PDA

View Full Version : A little coding question


:Lively
16-12-2007, 02:16 PM
Ok, my knowledge of mysql has its limits, so can anyone write the small piece of code which i put in to make it display the username when followed through...


<?php
if(@file_exists("installer.php"))
{
header("Location: installer.php?stage=1");
}
session_start();
include("includes/functions.php");
include("includes/config.php");

// Check for login
if($_GET['inside'] == "yes" || isset($_SESSION['username']) && isset($_SESSION['password']) && !$_SESSION['level'] == "banned") {
##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} else {
header('location: miniprofile.php?name=VALUE PUT IN USERNAME FIELD');
die();
}
}


elseif($_GET['method'] == "login") {

$username = $_POST['username'];
$password = $_POST['password'];

if(empty($username) || empty($password)) {
header('location: minilogin.php?error=2');
die();
}




// Clean out and encrypt strings

$username = clean($username);
$password = encrypt($password);

// We have encrypted and cleaned the strings.

$check = mysql_query("SELECT * FROM users WHERE username = '$username'");
while($rows = mysql_fetch_array($check)) {
$realpass = $rows[password];
$level = $rows[level];
$realuser = $rows[username];
}

$rows3 = mysql_num_rows($check);


if($rows3 == "0") {
header('location: minilogin.php?error=1');
die();
}

if($password == $realpass) {
// Set the sessions
$_SESSION['username'] = $realuser;
$_SESSION['password'] = $password;
$_SESSION['level'] = $level;

##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} elseif($_SESSION[level] == "banned") {
header('location: minilogin.php?banned=true');
} else {
header('location: minilogin.php?inside=yes');
die();
}
}
else {
session_destroy();
header('location: minilogin.php?error=1');
die();
}



}
?>
<?
if(isset($_SESSION['username']) && isset($_SESSION['password']) && isset($_SESSION['level'])) {
header('location: miniprofile.php');
die();
}
?>

<link href="../default.css" rel="stylesheet" type="text/css" />

<center>
<form method="post" action="?method=login">
<br>Username:<br />
<input name="username" type="text" id="username" onChange="check(this.value)" /><div id="results"></div>

<br />
Password:<br />
<label>
<input name="password" type="password" id="password" />
</label>
<br />
<br />
<label>
<input type="submit" name="Submit" value="Login" />
</label>
</form>



<?php
if($_GET['error'] == "1") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Invalid username and/or password<br>");
echo(" <br></div>");
}
elseif($_GET['error'] == "2") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> You must fill in both fields<br>");
echo(" <br></div>");
}
elseif($_GET['banned'] == "true") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Your account is disabled or banned!<br>");
echo(" <br></div>");
}
else {
echo(" <br></div>");
}
?>
<a href="register.php" target="home">Register</a><br>
<a href="retreivepass.php" target="home">Forgot your password?</a>

</body>

</html>
loserWILL
16-12-2007, 02:33 PM
Erm this might work:


<?php
// The database connection
include "config.php";

// mySQL
$sql = "SELECT * FROM users";
$select = mysql_query("SELECT username FROM users");
while ($display = mysql_fetch_array($select)) {
$name = $display['name'];

// The echo
echo ("Your username is: $username");
}
?>
:Lively
16-12-2007, 02:35 PM
thanks, but i wanted the code i posted edited in the red highlighted bit. so basically it takes the username which has been submitted, and puts it in the link if the login is successful

i wos too vague before sorry
ThisNameWillDo!
16-12-2007, 02:36 PM
<?php
if(@file_exists("installer.php"))
{
header("Location: installer.php?stage=1");
}
session_start();
include("includes/functions.php");
include("includes/config.php");

// Check for login
if($_GET['inside'] == "yes" || isset($_SESSION['username']) && isset($_SESSION['password']) && !$_SESSION['level'] == "banned") {
##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} else {
header('location: miniprofile.php?name=$username');
die();
}
}


elseif($_GET['method'] == "login") {

$username = $_POST['username'];
$password = $_POST['password'];

if(empty($username) || empty($password)) {
header('location: minilogin.php?error=2');
die();
}




// Clean out and encrypt strings

$username = clean($username);
$password = encrypt($password);

// We have encrypted and cleaned the strings.

