vombomin Posted May 13, 2006 Share Posted May 13, 2006 Hi guys i need a little help with a login script i have been buildingI need it to read a code from the database and then use that code on the next page to tell the script "this is where the password comes from... It would be easier to have the full login on the front page but the guy who I'm building this for has specifically asked for this... anyway heres the Index.php, the Login.php and the global.php anyway the problem is that the login wont let me get in... it keeps on saying that the code is invalid but the code that I'm using is there and its all being linked to.... so could someone help me please Index[code]<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Secure* Login Panel</title><link href="includes/styles.css" rel="stylesheet" type="text/css" /></head><body><div id="header">Secure* Login Panel</div><br /><br /><br /><br /><br /><br /><div align="center"> <div id="loginbox"> <div id="loginboxleft"> <p>Welcome to the Secure* Login Panel <p> Please enter a valid code to proceed </div> <div id="loginboxright"> <h1>Login Stage one</h1> <div id="mainloginbox"> <form id="form1" name="form1" method="post" action="login.php"> <p>Please enter your code<br /> <input name="usrcode" type="text" id="usrcode" /> </p> </p> <p> <input name="Submit" type="submit" class="button" value="Next" /> </p> </form> <?php if ($_GET['error'] == 1) { echo '<div class="error">Code incorrect! Please enter a valid code</div>'; } if ($_GET['error'] == 2) { echo '<div class="error">Your session has timed out. Please log in again.</div>'; } if ($_GET['error'] == 3) { echo '<div class="error">Your Code is either invalid or not activated! Please enter a valid code.</div>'; } ?> </div> </div> </div></div></body></html>[/code]Login.php[code]<?php include("includes/global.php") ?><?php $code = htmlentities($_POST['usrcode'], ENT_QUOTES); $sql = "SELECT `code` FROM `jos_users` WHERE code='$code' AND (activation ='yes')"; $result = mysql_query($sql); if (mysql_num_rows($result) == 0) { header('location: index.php?error=1'); exit(0); } $row = mysql_fetch_array($result); if ($code == $row ['code']) { //$_SESSION['userloggedin'] = $row ['cid']; $_SESSION['userloggedinname'] = $row ['code']; header('location: login2.php'); } else { header('location: index.php?error=1'); exit(0); } ?>[/code]Global.php[code]<?php //SESSION session_start(); ob_start(); ini_set('session.gc_maxlifetime', '36000'); //GLOBAL VARIABLES $database_location = "localhost"; $database_username = "root"; $database_name = "login"; //connect to the MySQL server $dbcnx = mysql_connect($database_location,$database_username,$database_name); if (!$dbcnx) { echo "Connection Error.<br>"; } else { echo "Connection OK.<br>"; } //Select the database if(!mysql_select_db($database_name,$dbcnx)) { echo "DB Selection Error.<br>"; } //else { echo "DB Selection OK.<br>"; } ?>[/code]i am not using it online yet...i am using the Joomla stand alone server (JSAS) so that is why there is no password for the DBSorry for the length of this post but I really need help.... Quote Link to comment Share on other sites More sharing options...
alpine Posted May 13, 2006 Share Posted May 13, 2006 I would suggest to try this in Login.php and see what u get:[code]$sql = mysql_query("SELECT `code` FROM `jos_users` WHERE code = '$code' AND activation = 'yes'") or die(mysql_error());[/code]it's also good coding in my sense -to check that the form is infact posted and that the posted variable(s) actually contains data before querying the database.also, If your posted code should containg only numbers, you could use the is_numeric() function to validate the posted string's contents Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.