Jump to content


Photo

NEED hellp this is a private convo!


  • Please log in to reply
27 replies to this topic

#21 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 06 April 2006 - 03:54 PM

Well really, the only thing wrong with your code is there is no error checking. Try...
$sql = "SELECT * FROM band WHERE username='$user'";
if ($result = mysql_query($sql)) {
  $user = mysql_fetch_assoc($result);
  if (md5($pass) != $user['password']) {
    $error = "Invalid password.  Try again.";
  } else {
    echo "success";
  }
} else {
  echo mysql_error();
}


#22 stefpretty

stefpretty
  • Members
  • PipPip
  • Member
  • 21 posts

Posted 06 April 2006 - 04:02 PM

taht would make my sessions invalid look..
<?php
session_start();
header("Cache-control: private");
$user = $_POST['user'];
$pass = $_POST['pass'];
include('db.php');
// checkin if the user exists
$sql_user_check = "SELECT * FROM band WHERE username='$user'";
$result_name_check = mysql_query($sql_user_check);
$usersfound = mysql_num_rows($result_name_check);
// if user not found, note that and end
if ($usersfound < 1) {
    $error = "User $user not found.";
// if user does exist, continue with processing
} else {
    // checking if passwords match
$sql = "SELECT * FROM band WHERE username='$user'";
if ($result = mysql_query($sql)) {
  $user = mysql_fetch_assoc($result);
  if (md5($pass) != $user['password']) {
    $error = "Invalid password.  Try again.";
  } else {
    echo "success";
  }

    // if do match, let in and pass on info to session variables
    } else {
        $_SESSION['userid'] = $user_info['id'];
        $_SESSION['username'] = $user_info['username'];
        $_SESSION['email'] = $user_info['email'];
        $_SESSION['prov'] = $user_info['prov'];
        $_SESSION['name'] = $user_info['name'];
        $_SESSION['style'] = $user_info['style'];
        $_SESSION['hist'] = $user_info['hist'];
        $_SESSION['infl'] = $user_info['infl'];
        $_SESSION['open'] = $user_info['open'];
        $_SESSION['photo'] = $user_info['photo'];
        $_SESSION['webs'] = $user_info['webs'];
     
    }
}
if (!$_SESSION['username']) {
    if ($error) {
        echo $error;
        include("login.html");
thats what i got at the top half

#23 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 06 April 2006 - 06:36 PM

You probably shouldn't let a user know which of there username or password failed, this can open up security holes. Without it, we can also get this all done in one query and therefore less work on the database.
<?php

  session_start();
  include 'db.php';

  if (!empty($POST['username']) && !empty($_POST['userpass'])) {
    $user = trim($_POST['username']);
    $pass = md5(trim($_POST['password']));
  } else {
    $error = "Invalid Username or Password combo!";
    include 'login.html';exit();
  }

  $sql = "SELECT * FROM band WHERE username = '$user' AND `password` = '$pass'";
  $result = mysql_query($sql) or die(mysql_error());
  if ($result) {
    $user = mysql_fetch_assoc($result);
    
    $_SESSION['userid'] = $user['id'];
    $_SESSION['username'] = $user['username'];
    $_SESSION['email']= $user['email'];
    $_SESSION['prov'] = $user['prov'];
    $_SESSION['name'] = $user['name'];
    $_SESSION['style'] = $user['style'];
    $_SESSION['hist'] = $user['hist'];
    $_SESSION['infl'] = $user['infl'];
    $_SESSION['open'] = $user['open'];
    $_SESSION['photo'] = $user['photo'];
    $_SESSION['webs'] = $user['webs'];
  
  } else {
    $error = "Invalid Username or Password combo!";
    include 'login.html';exit();
  }

?>
Also... do you really need all that stuff in a session?

#24 stefpretty

stefpretty
  • Members
  • PipPip
  • Member
  • 21 posts

Posted 06 April 2006 - 06:53 PM

thanks i'll just go test that ye i do cos its for the next thing it does when i add it which is displays profile
cheers man

#25 stefpretty

stefpretty
  • Members
  • PipPip
  • Member
  • 21 posts

Posted 06 April 2006 - 07:16 PM

no luk is it anythig to do with md5?

#26 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 06 April 2006 - 07:32 PM

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]no luk is it anythig to do with md5?[/quote]
Could be a number of things. You might need to manually view the differences and see.
<?php

  $pass = md5("PUTYOURPASSHERE");
  $user = "PUTUSERNAMEHERE";

  $result = mysql_query("SELECT `password` FROM band WHERE `username` = '$user'";
  if ($result) {
    $row = mysql_fetech_assoc($result);
    echo "password from db = {$row['password']}</ br>";
    echo "md5'd password given = $pass</br >";
  }

?>


#27 stefpretty

stefpretty
  • Members
  • PipPip
  • Member
  • 21 posts

Posted 06 April 2006 - 07:59 PM

right tht was tres helpful! however i relaised at first my storage space ofr passwords was to short so thts why it didnt match but i increased storage size and get this now but logging in still dont work ill paste m y most recent cod i got this too btw... [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]password from db = 5d3e010eb98f9eaf295662fd60773c04
md5'd password given = 5d3e010eb98f9eaf295662fd60773c04[/quote]

recent login script:
<?php

  session_start();
  include ('db.php');

  if (!empty($POST['user']) && !empty($_POST['pass'])) {
    $user = trim($_POST['user']);
    $pass = md5($_POST['pass']);
  } else {
    $error = "Invalid Username or Password";
    echo $error;
    include ('login.html');exit();
  }

  $sql = "SELECT * FROM band WHERE username = '$user' AND `password` = '$pass'";
  $result = mysql_query($sql) or die(mysql_error());
  if ($result) {
    $user = mysql_fetch_assoc($result);
    
    $_SESSION['userid'] = $user['id'];
    $_SESSION['username'] = $user['username'];
    $_SESSION['email']= $user['email'];
    $_SESSION['prov'] = $user['prov'];
    $_SESSION['name'] = $user['name'];
    $_SESSION['style'] = $user['style'];
    $_SESSION['hist'] = $user['hist'];
    $_SESSION['infl'] = $user['infl'];
    $_SESSION['open'] = $user['open'];
    $_SESSION['photo'] = $user['photo'];
    $_SESSION['webs'] = $user['webs'];
  
   echo "<html><head><title>Welcome Back</title></head><body>Welcome back ".$_SESSION['name']."  <a href=\"settings.php\">Click here</a> to view your current settings.</body></html>";
  
  } else {
    $error = "Invalid Username or Password";
    echo $error;
    include 'login.html';exit();
  }
  
   
?>


#28 stefpretty

stefpretty
  • Members
  • PipPip
  • Member
  • 21 posts

Posted 06 April 2006 - 08:19 PM

HAHAHA forgot this.... oops [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]if (!empty[!--coloro:red--][span style=\"color:red\"][!--/coloro--]($POS[!--colorc--][/span][!--/colorc--]T['user']) [/quote] the under slash!!! sorted now thaks for all your help for the now!!! lol till i hit another problem making this site!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users