$check = mysql_query("SELECT * FROM users WHERE username = '$username'");
while($rows = mysql_fetch_array($check)) {
$realpass = $rows[password];
$level = $rows[level];
$realuser = $rows[username];
}

$rows3 = mysql_num_rows($check);


if($rows3 == "0") {
header('location: minilogin.php?error=1');
die();
}

if($password == $realpass) {
// Set the sessions
$_SESSION['username'] = $realuser;
$_SESSION['password'] = $password;
$_SESSION['level'] = $level;

##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} elseif($_SESSION[level] == "banned") {
header('location: minilogin.php?banned=true');
} else {
header('location: minilogin.php?inside=yes');
die();
}
}
else {
session_destroy();
header('location: minilogin.php?error=1');
die();
}



}
?>
<?
if(isset($_SESSION['username']) && isset($_SESSION['password']) && isset($_SESSION['level'])) {
header('location: miniprofile.php');
die();
}
?>

<link href="../default.css" rel="stylesheet" type="text/css" />

<center>
<form method="post" action="?method=login">
<br>Username:<br />
<input name="username" type="text" id="username" onChange="check(this.value)" /><div id="results"></div>

<br />
Password:<br />
<label>
<input name="password" type="password" id="password" />
</label>
<br />
<br />
<label>
<input type="submit" name="Submit" value="Login" />
</label>
</form>



<?php
if($_GET['error'] == "1") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Invalid username and/or password<br>");
echo(" <br></div>");
}
elseif($_GET['error'] == "2") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> You must fill in both fields<br>");
echo(" <br></div>");
}
elseif($_GET['banned'] == "true") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Your account is disabled or banned!<br>");
echo(" <br></div>");
}
else {
echo(" <br></div>");
}
?>
<a href="register.php" target="home">Register</a><br>
<a href="retreivepass.php" target="home">Forgot your password?</a>

</body>

</html>
:Lively
16-12-2007, 02:39 PM
dont work..
ThisNameWillDo!
16-12-2007, 02:40 PM
Hi, can you tell us what the error is?

- Vince.
loserWILL
16-12-2007, 02:41 PM
Try this:


<?php
if(@file_exists("installer.php"))
{
header("Location: installer.php?stage=1");
}
session_start();
include("includes/functions.php");
include("includes/config.php");

// Check for login
if($_GET['inside'] == "yes" || isset($_SESSION['username']) && isset($_SESSION['password']) && !$_SESSION['level'] == "banned") {
##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));
$username = $_POST['username'];

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} else {
header('location: miniprofile.php?name=$username');
die();
}
}


elseif($_GET['method'] == "login") {

$username = $_POST['username'];
$password = $_POST['password'];

if(empty($username) || empty($password)) {
header('location: minilogin.php?error=2');
die();
}




// Clean out and encrypt strings

$username = clean($username);
$password = encrypt($password);

// We have encrypted and cleaned the strings.

$check = mysql_query("SELECT * FROM users WHERE username = '$username'");
while($rows = mysql_fetch_array($check)) {
$realpass = $rows[password];
$level = $rows[level];
$realuser = $rows[username];
}

$rows3 = mysql_num_rows($check);


if($rows3 == "0") {
header('location: minilogin.php?error=1');
die();
}

if($password == $realpass) {
// Set the sessions
$_SESSION['username'] = $realuser;
$_SESSION['password'] = $password;
$_SESSION['level'] = $level;

##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} elseif($_SESSION[level] == "banned") {
header('location: minilogin.php?banned=true');
} else {
header('location: minilogin.php?inside=yes');
die();
}
}
else {
session_destroy();
header('location: minilogin.php?error=1');
die();
}



