http://daniel.valvi.co.uk/thf/login.php
Source:
What's wrong with it?PHP Code:<?php
session_start();
require_once('config.php');
if($_SESSION['username']) {
die('You are already logged in.');
} else {
}
if(isset($username) || isset($password)){
die('You left a field blank. Please go <a href="login.php">back</a> and fix it.');
} else {
}
$username = clean($_POST['username']);
$password = clean(encrypt($_POST['password']));
$result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$row = mysql_fetch_array($result);
$id = $row['id'];
$select_user = mysql_query("SELECT * FROM users WHERE id='$id'");
$row2 = mysql_fetch_array($select_user);
$user = $row2['username'];
$get_level = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id'");
$row5 = mysql_fetch_array($get_level);
$level = $id['level'];
$pass_check = mysql_query("SELECT * FROM users WHERE username='$username'");
$row3 = mysql_fetch_array($pass_check);
$select_pass = mysql_query("SELECT * FROM users WHERE username='$username'");
$row4 = mysql_fetch_array($select_pass);
$real_password = $row4['password'];
if($password != $real_password) {
die('Your username or password was incorrect. Please go <a href="login.php">back</a> and fix it.');
} else {
}
$_SESSION['username'] = $username;
$_SESSION['level'] = $level;
echo 'Welcome to TrueHabbo Faces, <b>'.$_SESSION['username'].'</b>. Click <a href="index.php">here</a> to go back to the main page.';
?>
Results 1 to 10 of 30
Thread: [PHP] Help with usersystem
-
[PHP] Help with usersystem
-
17-02-2009, 12:19 AM #2
Wouldn't it be better to ask what the problem is that you're suffering from? :S
-
-
17-02-2009, 12:27 AM #4
I... really have no idea, I'll be honest with you. This is something I did in a User system:
That does work, so like... See what you can do lol.PHP Code:{
// MySQL_Real_Escape is a method of clearing the database input. Not completely safe...
$username = mysql_real_escape_string($_POST['username']);
// MD5 is an encryption method which protects Passwors from being found easily by hackers.
// It can be made more advanced, but the standard PHP encryption is good enough for general safety.
$password = md5(mysql_real_escape_string($_POST['password']));
// Checks the login data using a MYSQL query, selecting the database and then searching to see whether the password matches the Username.
$checklogin = mysql_query ("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
// If statement. If the checklogin is correct and true, then the login is verified and it will submit the user through to their homepage.
if(mysql_num_rows($checklogin) == 1)
{
// Obtains users Email Address for future use.
$row = mysql_fetch_array($checklogin);
$email = $row['EmailAddress'];
$uid = $row['UserID'];
$lcount = $row['Logged'] +1;
//$sql = mysql_query("SELECT $uid FROM 'users'");
$update = mysql_query("UPDATE users SET Logged = '$lcount' WHERE UserID = '$uid'");
// $id = $_GET['UserID'];
// $sql = mysql_query("SELECT 'Logged' FROM 'users' WHERE 'UserID' =");
// $fetch = mysql_fetch_array($sql);
$_SESSION['Username'] = $username;
$_SESSION['EmailAddress'] = $email;
$_SESSION['LoggedIn'] = 1;
$_SESSION['Logged'] = $lcount;
$_SESSION['UserID'] = $uid;
// Greeting message on the page, stating successful login.
echo "<h1>Success!</h1>";
echo "<p>Logging into user system...</p>";
echo "<meta http-equiv='refresh' content='=2;index.php' />";
}
else
{ // If the username or password is incorrect then this error comes up:
echo "<h1>Error</h1>";
echo "<p>Your account did not match its password. Please <a href='index.php'>click here to try again</a>.</p>";
}
}
-
-
17-02-2009, 12:37 AM #6
It does
The form grabs the information and puts into the variable $password, then it goes into the mysql_query (check_login) which searches for the username and then searches for the password. If the password doesn't match whats with that username then $check_login will omit a false (==0) and will miss out the chunk below, and go into an else die part.
It does work, I've tried it.
-
Gah it doesn't work. www.daniel.valvi.co.uk/thf/login.php
It goes right through the code.
Source:
PHP Code:<?php
session_start();
require_once('config.php');
if($_SESSION['username']) {
die('You are already logged in.');
} else {
}
if(isset($username) || isset($password)){
die('You left a field blank. Please go <a href="login.php">back</a> and fix it.');
} else {
}
$username = clean($_POST['username']);
$password = clean(encrypt($_POST['password']));
$checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
if(mysql_num_rows($checklogin) == 1) {
$row = mysql_fetch_array($checklogin);
$email = $row['email'];
$uid = $row['id'];
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = 1;
echo 'Welcome to TrueHabbo Faces, <b>'.$_SESSION['username'].'</b>. Click <a href="index.php">here</a> to go back to the main page.';
} else {
echo 'Your password did not match the specified username.';
}
?>
-
17-02-2009, 12:43 AM #8
Make sure that uh, your forms are named right. Should be named Username & Password. Note that is with capitals, unless you want to change the code.
-
-
17-02-2009, 12:49 AM #10
You sure about that?Code:
Username: <br /> <input type="text" name="username"> <br /><br /> Password: <br /> <input type="text" name="password">
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts