Login page

[burtybob]

Hi i am editing a game from someone and i have been editing the login poage for a whil now and i have one problem,

The page just redirects to the index.php page please can you look at my code i have looked several time but i have always been tired from school or work, so it might be that i missed something.

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>Lealta alla Famiglia :: Login</title>
  <link rel="stylesheet" type="text/css" href="main.css" />
  <script language="JavaScript" type="text/javascript">
  function doFocus() {
    document.myform.login.focus();
    }
  </script>
</head>
<body onload="doFocus();" onmouseover="window.status='Welcome to Lealta alla Famiglia';return true;" onmouseout="window.status='';return true;">
  <br />
  <div align="center">
  <a href="home.php"><img src="gfx/titlepic.jpg" alt="Lealta alla Famiglia" width="600" height="80" border="0" /></a>
  <br /><br /><?=$message?><br /><br />
  <form action="test1.php" method="post">
  <table cellspacing="0" cellpadding="0" class="tblout">
    <tr class="tblin"><td class="tblhdr" colspan="2">L o g i n</td></tr>
    <tr class="tblin"><td class="btext">Login Name</td><td class="btext"><input type="text" name="login" size="20" maxlength="20" class="textbox" /></td></tr>
    <tr class="tblin"><td class="btext">Password</td>
      <td class="btext"><input type="password" name="pass" size="20" maxlength="20" class="textbox" /></td>
    </tr>
    <tr class="tblin"><td class="btextc" colspan="2"><font class="warn">NOTE:</font> Login name and<br />password are case sensitive</td></tr>
    <tr class="tblin"><td class="btextc" colspan="2"><input type="submit" name="sublogin" value=" Login " class="button" /></td></tr>
  </table>
  <?php if ($helpmsg==1) { ?>
  <br />
  <table width="500" cellspacing="0" cellpadding="0" class="tblout">
    <tr class="tblin"><td class="tblhdr" colspan="2">Error!</td></tr>
    <tr class="tblin"><td class="btext">You cannot be logged in because the account has not yet been activated.<br /><br />Please check the email you received when you registered for the activation link. If you are unable to find it check your spam inbox as they sometimes get placed in there.</td></tr>
    <tr class="tblin"><td class="btextc" colspan="2"><input type="submit" name="subresend" value=" Resend Email " class="button" /></td></tr>
  </table>
  <?php } ?>
  </form>
  Users online: <?=$onlinecount?><br /><br /><br />
  <a href="register.php">register</a> - <a href="lostpassword.php">lost password</a> - <a href="screenshots.php">screenshots</a>
  </div>
</body>
</html>


<?php
$username="root";
$password="benburt";
$database="lealta";
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM members";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

echo "<b><center>Database Output</center></b><br><br>";

$i=0;
while ($i < $num) {
$login1 = $_POST['login'];
$pass1 = $_POST['pass'];

$login2 = mysql_result($result,$i,"loginname");
$pass2 = mysql_result($result,$i,"password");

if ($login1==$login2&&$pass1==$pass2) {
$plalive = mysql_result($result,$i,"alive");
$pluserid = mysql_result($result,$i,"userid");
$placcesslevel = mysql_result($result,$i,"accesslevel");
$pldisplayname = mysql_result($result, $i , "displayname");
		  /******************************
              ** SEE IF THE PLAYER IS DEAD **
              ******************************/
              if ($plalive==0) {
                $_SESSION['c_userid']=$pluserid;
                header("Location: killed.php");
                exit;
              }
              /********************************
              ** SEE IF THE PLAYER IS BANNED **
              ********************************/
              $checkban=mysql_fetch_array(mysql_query("SELECT * FROM banned WHERE `displayname`='$pldisplayname'"));
              $banid=$checkban[banid];
              $banexpire=$checkban[expire];
              if (!empty($banned)) {
                $_SESSION['c_userid']=$pluserid;
                $nowtime=time(); //Need to add code here to unban if timer has expired and also to check for infinite bans
                header("Location: banned.php");
                exit;
              }
              $nowtime=time();
              /*************************************************************
              ** UPDATE THE RECORD OF PLAYER'S LAST DATE/TIME OF ACTIVITY **
              *************************************************************/
              mysql_query("UPDATE members SET `dtlastactive`=NOW() WHERE `displayname`='$pldisplayname'");
              switch ($placcesslevel) {
                case 0: //Account suspended
                  $_SESSION['c_userid']=$pluserid;
                  header("Location: suspended.php");
                  exit;break;
                case 1: //Player
                  $_SESSION['c_userid']=$pluserid;
                  header("Location: news.php");
                  exit;break;
                case 2: //Help desk operator
                  $_SESSION['c_userid']=$pluserid;
                  header("Location: news.php");
                  exit;break;
                case 3: //Moderator
                  $_SESSION['c_userid']=$pluserid;
                  header("Location: news.php");
                  exit;break;
                case 4: //Head moderator
                  $_SESSION['c_userid']=$pluserid;
                  header("Location: news.php");
                  exit;break;
                case 5: //Admin
                  $_SESSION['c_userid']=$pluserid;
                  header("Location: news.php");
                  exit;break;
                default:
                  $message="An error has occured and you can't be logged on - please contact admin";
              }
              }
$i++;
}
?>

[GingerRobot]

Well i cant see any reason why you would be redirected to your index page. Unless, of course, one of the pages that you DO get redirected to(e.g. news.php/suspended.php) contains some sort of login check which is not working, that redirects you back to the index page.

 

[burtybob]

ok thank you i will check those now i didnt think of this!

The reason that the others might not be wokrign is that the code in my prevoius post is editeed to my needs and there was more so i will probably need to alter the others now!

[tapos]

You can not call mysql_result() after closing mysql link.

 

--

Tapos Pal

[burtybob]

realy? wow i didnt know that as the code i used worked but i will try that and see if that solves it!

 

EDIT: nope that didnt solve it i looked at news.php and couldnt find anything in thier to redirect it...

 

 

  /***************************
  ** PLAYER WANTS TO LOG IN **
  ***************************/
   if ($_POST['sublogin']) {
    if ($_POST['login']) {
      $login=securestr($_POST['login']);
      if ($_POST['pass']) {
        $pass=securestr($_POST['pass']);
        $check=mysql_fetch_array(mysql_query("SELECT * FROM members"));
        $dblogin=$check[loginname];
        $dbpass=$check[password];        
  if ($login==$dblogin&&$dbpass==$pass) {
          $pluserid=$check[userid];
          $pldisplay=$check[displayname];
          $placcesslevel=$check[accesslevel];
          $plactivated=$check[activated];
          $plgender=$check[gender];
          $plcrewid=$check[crewid];
          $plalive=$check[alive];
          $plstatus=$check[status];
          $ipaddress=GetHostByName($REMOTE_ADDR);
          mysql_query("UPDATE members SET `lastip`='$ipaddress' WHERE `userid`='$pluserid'"); //Record the player's current IP

 

Is there anyway to write in a loop so that it checks ALL users in the db rather than just the top one?

I have tried WHILE and  DO WHILE, but these just bring up a blank white page.