}
?>
<?
if(isset($_SESSION['username']) && isset($_SESSION['password']) && isset($_SESSION['level'])) {
header('location: miniprofile.php');
die();
}
?>

<link href="../default.css" rel="stylesheet" type="text/css" />

<center>
<form method="post" action="?method=login">
<br>Username:<br />
<input name="username" type="text" id="username" onChange="check(this.value)" /><div id="results"></div>

<br />
Password:<br />
<label>
<input name="password" type="password" id="password" />
</label>
<br />
<br />
<label>
<input type="submit" name="Submit" value="Login" />
</label>
</form>



<?php
if($_GET['error'] == "1") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Invalid username and/or password<br>");
echo(" <br></div>");
}
elseif($_GET['error'] == "2") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> You must fill in both fields<br>");
echo(" <br></div>");
}
elseif($_GET['banned'] == "true") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Your account is disabled or banned!<br>");
echo(" <br></div>");
}
else {
echo(" <br></div>");
}
?>
<a href="register.php" target="home">Register</a><br>
<a href="retreivepass.php" target="home">Forgot your password?</a>

</body>

</html>
:Lively
16-12-2007, 02:42 PM
i'v tried that too.

in the browser basically when they log in it shows miniprofile.php?name=$realuser


a want that $realuser bit to say the username that they have just logged in with, or typed in below
ThisNameWillDo!
16-12-2007, 02:44 PM
Try this:


<?php
if(@file_exists("installer.php"))
{
header("Location: installer.php?stage=1");
}
session_start();
include("includes/functions.php");
include("includes/config.php");

// Check for login
if($_GET['inside'] == "yes" || isset($_SESSION['username']) && isset($_SESSION['password']) && !$_SESSION['level'] == "banned") {
##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));
$username = $_POST['username'];

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} else {
header('location: miniprofile.php?name=$username');
die();
}
}


elseif($_GET['method'] == "login") {

$username = $_POST['username'];
$password = $_POST['password'];

if(empty($username) || empty($password)) {
header('location: minilogin.php?error=2');
die();
}




// Clean out and encrypt strings

$username = clean($username);
$password = encrypt($password);

// We have encrypted and cleaned the strings.

$check = mysql_query("SELECT * FROM users WHERE username = '$username'");
while($rows = mysql_fetch_array($check)) {
$realpass = $rows[password];
$level = $rows[level];
$realuser = $rows[username];
}

$rows3 = mysql_num_rows($check);


if($rows3 == "0") {
header('location: minilogin.php?error=1');
die();
}

if($password == $realpass) {
// Set the sessions
$_SESSION['username'] = $realuser;
$_SESSION['password'] = $password;
$_SESSION['level'] = $level;

##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} elseif($_SESSION[level] == "banned") {
header('location: minilogin.php?banned=true');
} else {
header('location: minilogin.php?inside=yes');
die();
}
}
else {
session_destroy();
header('location: minilogin.php?error=1');
die();
}



}
?>
<?
if(isset($_SESSION['username']) && isset($_SESSION['password']) && isset($_SESSION['level'])) {
header('location: miniprofile.php');
die();
}
?>

<link href="../default.css" rel="stylesheet" type="text/css" />

<center>
<form method="post" action="?method=login">
<br>Username:<br />
<input name="username" type="text" id="username" onChange="check(this.value)" /><div id="results"></div>

<br />
Password:<br />
<label>
<input name="password" type="password" id="password" />
</label>
<br />
<br />
<label>
<input type="submit" name="Submit" value="Login" />
</label>
</form>



<?php
if($_GET['error'] == "1") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Invalid username and/or password<br>");
echo(" <br></div>");
}
elseif($_GET['error'] == "2") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> You must fill in both fields<br>");
echo(" <br></div>");
}
elseif($_GET['banned'] == "true") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Your account is disabled or banned!<br>");
echo(" <br></div>");
}
else {
echo(" <br></div>");
}
?>
<a href="register.php" target="home">Register</a><br>
<a href="retreivepass.php" target="home">Forgot your password?</a>

</body>

</html>

That should definitely work..

