runnerjp
05-09-2008, 02:34 PM
i have been imroving my login system but it does not seem to work... all it does is refresh my page..
login.php
<?php <link rel="stylesheet" type="text/css" href="css/login.css">
<table width="150" border="1" cellpadding="3" cellspacing="0" bordercolor="#000000">
<tr>
<td width="200" bordercolor="99b3b4" bgcolor="99b3b4"><span class="style5">
<center>
<em><u>Login</u></em>
</center></span></td>
</tr>
<tr>
<td bordercolor="99b3b4" bgcolor="#FFFFFF" ><form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<input type="hidden" name="_submit_check" value="1"/>
<div style="margin-top:12px; margin-bottom:10px">
<span class="style4"><em>Username: </em></span>
<input class="input" type="text" name="username" id="username" size="25" maxlength="30" value="" />
</div>
<div style="margin-top:12px; margin-bottom:10px">
<span class="style4"><em>Password:</em></span>
<input class="input" type="password" name="password" id="password" size="25" maxlength="30" />
</div>
<center><?php if ( ALLOW_REMEMBER_ME ):?>
<input type="checkbox" name="remember" id="remember" />
<label for="remember">Remember me</label>
<?php endif;?></center>
<table width="150" align="center">
<tr>
<td width="97" align="center" valign="middle"><div align="center">
<input name="Login" type="image" class="submit-btn" title="submit" value="Login" src="images/btn.gif" alt="submit" align="middle" />
</div></td>
<td width="41" align="center" valign="middle"> </td>
</tr>
</table>
<center>
<span class="style8"><a href="http://www.runningprofiles.com/register.php" onclick="NewWindow(this.href,'register','240','500','no','center');return false" onfocus="this.blur()" class="style6">
Register</a> / <a href="forgot_password.php" onclick="NewWindow(this.href,'forgot_password','270','250','no','center');return false" onfocus="this.blur()" class="style6">Lost Password </a></span>
</center> <center>
<div style="margin-top:12px; margin-bottom:10px" id="log">
<?php if ( isset( $error ) ) { echo ' <p class="error">' . $error . '</p>' . "\n";}?>
</div> </center>
</form></td>
</tr>
</table>
<!-- here is the function for the popup window dont delete jarratt -->
<script>
var win=null;
function NewWindow(mypage,myname,w,h,scroll,pos){
if(pos=="random"){LeftPosition=(screen.availWidth)?Math.floor(Math.random()*(screen.availWidth-w)):0;TopPosition=(screen.availHeight)?Math.floor(Math.random()*((screen.availHeight-h)-75)):0;}
if(pos=="center"){LeftPosition=(screen.availWidth)?(screen.availWidth-w)/2:0;TopPosition=(screen.availHeight)?(screen.availHeight-h)/2:0;}
if(pos=="default"){LeftPosition=0;TopPosition=0}
else if((pos!="center" && pos!="random" && pos!="default") || pos==null){LeftPosition=0;TopPosition=20}
settings='width='+w+',height='+h+',top='+TopPosition+',left='+LeftPosition+',scrollbars='+scroll+',l ocation=no,directories=no,status=no,menubar=no,toolbar=no,resizable=no';
win=window.open(mypage,myname,settings);
if(win.focus){win.focus();}}
function CloseNewWin(){if(win!=null && win.open)win.close()}
window.onfocus=CloseNewWin;</script>
then loginfunction.php
<?php
if(isset($_GET['login'])) {
//removes sql injections from the data
$username= htmlspecialchars(addslashes($_POST[username]));
//encrypts the password
$password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST[password]))))))));
//gets the username data from the members database
$uinfo = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
//see if the user exists
$checkuser = mysql_num_rows($uinfo);
//if user name not found in database error
if($checkuser == '0')
{
echo "Username not found";
}else{
//fetch the sql
$udata = mysql_fetch_array($uinfo);
//checks see if the account is verified
if($udata[userlevel] == 1) {
echo "This account had not been verified.";
}
//if it is continue
else
//if the db password and the logged in password are the same login
if($udata[password] == $password) {
$query = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
//fetchs the sql
$user = mysql_fetch_array($query);
//sets the logged session
$_SESSION['id'] = "$user[id]";
$_SESSION['password'] = "$user[password]";
echo "You are now logged in, Please wait. . .";
//redirects them
echo "<meta http-equiv='Refresh' content='2; URL=/members/index.php'/>";
}
//wrong password
else{
echo "Incorrect username or password!";
}
}
}
echo "<center>";
?>
i will also add register.php so you can see how the data is beeing put into the table :)
register.php
<?php
session_start(); //allows session
include "config.php";
