CBaZ Posted July 13, 2007 Share Posted July 13, 2007 $connect = mysql_connect("localhost", "username", "pw") or die("Could not connect to database: " . mysql_error()); mysql_select_db("database", $connect) or die("Could not select database"); $login = $_POST["txtLogin"]; $password = $_POST["txtPassword"]; $field = ""; if (is_numeric('$login')) { $field = "user_id"; } else { $field = "username"; } $query = sprintf ("SELECT * FROM users WHERE $field='$login' AND password='".md5($password)."'", mysql_real_escape_string($login), mysql_real_escape_string($password)); $result = mysql_query($query, $connect) or die("QUERY FAILED: " . mysql_error()); if (mysql_num_rows($result) == 0) { if(session_is_registered("LoginFailed")) { if($_SESSION['LoginFailed'] > 3) { $user_query = mysql_query("SELECT * FROM users WHERE username = '$login'") or die("QUERY FAILED: " . mysql_error()); $user = mysql_query($user_query); $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); $password_cypt = md5($password); $date = date("YmdHis"); $IP = getenv("REMOTE_ADDR"); $browser = getenv("HTTP_USER_AGENT"); $handle = fopen("banip/banip.txt", "a+"); //echo "sql: ".$query."<br>"; //echo "Login Failed!"; $access_query = "INSERT INTO hacklog (date, username, hostname, ip_address, browser, refer, password) values ('$date', '$login', '$hostname', '$IP', '$browser', '$refer', '$password')" or die("QUERY FAILED: " . mysql_error()); $access = mysql_query($access_query) or die("QUERY FAILED: " . mysql_error()); Link to comment https://forums.phpfreaks.com/topic/59814-my-login-doesnt-write-to-baniptxt-or-to-my-hacklog/ Share on other sites More sharing options...
GingerRobot Posted July 13, 2007 Share Posted July 13, 2007 Well, as far as i can see, you dont actually attempt to write to your file. You need the fwite() function. Also, you should be getting an error when your run this script anyway. Where you have this: <?php //echo "sql: ".$query." "; ?> it will produce an error. The double forward slashes are single line comments - so by having this statement broken over two lines, the "; will still be parsed, giving an error. Try: //echo "sql: ".$query.""; Link to comment https://forums.phpfreaks.com/topic/59814-my-login-doesnt-write-to-baniptxt-or-to-my-hacklog/#findComment-297400 Share on other sites More sharing options...
MadTechie Posted July 13, 2007 Share Posted July 13, 2007 your not writing to the file! whats the QUERY FAILED error ? @GingerRobot thats only a display issule (he used quote not code) Link to comment https://forums.phpfreaks.com/topic/59814-my-login-doesnt-write-to-baniptxt-or-to-my-hacklog/#findComment-297405 Share on other sites More sharing options...
CBaZ Posted July 13, 2007 Author Share Posted July 13, 2007 unfortunately doesn't write to the txt file it does however enter it into the hacklog Link to comment https://forums.phpfreaks.com/topic/59814-my-login-doesnt-write-to-baniptxt-or-to-my-hacklog/#findComment-297408 Share on other sites More sharing options...
keeB Posted July 13, 2007 Share Posted July 13, 2007 Your code is unclear. I've attached some code and comments. <?php #addition function writeTextToFile($file, $text) { $fh = fopen($file, "a+"); fwrite($fh, $text); } $connect = mysql_connect("localhost", "username", "pw") or die("Could not connect to database: " . mysql_error()); mysql_select_db("database", $connect) or die("Could not select database"); $login = $_POST["txtLogin"]; $password = $_POST["txtPassword"]; $field = ""; if (is_numeric('$login')) { # <-- Nifty idea, but who knows their unique id? $field = "user_id"; } else { $field = "username"; } $query = sprintf ("SELECT * FROM users WHERE $field='$login' AND password='".md5($password)."'", mysql_real_escape_string($login), mysql_real_escape_string($password)); $result = mysql_query($query, $connect) or die("QUERY FAILED: " . mysql_error()); if (mysql_num_rows($result) == 0) { if(session_is_registered("LoginFailed")) { # <--- what the hell is this? if($_SESSION['LoginFailed'] > 3) { # <--- You're never incrementing LoginFailed session variable... this case will never happen?? # Why the hell are you re-querying for the user? $user_query = mysql_query("SELECT * FROM users WHERE username = '$login'") or die("QUERY FAILED: " . mysql_error()); $user = mysql_query($user_query); $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); $password_cypt = md5($password); $date = date("YmdHis"); $IP = getenv("REMOTE_ADDR"); $browser = getenv("HTTP_USER_AGENT"); #addition $fileText = $date . " - " . $user . " - " . $hostname . " - " . $password_cypt . " - " . $IP . " - " . $browser; writeTextToFile("banip/banip.txt", $fileText); //echo "sql: ".$query." echo "Login Failed!"; $access_query = "INSERT INTO hacklog (date, username, hostname, ip_address, browser, refer, password) values ('$date', '$login', '$hostname', '$IP', '$browser', '$refer', '$password')" or die("QUERY FAILED: " . mysql_error()); $access = mysql_query($access_query) or die("QUERY FAILED: " . mysql_error()); } } } ?> Link to comment https://forums.phpfreaks.com/topic/59814-my-login-doesnt-write-to-baniptxt-or-to-my-hacklog/#findComment-297410 Share on other sites More sharing options...
CBaZ Posted July 13, 2007 Author Share Posted July 13, 2007 that's just it .. this way has worked before but not anymore. I am not getting an error. the br is for when it writes the ip into the next line in the file. Link to comment https://forums.phpfreaks.com/topic/59814-my-login-doesnt-write-to-baniptxt-or-to-my-hacklog/#findComment-297414 Share on other sites More sharing options...
MadTechie Posted July 13, 2007 Share Posted July 13, 2007 Read keeB Comments.. they make sense! revise your code to suite.. nice job keeB Link to comment https://forums.phpfreaks.com/topic/59814-my-login-doesnt-write-to-baniptxt-or-to-my-hacklog/#findComment-297419 Share on other sites More sharing options...
keeB Posted July 14, 2007 Share Posted July 14, 2007 thanks Link to comment https://forums.phpfreaks.com/topic/59814-my-login-doesnt-write-to-baniptxt-or-to-my-hacklog/#findComment-297940 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.