- Vince.
loserWILL
16-12-2007, 02:44 PM
i'v tried that too.

in the browser basically when they log in it shows miniprofile.php?name=$realuser

Try what I posted.
:Lively
16-12-2007, 02:46 PM
tried all them, and it aint workin :(
loserWILL
16-12-2007, 02:47 PM
What's the URL?
ThisNameWillDo!
16-12-2007, 02:48 PM
Yes, please tell us the URL so we can check this.

- Vince.
:Lively
16-12-2007, 03:10 PM
http://www.blazeradio.nationvoice.com/v2/panel/minilogin.php

user: demo
pass: demo

you'll notice when u log in it displays http://www.blazeradio.nationvoice.com/v2/panel/miniprofile.php?name=$realuser


it shud b sayin name=demo

(log out n log back in if u dun see the login page)
loserWILL
16-12-2007, 03:13 PM
Did you use the code I posted?
:Lively
16-12-2007, 03:15 PM
yep i tried that, with $username instead
loserWILL
16-12-2007, 03:16 PM
Did you copy and paste the exact code I posted?
:Lively
16-12-2007, 03:18 PM
err no, wos there something else?
loserWILL
16-12-2007, 03:19 PM
Yes, there was. :P Copy and paste the following code, exactly.


<?php
if(@file_exists("installer.php"))
{
header("Location: installer.php?stage=1");
}
session_start();
include("includes/functions.php");
include("includes/config.php");

// Check for login
if($_GET['inside'] == "yes" || isset($_SESSION['username']) && isset($_SESSION['password']) && !$_SESSION['level'] == "banned") {
##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));
$username = $_POST['username'];

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} else {
header('location: miniprofile.php?name=$username');
die();
}
}


elseif($_GET['method'] == "login") {

$username = $_POST['username'];
$password = $_POST['password'];

if(empty($username) || empty($password)) {
header('location: minilogin.php?error=2');
die();
}




// Clean out and encrypt strings

$username = clean($username);
$password = encrypt($password);

// We have encrypted and cleaned the strings.

$check = mysql_query("SELECT * FROM users WHERE username = '$username'");
while($rows = mysql_fetch_array($check)) {
$realpass = $rows[password];
$level = $rows[level];
$realuser = $rows[username];
}

$rows3 = mysql_num_rows($check);


if($rows3 == "0") {
header('location: minilogin.php?error=1');
die();
}

if($password == $realpass) {
// Set the sessions
$_SESSION['username'] = $realuser;
$_SESSION['password'] = $password;
$_SESSION['level'] = $level;

##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} elseif($_SESSION[level] == "banned") {
header('location: minilogin.php?banned=true');
} else {
header('location: minilogin.php?inside=yes');
die();
}
}
else {
session_destroy();
header('location: minilogin.php?error=1');
die();
}



}
?>
<?
if(isset($_SESSION['username']) && isset($_SESSION['password']) && isset($_SESSION['level'])) {
header('location: miniprofile.php');
die();
}
?>

<link href="../default.css" rel="stylesheet" type="text/css" />

<center>
<form method="post" action="?method=login">
<br>Username:<br />
<input name="username" type="text" id="username" onChange="check(this.value)" /><div id="results"></div>

<br />
Password:<br />
<label>
<input name="password" type="password" id="password" />
</label>
<br />
<br />
<label>
<input type="submit" name="Submit" value="Login" />
</label>
</form>



<?php
if($_GET['error'] == "1") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Invalid username and/or password<br>");
echo(" <br></div>");
}
elseif($_GET['error'] == "2") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> You must fill in both fields<br>");
echo(" <br></div>");
}
elseif($_GET['banned'] == "true") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Your account is disabled or banned!<br>");
echo(" <br></div>");
}
else {
echo(" <br></div>");
}
?>
<a href="register.php" target="home">Register</a><br>
<a href="retreivepass.php" target="home">Forgot your password?</a>

