Jump to content

secure login problems


vombomin

Recommended Posts

Hi guys i need a little help with a login script i have been building

I need it to read a code from the database and then use that code on the next page to tell the script "this is where the password comes from... It would be easier to have the full login on the front page but the guy who I'm building this for has specifically asked for this... anyway heres the Index.php, the Login.php and the global.php anyway the problem is that the login wont let me get in... it keeps on saying that the code is invalid but the code that I'm using is there and its all being linked to.... so could someone help me please


Index
[code]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Secure* Login Panel</title>
<link href="includes/styles.css" rel="stylesheet" type="text/css" />
</head>

<body>
<div id="header">Secure* Login Panel</div>
<br /><br /><br /><br /><br /><br />
<div align="center">
    <div id="loginbox">
        <div id="loginboxleft">
            <p>Welcome to the Secure* Login Panel
      <p> Please enter a valid code to proceed
        </div>
        <div id="loginboxright">
          <h1>Login Stage one</h1>
          <div id="mainloginbox">
              <form id="form1" name="form1" method="post" action="login.php">
                <p>Please enter your code<br />
                <input name="usrcode" type="text" id="usrcode" />
                </p>
                </p>
                <p>
                  <input name="Submit" type="submit" class="button" value="Next" />
                </p>
              </form>
            <?php
            
                if ($_GET['error'] == 1) {
                
                    echo '<div class="error">Code incorrect! Please enter a valid code</div>';
                
                }
            
                if ($_GET['error'] == 2) {
                
                    echo '<div class="error">Your session has timed out. Please log in again.</div>';
                
                }
                
                if ($_GET['error'] == 3) {
        
          echo '<div class="error">Your Code is either invalid or not activated! Please enter a valid code.</div>';
        
        }
            
            ?>
          </div>
        </div>
    </div>
</div>
</body>
</html>
[/code]


Login.php
[code]
<?php include("includes/global.php") ?>
<?php

    $code = htmlentities($_POST['usrcode'], ENT_QUOTES);


    $sql = "SELECT `code` FROM `jos_users`  WHERE code='$code' AND (activation ='yes')";
    $result = mysql_query($sql);
    
    if (mysql_num_rows($result) == 0) {
    
        header('location: index.php?error=1');
        exit(0);
    
    }
    
    
    $row = mysql_fetch_array($result);
    
    if ($code == $row ['code']) {
        
        //$_SESSION['userloggedin'] = $row ['cid'];
        $_SESSION['userloggedinname'] = $row ['code'];
        header('location: login2.php');
    
    } else {
    
        header('location: index.php?error=1');
        exit(0);        
    
    }
    
?>
[/code]

Global.php
[code]
<?php

    //SESSION
    session_start();
    ob_start();
    ini_set('session.gc_maxlifetime', '36000');

    //GLOBAL VARIABLES
                                                                        
    $database_location = "localhost";
    $database_username = "root";
    $database_name = "login";

    //connect to the MySQL server
    $dbcnx = mysql_connect($database_location,$database_username,$database_name);
    
    if (!$dbcnx) { echo "Connection Error.<br>"; }  else { echo "Connection OK.<br>"; }

    //Select the database
    if(!mysql_select_db($database_name,$dbcnx)) { echo "DB Selection Error.<br>"; } //else { echo "DB Selection OK.<br>"; }    

?>
[/code]


i am not using it online yet...i am using the Joomla stand alone server (JSAS) so that is why there is no password for the DB

Sorry for the length of this post but I really need help....
Link to comment
Share on other sites

I would suggest to try this in Login.php and see what u get:
[code]
$sql = mysql_query("SELECT `code` FROM `jos_users`  WHERE code = '$code' AND activation = 'yes'") or die(mysql_error());
[/code]

it's also good coding in my sense -to check that the form is infact posted and that the posted variable(s) actually contains data before querying the database.

also, If your posted code should containg only numbers, you could use the is_numeric() function to validate the posted string's contents
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.