $error;
        include("login.php");
    } 
else {
        include("index.php");
    }
} else {
    echo "<html>
<head>
<title>Logged In Successfully</title>
<SCRIPT LANGUAGE='JavaScript'>
<!-- Begin
redirTime = '5000';
redirURL = 'http://minispace.1111mb.com/temp2/index.php';
function redirTimer() { self.setTimeout('self.location.href = redirURL;',redirTime); }
// End -->
</script>
</head>

<body onLoad='redirTimer()'>
You are logged in successfully, please wait to be redirected.
</body>
</html>";
} 
}
?>

 

add_user.php:

<?php
  $id = $_POST['id'] ;
  $email = $_POST['email'] ;
  $first = $_POST['nameFirst'] ;
  $last = $_POST['nameLast'] ;
  $username = $_POST['username'] ;
  $password = $_POST['password'] ;
  $cpassword = $_POST['cpassword'] ;
  $age = $_POST['age'] ;
  $gender = $_POST['gender'] ;
  $ip=$_SERVER['REMOTE_ADDR'];
  $sqlcheck="SELECT username FROM users WHERE username='$username'";

  if ($first == "") {
    echo "<strong>Error:</strong><br> You havent entered your first name<br/><br/>";
  }
  elseif ($last == "") {
    echo "<strong>Error:</strong><br> You havent entered your last name<br/><br/>";
  }
  elseif ($username == "") {
    echo "<strong>Error:</strong><br> You havent entered your username<br/><br/>";
  }
  elseif (strpos($username, $sqlcheck) === FALSE) {
    echo "<strong>Error:</strong><br> The requested username is in use<br/><br/>";
  }
  elseif ($password == "") {
    echo "<strong>Error:</strong><br> You havent entered your password<br/><br/>";
  }
  elseif (strpos($cpassword, $password) === FALSE) {
    echo "<strong>Error:</strong><br> You havent confirmed your password properly<br/><br/>";
  }
  elseif ($email == "" || strpos($email, "@") === FALSE || strpos($email, ".") === FALSE) {
    echo "<strong>Error:</strong><br> You havent entered your email<br/><br/>";
  }
  elseif ($age == "" || $age < 13) {
    echo "<strong>Error:</strong><br> You must be 13 or over to join<br/><br/>";
  }
  elseif ($age == "Age (e.g. 14)" || $age == "") {
    echo "<strong>Error:</strong><br> You havent entered your age<br/><br/>";
  }
  else {
  include ('includes/mysql_connect_users.php');
  $mysqlinsert="INSERT INTO users(id, username, password, email, firstname, lastname, age, gender, ip)VALUES('$id', '$username', '$password', '$email', '$first', '$last', '$age', '$gender', '$ip')";

  $result2=mysql_query($mysqlinsert);

if($result2){
echo "<u><strong>Your Login Information</strong></u><br/><br/>";
echo "Your Registered Username Is: ".$username."<br/><br/>";
echo "Your Registered Password Is: ".$password."<br/><br/>";
echo "<u><strong>Other Information</strong></u><br/><br/>";
echo "Your Registered Email Is: ".$email."<br/><br/>";
echo "Your Registered Age Is: ".$age." Years Of Age<br/><br/>";
echo "You Are Successfully Registered, Click <a href='index.php'>Here</a><br/>";
echo " To Go To The Homepage";
echo "<div class='important'><strong><u>Write This Information Down</u></strong></div>";
}
}
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.