</body>

</html>
:Lively
16-12-2007, 03:21 PM
no doesn't work
loserWILL
16-12-2007, 03:25 PM
Try this:


<?php
if(@file_exists("installer.php"))
{
header("Location: installer.php?stage=1");
}
session_start();
include("includes/functions.php");
include("includes/config.php");

// Check for login
if($_GET['inside'] == "yes" || isset($_SESSION['username']) && isset($_SESSION['password']) && !$_SESSION['level'] == "banned") {
##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));
$username = $_POST['username'];
// mySQL
$sql = "SELECT * FROM users";
$select = mysql_query("SELECT username FROM users");
while ($display = mysql_fetch_array($select)) {
$name = $display['name'];

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} else {
header('location: miniprofile.php?name=$name');
die();
}
}


elseif($_GET['method'] == "login") {

$username = $_POST['username'];
$password = $_POST['password'];

if(empty($username) || empty($password)) {
header('location: minilogin.php?error=2');
die();
}




// Clean out and encrypt strings

$username = clean($username);
$password = encrypt($password);

// We have encrypted and cleaned the strings.

$check = mysql_query("SELECT * FROM users WHERE username = '$username'");
while($rows = mysql_fetch_array($check)) {
$realpass = $rows[password];
$level = $rows[level];
$realuser = $rows[username];
}

$rows3 = mysql_num_rows($check);


if($rows3 == "0") {
header('location: minilogin.php?error=1');
die();
}

if($password == $realpass) {
// Set the sessions
$_SESSION['username'] = $realuser;
$_SESSION['password'] = $password;
$_SESSION['level'] = $level;

##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} elseif($_SESSION[level] == "banned") {
header('location: minilogin.php?banned=true');
} else {
header('location: minilogin.php?inside=yes');
die();
}
}
else {
session_destroy();
header('location: minilogin.php?error=1');
die();
}



}
?>
<?
if(isset($_SESSION['username']) && isset($_SESSION['password']) && isset($_SESSION['level'])) {
header('location: miniprofile.php');
die();
}
?>

<link href="../default.css" rel="stylesheet" type="text/css" />

<center>
<form method="post" action="?method=login">
<br>Username:<br />
<input name="username" type="text" id="username" onChange="check(this.value)" /><div id="results"></div>

<br />
Password:<br />
<label>
<input name="password" type="password" id="password" />
</label>
<br />
<br />
<label>
<input type="submit" name="Submit" value="Login" />
</label>
</form>



<?php
if($_GET['error'] == "1") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Invalid username and/or password<br>");
echo(" <br></div>");
}
elseif($_GET['error'] == "2") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> You must fill in both fields<br>");
echo(" <br></div>");
}
elseif($_GET['banned'] == "true") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Your account is disabled or banned!<br>");
echo(" <br></div>");
}
else {
echo(" <br></div>");
}
?>
<a href="register.php" target="home">Register</a><br>
<a href="retreivepass.php" target="home">Forgot your password?</a>

</body>

</html>
:Lively
16-12-2007, 03:36 PM
Parse error: syntax error, unexpected T_ELSEIF in /home/blazerad/public_html/v2/panel/minilogin.php on line 31
loserWILL
16-12-2007, 03:37 PM
Try:


<?php
if(@file_exists("installer.php"))
{
header("Location: installer.php?stage=1");
}
session_start();
include("includes/functions.php");
include("includes/config.php");

// Check for login
if($_GET['inside'] == "yes" || isset($_SESSION['username']) && isset($_SESSION['password']) && !$_SESSION['level'] == "banned") {
##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));
$username = $_POST['username'];
// mySQL
$sql = "SELECT * FROM users";
$select = mysql_query("SELECT username FROM users");
while ($display = mysql_fetch_array($select)) {
$name = $display['name'];

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} else {
header('location: miniprofile.php?name=$name');die();
}
}


else
($_GET['method'] == "login") {

$username = $_POST['username'];
$password = $_POST['password'];

if(empty($username) || empty($password)) {
header('location: minilogin.php?error=2');
die();
}




// Clean out and encrypt strings

$username = clean($username);
$password = encrypt($password);

// We have encrypted and cleaned the strings.

