Jump to content


Photo

secure login problems


  • Please log in to reply
1 reply to this topic

#1 vombomin

vombomin
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 13 May 2006 - 02:34 PM

Hi guys i need a little help with a login script i have been building

I need it to read a code from the database and then use that code on the next page to tell the script "this is where the password comes from... It would be easier to have the full login on the front page but the guy who I'm building this for has specifically asked for this... anyway heres the Index.php, the Login.php and the global.php anyway the problem is that the login wont let me get in... it keeps on saying that the code is invalid but the code that I'm using is there and its all being linked to.... so could someone help me please


Index
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Secure* Login Panel</title>
<link href="includes/styles.css" rel="stylesheet" type="text/css" />
</head>

<body>
<div id="header">Secure* Login Panel</div>
<br /><br /><br /><br /><br /><br />
<div align="center">
    <div id="loginbox">
        <div id="loginboxleft">
            <p>Welcome to the Secure* Login Panel
      <p> Please enter a valid code to proceed
        </div>
        <div id="loginboxright">
          <h1>Login Stage one</h1>
          <div id="mainloginbox">
              <form id="form1" name="form1" method="post" action="login.php">
                <p>Please enter your code<br />
                <input name="usrcode" type="text" id="usrcode" />
                </p>
                </p>
                <p>
                  <input name="Submit" type="submit" class="button" value="Next" />
                </p>
              </form>
            <?php
            
                if ($_GET['error'] == 1) {
                
                    echo '<div class="error">Code incorrect! Please enter a valid code</div>';
                
                }
            
                if ($_GET['error'] == 2) {
                
                    echo '<div class="error">Your session has timed out. Please log in again.</div>';
                
                }
                
                if ($_GET['error'] == 3) {
        
          echo '<div class="error">Your Code is either invalid or not activated! Please enter a valid code.</div>';
        
        }
            
            ?>
          </div>
        </div>
    </div>
</div>
</body>
</html>


Login.php
<?php include("includes/global.php") ?>
<?php

    $code = htmlentities($_POST['usrcode'], ENT_QUOTES);


    $sql = "SELECT `code` FROM `jos_users`  WHERE code='$code' AND (activation ='yes')";
    $result = mysql_query($sql);
    
    if (mysql_num_rows($result) == 0) {
    
        header('location: index.php?error=1');
        exit(0);
    
    }
    
    
    $row = mysql_fetch_array($result);
    
    if ($code == $row ['code']) {
        
        //$_SESSION['userloggedin'] = $row ['cid'];
        $_SESSION['userloggedinname'] = $row ['code'];
        header('location: login2.php');
    
    } else {
    
        header('location: index.php?error=1');
        exit(0);        
    
    }
    
?>

Global.php
<?php

    //SESSION
    session_start();
    ob_start();
    ini_set('session.gc_maxlifetime', '36000');

    //GLOBAL VARIABLES
                                                                         
    $database_location = "localhost";
    $database_username = "root";
    $database_name = "login";

    //connect to the MySQL server
    $dbcnx = mysql_connect($database_location,$database_username,$database_name);
    
    if (!$dbcnx) { echo "Connection Error.<br>"; }  else { echo "Connection OK.<br>"; }

    //Select the database
    if(!mysql_select_db($database_name,$dbcnx)) { echo "DB Selection Error.<br>"; } //else { echo "DB Selection OK.<br>"; }    

?>


i am not using it online yet...i am using the Joomla stand alone server (JSAS) so that is why there is no password for the DB

Sorry for the length of this post but I really need help....

#2 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 13 May 2006 - 03:20 PM

I would suggest to try this in Login.php and see what u get:
$sql = mysql_query("SELECT `code` FROM `jos_users`  WHERE code = '$code' AND activation = 'yes'") or die(mysql_error());

it's also good coding in my sense -to check that the form is infact posted and that the posted variable(s) actually contains data before querying the database.

also, If your posted code should containg only numbers, you could use the is_numeric() function to validate the posted string's contents




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users