CBaZ Posted July 13, 2007 Share Posted July 13, 2007 $connect = mysql_connect("localhost", "username", "pw") or die("Could not connect to database: " . mysql_error()); mysql_select_db("database", $connect) or die("Could not select database"); $login = $_POST["txtLogin"]; $password = $_POST["txtPassword"]; $field = ""; if (is_numeric('$login')) { $field = "user_id"; } else { $field = "username"; } $query = sprintf ("SELECT * FROM users WHERE $field='$login' AND password='".md5($password)."'", mysql_real_escape_string($login), mysql_real_escape_string($password)); $result = mysql_query($query, $connect) or die("QUERY FAILED: " . mysql_error()); if (mysql_num_rows($result) == 0) { if(session_is_registered("LoginFailed")) { if($_SESSION['LoginFailed'] > 3) { $user_query = mysql_query("SELECT * FROM users WHERE username = '$login'") or die("QUERY FAILED: " . mysql_error()); $user = mysql_query($user_query); $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); $password_cypt = md5($password); $date = date("YmdHis"); $IP = getenv("REMOTE_ADDR"); $browser = getenv("HTTP_USER_AGENT"); $handle = fopen("banip/banip.txt", "a+"); //echo "sql: ".$query."<br>"; //echo "Login Failed!"; $access_query = "INSERT INTO hacklog (date, username, hostname, ip_address, browser, refer, password) values ('$date', '$login', '$hostname', '$IP', '$browser', '$refer', '$password')" or die("QUERY FAILED: " . mysql_error()); $access = mysql_query($access_query) or die("QUERY FAILED: " . mysql_error()); Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted July 13, 2007 Share Posted July 13, 2007 Well, as far as i can see, you dont actually attempt to write to your file. You need the fwite() function. Also, you should be getting an error when your run this script anyway. Where you have this: <?php //echo "sql: ".$query." "; ?> it will produce an error. The double forward slashes are single line comments - so by having this statement broken over two lines, the "; will still be parsed, giving an error. Try: //echo "sql: ".$query.""; Quote Link to comment Share on other sites More sharing options...
MadTechie Posted July 13, 2007 Share Posted July 13, 2007 your not writing to the file! whats the QUERY FAILED error ? @GingerRobot thats only a display issule (he used quote not code) Quote Link to comment Share on other sites More sharing options...
CBaZ Posted July 13, 2007 Author Share Posted July 13, 2007 unfortunately doesn't write to the txt file it does however enter it into the hacklog Quote Link to comment Share on other sites More sharing options...
keeB Posted July 13, 2007 Share Posted July 13, 2007 Your code is unclear. I've attached some code and comments. <?php #addition function writeTextToFile($file, $text) { $fh = fopen($file, "a+"); fwrite($fh, $text); } $connect = mysql_connect("localhost", "username", "pw") or die("Could not connect to database: " . mysql_error()); mysql_select_db("database", $connect) or die("Could not select database"); $login = $_POST["txtLogin"]; $password = $_POST["txtPassword"]; $field = ""; if (is_numeric('$login')) { # <-- Nifty idea, but who knows their unique id? $field = "user_id"; } else { $field = "username"; } $query = sprintf ("SELECT * FROM users WHERE $field='$login' AND password='".md5($password)."'", mysql_real_escape_string($login), mysql_real_escape_string($password)); $result = mysql_query($query, $connect) or die("QUERY FAILED: " . mysql_error()); if (mysql_num_rows($result) == 0) { if(session_is_registered("LoginFailed")) { # <--- what the hell is this? if($_SESSION['LoginFailed'] > 3) { # <--- You're never incrementing LoginFailed session variable... this case will never happen?? # Why the hell are you re-querying for the user? $user_query = mysql_query("SELECT * FROM users WHERE username = '$login'") or die("QUERY FAILED: " . mysql_error()); $user = mysql_query($user_query); $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); $password_cypt = md5($password); $date = date("YmdHis"); $IP = getenv("REMOTE_ADDR"); $browser = getenv("HTTP_USER_AGENT"); #addition $fileText = $date . " - " . $user . " - " . $hostname . " - " . $password_cypt . " - " . $IP . " - " . $browser; writeTextToFile("banip/banip.txt", $fileText); //echo "sql: ".$query." echo "Login Failed!"; $access_query = "INSERT INTO hacklog (date, username, hostname, ip_address, browser, refer, password) values ('$date', '$login', '$hostname', '$IP', '$browser', '$refer', '$password')" or die("QUERY FAILED: " . mysql_error()); $access = mysql_query($access_query) or die("QUERY FAILED: " . mysql_error()); } } } ?> Quote Link to comment Share on other sites More sharing options...
CBaZ Posted July 13, 2007 Author Share Posted July 13, 2007 that's just it .. this way has worked before but not anymore. I am not getting an error. the br is for when it writes the ip into the next line in the file. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted July 13, 2007 Share Posted July 13, 2007 Read keeB Comments.. they make sense! revise your code to suite.. nice job keeB Quote Link to comment Share on other sites More sharing options...
keeB Posted July 14, 2007 Share Posted July 14, 2007 thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.