Hmm.. not sure why, check this?
I just realised, you aren't checking if anything is set.. You check if username is empty but you haven't processed it.. (make sense??)PHP Code:<?php
session_start();
//require_once('config.php');
if($_SESSION['username']) {
die('You are already logged in.');
} else {
if($_POST['login']){ // check if the form has been submitted
$username = clean($_POST['username']);
$password = clean(encrypt($_POST['password']));
if(isset($username) || isset($password)){
die('You left a field blank. Please go <a href="login.php">back</a> and fix it.');
} else {
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '{$username}' AND Password = '{$password}'");
$num_rows = mysql_num_rows($query);
// Check if the login was successful. (1 = succesfull)
if($num_rows == 1) {
$row = mysql_fetch_array($checklogin);
$email = $row['email'];
$uid = $row['id'];
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = 1;
echo 'Welcome to TrueHabbo Faces, <b>'.$_SESSION['username'].'</b>. Click <a href="index.php">here</a> to go back to the main page.';
} else {
echo 'Your password did not match the specified username.';
}
}
} else { // since it wasn't submitted yet, show the form.
echo ("<form method=\"post\">
Username: <br>
<input name=\"username\" type=\"text\">
<br><br>
Password: <br>
<input name=\"password\" type=\"text\">
<br><br>
<input type=\"submit\" name=\"login\" value=\"Login\">
");
}
}
?>
i updated the code to fix it i think.
Results 21 to 30 of 30
Thread: [PHP] Help with usersystem
-
Last edited by Blinger1; 17-02-2009 at 01:37 AM.
-
Try this, I rewrote it for you:
PHP Code:<?php
session_start();
require_once ('config.php');
if ($_SESSION['user_id']) {
// user is already logged in //
header("Location: main.php"); // redirects to your "logged in page".
exit();
}
if ($_GET["action"] == "login") {
$username = clean($_POST['username']);
$password = clean($_POST['password']);
if ($username == "" || $password == "") {
// user left username or password blank.
header("Location: login.php?error=blank"); // redirect back to the login page.
exit();
}
$password = md5($password);
$check_username_q = mysql_query("SELECT * FROM `users` WHERE `username`='$username' LIMIT 0,1");
$check_username = mysql_num_rows($check_username_q);
if (!$check_username) {
// username was invalid.
header("Location: login.php?error=username"); // back to the login page.
exit();
}
$check_password = mysql_query("SELECT * FROM `users` WHERE `username`='$username' AND `password`='$password' LIMIT 0,1");
$check_password = mysql_num_rows($check_password);
if (!$check_password) {
// password was invalid.
header("Location: login.php?error=password"); // back to login page.
exit();
}
$get_details = mysql_fetch_array($check_username_q);
$_SESSION['user_id'] = $get_details["id"]; // sets ID for user_id.
header("Location: main.php"); // redirects to main page.
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<title>Login</title>
</head>
<body>
<?php
$error = $_GET["error"];
if ($error != "") {
echo "<fieldset>";
echo "<legend>ERROR!</legend>";
switch ($error) {
case "blank":
echo "<strong>You have left a required field blank.</strong>";
break;
case "username":
echo "<strong>The username you provided was incorrect.</strong>";
break;
case "password":
echo "<strong>The password you have entered was incorrect.</strong>";
break;
default:
echo "<strong>CANNOT HANDLE ERROR</strong>";
break;
}
echo "</fieldset>";
}
?>
<form method="post" action="?action=login" name="login_form">
<fieldset>
<legend>Login</legend>
<table>
<tr>
<td><label for="username"><strong>Username:</strong></label></td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td><label for="password"><strong>Password:</strong></label></td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" value="Login" /></td>
</tr>
</table>
</fieldset>
</form>
</body>
</html>
-
-
Your codes are all far too complex.
PHP Code:<?php
if( empty( $_POST[ 'username' ] ) === true or empty( $_POST[ 'password' ] ) === true ) {
redirect( '/index.php?error=missingfields' );
exit();
}
$username = strtolower( $text->cleanSql( $_POST[ 'username' ] ) );
$password = $text->cleanSql( $_POST[ 'password' ] );
$query = $db->runQuery( 'SELECT `id`, `username`, `password`, `hash` FROM `users` WHERE LOWER( `username` ) = \'' . $username . '\'' );
if( $db->countRows( $query ) !== 1 ) {
$err->addError( 'Sorry, your username or password was incorrect.' );
redirect( '/index.php?error=badlogin' );
exit();
}
$fetch = $db->fetchAssoc( $query );
if( $text->hashPass( $password, $fetch[ 'hash' ] ) !== $fetch[ 'password' ] ) {
$err->addError( 'Sorry, your username or password was incorrect.' );
redirect( '/index.php?act=badlogin' );
exit();
}
# We have a valid user & password, lets go and give them their cookies and send them on their way.
setcookie( 'authId', $fetch[ 'id' ], time() + 604800, '/' );
setcookie( 'authPass', $text->hashPass( $fetch[ 'password' ], $fetch[ 'hash' ] ), time() + 604800, '/' );
?>
visit my internet web site on the internet
http://dong.engineer/
it is just videos by bill wurtz videos you have been warned
-
-
its called header(location
-
Dentafrice, your code returns "you left a field blank" all the time. I cannot seem to find a way to check for a blank field that actually works..
actually, your code doesn't work at all. the username check does nothing and it's always the wrong password
blinger your code doesn't work eitherLast edited by Trigs; 17-02-2009 at 05:46 AM.
-
here, go to techtuts.com forum and then look at the usersystem there
-
-
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts