Yeah, I have
$username = clean($_POST['username']);
$password = clean(encrypt($_POST['password']));
Results 11 to 20 of 30
Thread: [PHP] Help with usersystem
-
-
17-02-2009, 12:53 AM #12
Oh yeah, sorry I'm getting mixed up between the MySQL tables and the forms... Oh dear.
I'd just wait till one of the PHP wizards come on tbh, I can't see the problem. Best of luck to yee.
-
Try this:
PHP Code:<?php
session_start();
require_once('config.php');
if($_SESSION['username']) {
die('You are already logged in.');
} else {
if($_POST['submit']){ // check if the form has been submitted
if(isset($username) || isset($password)){
die('You left a field blank. Please go <a href="login.php">back</a> and fix it.');
} else {
$username = clean($_POST['username']);
$password = clean(encrypt($_POST['password']));
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1) {
$row = mysql_fetch_array($checklogin);
$email = $row['email'];
$uid = $row['id'];
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = 1;
echo 'Welcome to TrueHabbo Faces, <b>'.$_SESSION['username'].'</b>. Click <a href="index.php">here</a> to go back to the main page.';
} else {
echo 'Your password did not match the specified username.';
}
} else { // since it wasn't submitted yet, show the form.
echo ("<form action=\"login_check.php\" method=\"post\" enctype=\"text/plain\">
Username: <br>
<input name=\"username\" type=\"text\">
<br><br>
Password: <br>
<input name=\"password\" type=\"text\">
<br><br>
<input value=\"Login!\" name=\"submit\" type=\"submit\">
");
}
}
?>
-
-
try that..PHP Code:
<?php
session_start();
//require_once('config.php');
if($_SESSION['username']) {
die('You are already logged in.');
} else {
if($_POST['login']){ // check if the form has been submitted
if(isset($username) || isset($password)){
die('You left a field blank. Please go <a href="login.php">back</a> and fix it.');
} else {
$username = clean($_POST['username']);
$password = clean(encrypt($_POST['password']));
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1) {
$row = mysql_fetch_array($checklogin);
$email = $row['email'];
$uid = $row['id'];
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = 1;
echo 'Welcome to TrueHabbo Faces, <b>'.$_SESSION['username'].'</b>. Click <a href="index.php">here</a> to go back to the main page.';
} else {
echo 'Your password did not match the specified username.';
}
}
} else { // since it wasn't submitted yet, show the form.
echo ("<form method=\"post\">
Username: <br>
<input name=\"username\" type=\"text\">
<br><br>
Password: <br>
<input name=\"password\" type=\"text\">
<br><br>
<input type=\"submit\" name=\"login\" value=\"Login\">
");
}
}
?>Last edited by Blinger1; 17-02-2009 at 01:18 AM.
-
-
I updated the above code..
PHP Code:<?php
session_start();
//require_once('config.php');
if($_SESSION['username']) {
die('You are already logged in.');
} else {
if($_POST['login']){ // check if the form has been submitted
if(isset($username) || isset($password)){
die('You left a field blank. Please go <a href="login.php">back</a> and fix it.');
} else {
$username = clean($_POST['username']);
$password = clean(encrypt($_POST['password']));
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1) {
$row = mysql_fetch_array($checklogin);
$email = $row['email'];
$uid = $row['id'];
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = 1;
echo 'Welcome to TrueHabbo Faces, <b>'.$_SESSION['username'].'</b>. Click <a href="index.php">here</a> to go back to the main page.';
} else {
echo 'Your password did not match the specified username.';
}
}
} else { // since it wasn't submitted yet, show the form.
echo ("<form method=\"post\">
Username: <br>
<input name=\"username\" type=\"text\">
<br><br>
Password: <br>
<input name=\"password\" type=\"text\">
<br><br>
<input type=\"submit\" name=\"login\" value=\"Login\">
");
}
}
?>
-
Works so far. Now I'll add some login info to the database and see if it lets me in. Also what's up with:
Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0
Edit: it sets the session even though the login info was wrong
-
where does that come up :S?
-
Okay thanks! Everything works except the session problem.
www.daniel.valvi.co.uk/thf/login_check.php
Login with whatever you want. It will say that the info is wrong. Then reload the page. It will say you're already logged in. For some reason it still sets the $_SESSION['username'] variable.
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts