reecieboy Posted April 9, 2006 Share Posted April 9, 2006 [code]<html><head><title>PWN|CLAN - Login</title><style>body { background-color: Black; color: White; font-family: Tahoma, sans-serif; font-size: 100%;}#userpass { width: 60px; border-color:#777777; background-color: #FFFFFF; color: #000000;}#subm { border-color: #777777; background-color: #FFFFFF; color: #000000;}</style></head><body><?phpif (!isset($_POST['submit']) || (isset($_POST['submit']) && $_POST['username'] == '') || (isset($_POST['submit']) && $_POST['password'] == '')) { echo "<form name='zlogin' method='POST' action='" . $_SERVER['PHP_SELF'] . "'>"; echo "Username: <input type='text' name='username' id='userpass'><br>"; echo "Password: <input type='password' name='password' id='userpass'><br>"; echo "<input type='submit' name='submit' value='Login' id='subm'> <input type='reset' name='reset' value='Reset' id='subm'>"; echo "</form>"; }else { mysql_connect("localhost", "root", "chaos") OR die('password'); mysql_select_db("main") OR die('Connecting'); $q = "SELECT * FROM users WHERE userid='". $_POST['username']. "' AND password='".$_POST['password'] . "'"; $rs = mysql_query($q) or die('Problem with query: ' . $q . '<br />' . mysql_error()); $qquery = mysql_fetch_array($rs); if ($qquery['userid'] == $_POST['username'] && $qquery['password'] == $_POST['password']) { session_name('login'); session_start(); $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; echo session_id(); $q = ""INSERT * INTO users (sessionid) WHERE userid=".$_POST['username']." VALUES(session_id)"; $rs = mysql_query($q) or die('Problem with query: ' . $q . '<br />' . mysql_error()); echo "Successfully logged in as: ".$_POST['username']."<br><a href='index.php?page=your_account'>Click here to continue...</a>"; }else { echo "Login failed,<br><a href='index.php?page=login'>Click here to try again...</a>"; } }?></body></html>[/code]by the way u kno any good session tutorials? Link to comment https://forums.phpfreaks.com/topic/6942-1more-thing-pls/ Share on other sites More sharing options...
kenrbnsn Posted April 9, 2006 Share Posted April 9, 2006 You forgot to terminate your string in this line:[code]<?phpmysql_query("INSERT * INTO users (sessionid) WHERE userid=".$_POST['username']." VALUES(session_id)")OR die('fuck u suck reece');?>[/code]I would break that into multiple lines for easier debugging:[code]<?php$q = ""INSERT * INTO users (sessionid) WHERE userid=".$_POST['username']." VALUES(session_id)";$rs = mysql_query($q) or die('Problem with query: ' . $q . '<br />' . mysql_error());?>[/code]Also, I forgot to remove the referecences to "$fontface" and the "</font>" tags in your last two lines. They should be:[code]<?php echo "Successfully logged in as: ".$_POST['username']."<br><a href='index.php?page=your_account'>Click here to continue...</a>"; }else { echo "Login failed,<br><a href='index.php?page=login'>Click here to try again...</a>";?>[/code]Ken Link to comment https://forums.phpfreaks.com/topic/6942-1more-thing-pls/#findComment-25214 Share on other sites More sharing options...
reecieboy Posted April 9, 2006 Author Share Posted April 9, 2006 i changed the code in the first message to wat you said 2. but still same error T_STRING except line 49 now Link to comment https://forums.phpfreaks.com/topic/6942-1more-thing-pls/#findComment-25217 Share on other sites More sharing options...
kenrbnsn Posted April 9, 2006 Share Posted April 9, 2006 Sorry, an extra double quote got into the string:[code]<?php$q = "INSERT * INTO users (sessionid) WHERE userid=".$_POST['username']." VALUES(session_id)";?>[/code]Ken Link to comment https://forums.phpfreaks.com/topic/6942-1more-thing-pls/#findComment-25219 Share on other sites More sharing options...
reecieboy Posted April 9, 2006 Author Share Posted April 9, 2006 27768e4a7b8a093671bf7c4f1e883ed9 session id shows up butProblem with query: INSERT * INTO users (sessionid) WHERE userid=user VALUES(session_id)You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '* INTO users (sessionid) WHERE userid=user VALUES(session_id)' again thank you Link to comment https://forums.phpfreaks.com/topic/6942-1more-thing-pls/#findComment-25221 Share on other sites More sharing options...
wildteen88 Posted April 9, 2006 Share Posted April 9, 2006 Your MySQL query is completly wrong! Are you updating a table row? If so you'll want to use this syntax:[!--sql--][div class=\'sqltop\']SQL[/div][div class=\'sqlmain\'][!--sql1--][span style=\'color:blue;font-weight:bold\']UPDATE[/span] table_name SET column_name [color=orange]=[/color] new_value [color=green]WHERE[/color] column_name [color=orange]=[/color] some_value [!--sql2--][/div][!--sql3--]The following should work:[code]$username = addslashes($_POST[#username']);$q = "UPDATE users_table SET user_session='(sessionid)' WHERE userid='$username'";[/code]You'll need to change user_table to the actual name of the table your are updating. Also chnage user_session to the coloumn name that holds the sessionid for the users. And change (sessionid) to the actually value of the sessionid. Link to comment https://forums.phpfreaks.com/topic/6942-1more-thing-pls/#findComment-25265 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.