$check = mysql_query("SELECT * FROM users WHERE username = '$username'");
while($rows = mysql_fetch_array($check)) {
$realpass = $rows[password];
$level = $rows[level];
$realuser = $rows[username];
}

$rows3 = mysql_num_rows($check);


if($rows3 == "0") {
header('location: minilogin.php?error=1');
die();
}

if($password == $realpass) {
// Set the sessions
$_SESSION['username'] = $realuser;
$_SESSION['password'] = $password;
$_SESSION['level'] = $level;

##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} elseif($_SESSION[level] == "banned") {
header('location: minilogin.php?banned=true');
} else {
header('location: minilogin.php?inside=yes');
die();
}
}
else {
session_destroy();
header('location: minilogin.php?error=1');
die();
}



}
?>
<?
if(isset($_SESSION['username']) && isset($_SESSION['password']) && isset($_SESSION['level'])) {
header('location: miniprofile.php');
die();
}
?>

<link href="../default.css" rel="stylesheet" type="text/css" />

<center>
<form method="post" action="?method=login">
<br>Username:<br />
<input name="username" type="text" id="username" onChange="check(this.value)" /><div id="results"></div>

<br />
Password:<br />
<label>
<input name="password" type="password" id="password" />
</label>
<br />
<br />
<label>
<input type="submit" name="Submit" value="Login" />
</label>
</form>



<?php
if($_GET['error'] == "1") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Invalid username and/or password<br>");
echo(" <br></div>");
}
elseif($_GET['error'] == "2") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> You must fill in both fields<br>");
echo(" <br></div>");
}
elseif($_GET['banned'] == "true") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Your account is disabled or banned!<br>");
echo(" <br></div>");
}
else {
echo(" <br></div>");
}
?>
<a href="register.php" target="home">Register</a><br>
<a href="retreivepass.php" target="home">Forgot your password?</a>

</body>

</html>
:Lively
16-12-2007, 03:39 PM
Parse error: syntax error, unexpected T_ELSE in /home/blazerad/public_html/v2/panel/login2.php on line 30
loserWILL
16-12-2007, 04:11 PM
Erm, try this. If this doesn't work I don't know. :(


<?php
if(@file_exists("installer.php"))
{
header("Location: installer.php?stage=1");
}
session_start();
include("includes/functions.php");
include("includes/config.php");

// Check for login
if($_GET['inside'] == "yes" || isset($_SESSION['username']) && isset($_SESSION['password']) && !$_SESSION['level'] == "banned") {
##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));
$username = $_POST['username'];
// mySQL
$sql = "SELECT * FROM users";
$select = mysql_query("SELECT username FROM users");
while ($display = mysql_fetch_array($select)) {
$name = $display['name'];

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} else {
header('location: miniprofile.php?name=$name');die();
}
}


if
($_GET['method'] == "login") {

$username = $_POST['username'];
$password = $_POST['password'];

if(empty($username) || empty($password)) {
header('location: minilogin.php?error=2');
die();
}




// Clean out and encrypt strings

$username = clean($username);
$password = encrypt($password);

// We have encrypted and cleaned the strings.

$check = mysql_query("SELECT * FROM users WHERE username = '$username'");
while($rows = mysql_fetch_array($check)) {
$realpass = $rows[password];
$level = $rows[level];
$realuser = $rows[username];
}

$rows3 = mysql_num_rows($check);


if($rows3 == "0") {
header('location: minilogin.php?error=1');
die();
}

if($password == $realpass) {
// Set the sessions
$_SESSION['username'] = $realuser;
$_SESSION['password'] = $password;
$_SESSION['level'] = $level;

##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} elseif($_SESSION[level] == "banned") {
header('location: minilogin.php?banned=true');
} else {
header('location: minilogin.php?inside=yes');
die();
}
}
else {
session_destroy();
header('location: minilogin.php?error=1');
die();
}



