Jump to content


Photo

1more thing pls


  • Please log in to reply
5 replies to this topic

#1 reecieboy

reecieboy
  • New Members
  • Pip
  • Newbie
  • 9 posts

Posted 09 April 2006 - 02:24 PM

<html>
<head>
<title>PWN|CLAN - Login</title>
<style>
body {
    background-color: Black;
    color: White;
    font-family: Tahoma, sans-serif;
    font-size: 100%;
}
#userpass {
    width: 60px;
    border-color:#777777;
    background-color: #FFFFFF;
    color: #000000;
}

#subm {
    border-color: #777777;
    background-color: #FFFFFF;
    color: #000000;
}
</style>
</head>
<body>

<?php
if (!isset($_POST['submit']) || (isset($_POST['submit']) && $_POST['username'] == '') || (isset($_POST['submit']) && $_POST['password'] == '')) {
        echo "<form name='zlogin' method='POST' action='" . $_SERVER['PHP_SELF'] . "'>";
        echo "Username:&nbsp;&nbsp;<input type='text' name='username' id='userpass'><br>";
        echo "Password:&nbsp;&nbsp;<input type='password' name='password' id='userpass'><br>";
        echo "<input type='submit' name='submit' value='Login' id='subm'>&nbsp;<input type='reset' name='reset' value='Reset' id='subm'>";
        echo "</form>";
    }else {
        mysql_connect("localhost", "root", "chaos") OR die('password');
        mysql_select_db("main") OR die('Connecting');

        $q = "SELECT * FROM users WHERE userid='". $_POST['username']. "' AND password='".$_POST['password'] . "'";
        $rs = mysql_query($q) or die('Problem with query: ' . $q . '<br />' . mysql_error());
      $qquery = mysql_fetch_array($rs);
        if ($qquery['userid'] == $_POST['username'] && $qquery['password'] == $_POST['password']) {
            session_name('login');
            session_start();
            
            $_SESSION['username'] = $_POST['username'];
            $_SESSION['password'] = $_POST['password'];
        echo session_id();
        
        $q = ""INSERT * INTO users (sessionid) WHERE userid=".$_POST['username']." VALUES(session_id)";
        $rs = mysql_query($q) or die('Problem with query: ' . $q . '<br />' . mysql_error());

            
            echo "Successfully logged in as: ".$_POST['username']."<br><a href='index.php?page=your_account'>Click here to continue...</a>";
        }else {
            echo "Login failed,<br><a href='index.php?page=login'>Click here to try again...</a>";

    }
            
            


}
?>
</body>
</html>

by the way u kno any good session tutorials?


#2 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 09 April 2006 - 02:31 PM

You forgot to terminate your string in this line:
<?php
mysql_query("INSERT * INTO users (sessionid) WHERE userid=".$_POST['username']." VALUES(session_id)")
OR die('fuck u suck reece');?>

I would break that into multiple lines for easier debugging:
<?php
$q = ""INSERT * INTO users (sessionid) WHERE userid=".$_POST['username']." VALUES(session_id)";
$rs = mysql_query($q) or die('Problem with query: ' . $q . '<br />' . mysql_error());
?>

Also, I forgot to remove the referecences to "$fontface" and the "</font>" tags in your last two lines. They should be:
<?php
            echo "Successfully logged in as: ".$_POST['username']."<br><a href='index.php?page=your_account'>Click here to continue...</a>";
        }else {
            echo "Login failed,<br><a href='index.php?page=login'>Click here to try again...</a>";
?>

Ken


#3 reecieboy

reecieboy
  • New Members
  • Pip
  • Newbie
  • 9 posts

Posted 09 April 2006 - 02:40 PM

i changed the code in the first message to wat you said 2. but still same error T_STRING except line 49 now

#4 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 09 April 2006 - 02:43 PM

Sorry, an extra double quote got into the string:
<?php
$q = "INSERT * INTO users (sessionid) WHERE userid=".$_POST['username']." VALUES(session_id)";
?>

Ken

#5 reecieboy

reecieboy
  • New Members
  • Pip
  • Newbie
  • 9 posts

Posted 09 April 2006 - 02:54 PM

27768e4a7b8a093671bf7c4f1e883ed9 session id shows up but

Problem with query: INSERT * INTO users (sessionid) WHERE userid=user VALUES(session_id)
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '* INTO users (sessionid) WHERE userid=user VALUES(session_id)'

again thank you

#6 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 09 April 2006 - 05:27 PM

Your MySQL query is completly wrong! Are you updating a table row? If so you'll want to use this syntax:
[!--sql--][div class=\'sqltop\']SQL[/div][div class=\'sqlmain\'][!--sql1--][span style=\'color:blue;font-weight:bold\']UPDATE[/span] table_name SET column_name = new_value WHERE column_name = some_value [!--sql2--][/div][!--sql3--]
The following should work:
$username = addslashes($_POST[#username']);
$q = "UPDATE users_table SET user_session='(sessionid)' WHERE userid='$username'";
You'll need to change user_table to the actual name of the table your are updating. Also chnage user_session to the coloumn name that holds the sessionid for the users. And change (sessionid) to the actually value of the sessionid.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users