}
?>
<?
if(isset($_SESSION['username']) && isset($_SESSION['password']) && isset($_SESSION['level'])) {
header('location: miniprofile.php');
die();
}
?>

<link href="../default.css" rel="stylesheet" type="text/css" />

<center>
<form method="post" action="?method=login">
<br>Username:<br />
<input name="username" type="text" id="username" onChange="check(this.value)" /><div id="results"></div>

<br />
Password:<br />
<label>
<input name="password" type="password" id="password" />
</label>
<br />
<br />
<label>
<input type="submit" name="Submit" value="Login" />
</label>
</form>



<?php
if($_GET['error'] == "1") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Invalid username and/or password<br>");
echo(" <br></div>");
}
elseif($_GET['error'] == "2") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> You must fill in both fields<br>");
echo(" <br></div>");
}
elseif($_GET['banned'] == "true") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Your account is disabled or banned!<br>");
echo(" <br></div>");
}
else {
echo(" <br></div>");
}
?>
<a href="register.php" target="home">Register</a><br>
<a href="retreivepass.php" target="home">Forgot your password?</a>

</body>

</html>
Johno
16-12-2007, 04:26 PM
Hey,


<?php
if(@file_exists("installer.php"))
{
header("Location: installer.php?stage=1");
}
session_start();
include("includes/functions.php");
include("includes/config.php");

// Check for login
if($_GET['inside'] == "yes" || isset($_SESSION['username']) && isset($_SESSION['password']) && !$_SESSION['level'] == "banned") {
##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} else {
header("location: miniprofile.php?name=$name");
die();
}
}


elseif($_GET['method'] == "login") {

$username = $_POST['username'];
$password = $_POST['password'];

if(empty($username) || empty($password)) {
header('location: minilogin.php?error=2');
die();
}




// Clean out and encrypt strings

$username = clean($username);
$password = encrypt($password);

// We have encrypted and cleaned the strings.

$check = mysql_query("SELECT * FROM users WHERE username = '$username'");
while($rows = mysql_fetch_array($check)) {
$realpass = $rows[password];
$level = $rows[level];
$realuser = $rows[username];
}

$rows3 = mysql_num_rows($check);


if($rows3 == "0") {
header('location: minilogin.php?error=1');
die();
}

if($password == $realpass) {
// Set the sessions
$_SESSION['username'] = $realuser;
$_SESSION['password'] = $password;
$_SESSION['level'] = $level;

##### CHECK FOR FIRST-TIME USER #####
$checker = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username = '$_SESSION[username]'"));

if($checker['firsttime'] == "") {
header('location: miniprofile.php?firstime=yes');
die();
} elseif($_SESSION[level] == "banned") {
header('location: minilogin.php?banned=true');
} else {
header('location: minilogin.php?inside=yes');
die();
}
}
else {
session_destroy();
header('location: minilogin.php?error=1');
die();
}



}
?>
<?
if(isset($_SESSION['username']) && isset($_SESSION['password']) && isset($_SESSION['level'])) {
header('location: miniprofile.php');
die();
}
?>

<link href="../default.css" rel="stylesheet" type="text/css" />

<center>
<form method="post" action="?method=login">
<br>Username:<br />
<input name="username" type="text" id="username" onChange="check(this.value)" /><div id="results"></div>

<br />
Password:<br />
<label>
<input name="password" type="password" id="password" />
</label>
<br />
<br />
<label>
<input type="submit" name="Submit" value="Login" />
</label>
</form>



<?php
if($_GET['error'] == "1") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Invalid username and/or password<br>");
echo(" <br></div>");
}
elseif($_GET['error'] == "2") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> You must fill in both fields<br>");
echo(" <br></div>");
}
elseif($_GET['banned'] == "true") {
echo(" </div>
<div id=\"error\">");
echo("<font color='#FF0000'><b>Error:</b> Your account is disabled or banned!<br>");
echo(" <br></div>");
}
else {
echo(" <br></div>");
}
?>
<a href="register.php" target="home">Register</a><br>
<a href="retreivepass.php" target="home">Forgot your password?</a>

</body>

</html>

I don't think it will work but give it a try :)

.:; Johno
Mentor
16-12-2007, 05:33 PM
In your orignal example, you want to get the userlogged in varible as the text yes?
$_SESSION[username] as far as i can tell is currenlty holding the username.
So just shove that in the the header:

header('location: miniprofile.php?name='.$_SESSION[username]);

Now, whatevers in the username session var will become part of the location header, so with luck its holding the username and will fix ya code :)

for other attemptes by the looks of it your getting magic $name varibles from no where, then in the versions that do get it, your saving it as $username then trying to call $name again
:p
loserWILL
16-12-2007, 05:37 PM
In your orignal example, you want to get the userlogged in varible as the text yes?
$_SESSION[username] as far as i can tell is currenlty holding the username.
So just shove that in the the header:

header('location: miniprofile.php?name='.$_SESSION[username]);

Now, whatevers in the username session var will become part of the location header, so with luck its holding the username and will fix ya code :)

for other attemptes by the looks of it your getting magic $name varibles from no where, then in the versions that do get it, your saving it as $username then trying to call $name again
:p

Woah, I never thought of that.
Ini
16-12-2007, 05:47 PM
As 01101101entor said


header('location: miniprofile.php?name='.$_SESSION[username]);

but put as:


header('location: miniprofile.php?name=$_SESSION[username]');
Invent
16-12-2007, 05:48 PM
As 01101101entor said


header('location: miniprofile.php?name='.$_SESSION[username]);but put as:


header('location: miniprofile.php?name=$_SESSION[username]');

No...

Put it as;


header('location: miniprofile.php?name='.$_SESSION[username]);
:Lively
16-12-2007, 06:01 PM
wahoo thanks guys, finally workin.

+rep 4 all hu helped :]
Invent
16-12-2007, 06:02 PM
Glad you've got it working :P

Fyi; I might release a new version of the Panel soon to fix all the security issues/bugs ;)
Mentor
17-12-2007, 08:40 PM
As 01101101entor said


header('location: miniprofile.php?name='.$_SESSION[username]);

but put as:


header('location: miniprofile.php?name=$_SESSION[username]');

You'll find my bit of code was correct, though i can see what your attempting to do.
Your problem here is PHP treat's single quotes ' and double quotes differently, and unluckily you appear to have chosen the wrong one.

If php sees a string with double quotes, php will check to see if any varibles are inside, Which i believe is what you were trying to do, so:

header("location: miniprofile.php?name=$_SESSION[username]");

Would indeed work.

Unluckily if php comes across a single quote, this tells php there isnt going to be any variables inside, saving it some processing time, but also resulting in it not searching the string for variables.
Meaning your attempt

header('location: miniprofile.php?name=$_SESSION[username]');

Would be unsuccessful.


"" = will parse variables
'' = faster but wont parse variables
Ini
17-12-2007, 09:49 PM
You'll find my bit of code was correct, though i can see what your attempting to do.
Your problem here is PHP treat's single quotes ' and double quotes differently, and unluckily you appear to have chosen the wrong one.

If php sees a string with double quotes, php will check to see if any varibles are inside, Which i believe is what you were trying to do, so:

header("location: miniprofile.php?name=$_SESSION[username]");

Would indeed work.

Unluckily if php comes across a single quote, this tells php there isnt going to be any variables inside, saving it some processing time, but also resulting in it not searching the string for variables.
Meaning your attempt

header('location: miniprofile.php?name=$_SESSION[username]');

Would be unsuccessful.


"" = will parse variables
'' = faster but wont parse variables
Ok thanks for explaining
ThisNameWillDo!
18-12-2007, 01:12 PM
How did you manage to get it working in the end then?

Want to hide these adverts? Register an account for free!