echo "<center>";
//checks if there trying to veriy there account
if(isset($_GET['verify'])) {
//gets the code and makes it safe
$code = addslashes($_GET['code']);
//gets the code from the database
$getcode=mysql_query("SELECT * FROM `verification` WHERE `code` = '$code'");
//counts the number of rows
$getcode = mysql_num_rows($getcode);
//if the ammount of rows is 0 the code does not exist
if($getcode == 0) {
echo "Invalid verification code!";
}
//or if the code does exist we will activiate there account
else{
//get the data from the database
$getcode=mysql_query("SELECT * FROM `verification` WHERE `code` = '$code'");
//fetchs the data from the db
$dat = mysql_fetch_array($getcode);
//sets the users user level to 2 which means they can now use there account
$update = mysql_query("UPDATE `members` SET `userlevel` = '2' WHERE `username` = '".$dat['username']."'") or die(mysql_error());
//deletes the code as there is no use of it now
$delete = mysql_query("DELETE FROM `verification` WHERE code = '$code'");
//says thanks and your account is ready for use
echo "Thank you, Your account has been verified.";
}
}else
//if we have posted the register for we will register this user
if(isset($_GET['register'])) {
//check to see if any fields were left blank
if((!$_POST[username]) || (!$_POST[password]) || (!$_POST[cpassword]) || (!$_POST[email])) {
echo "A field was left blank please go back and try again.";
}else{
//posts all the data from the register form
$username = $_POST[username];
$password = $_POST[password];
$cpassword = $_POST[cpassword];
$email = $_POST[email];
//check see if the 2 passwords are the same
if($password == $cpassword)
{
//encrypts the password 8 times
$password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($password))))))));
$cname = mysql_query("SELECT `username` FROM `members` WHERE `username` = '$username'");
$cname= mysql_num_rows($cname);
//checks to see if the username or email allready exist
if($cname>=1) {
echo "The username is already in use";
}else{
//gets rid of bad stuff from there username and email
$username = addslashes(htmlspecialchars($username));
$email = addslashes(htmlspecialchars($email));
if($semail == "1") { // $email set as 1 means email activation is active
//adds them to the db
$adduser = mysql_query("INSERT INTO `members` (`username`, `password`, `email`) VALUES('$username','$password','$email')");
//posible letters for the verification code
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
//shuffles the letters around to create a 16 long code
$code = substr(str_shuffle($alphanum), 0, 16);
//adds there code along with there user name to the db
$addcode = mysql_query("INSERT INTO `verification` (`username`, `code`) VALUES('$username','$code')");
//don't edit this, this is the link for there activication
$link = "http://$host$self?verify&code=$code";
//sends the email to the person
mail("$email", "Member-Ship Validation", "Thank you for registering on $sitename.
Please copy the below link into you address bar,
$link", "From: Site Verification");
//message sent now lets tell them to check there email
echo "You are now registered,<br><br>Please check your email to activate your account.";
}else{ //no need for email activation
$adduser = mysql_query("INSERT INTO `members` (`username`, `password`, `email`, `userlevel`) VALUES('$username','$password','$email','2')");
echo "You are now registered,<br><br>You can now loggin to your account";
}
}
}else{
echo "Your password and conformation password do not match!";
}
}
}else{
//none of the above so lets show the register form
echo "<form action='register.php?register' method='post'>
<table width='350'>
<tr>
<td width='150'>Username:</td>
<td width='200'><input type='text' name='username' size='30' maxlength='25'></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' size='30' maxlength='25'></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type='password' name='cpassword' size='30' maxlength='25'></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' size='30' maxlength='55'></td>
</tr>
<tr>
<td colspan='2'><center><input type='submit' value='Register'></center></td>
</tr>
</table>
</form>";
}
echo "<center>";
?>
login.php
<?php <link rel="stylesheet" type="text/css" href="css/login.css">
<table width="150" border="1" cellpadding="3" cellspacing="0" bordercolor="#000000">
<tr>
<td width="200" bordercolor="99b3b4" bgcolor="99b3b4"><span class="style5">
<center>
<em><u>Login</u></em>
</center></span></td>
</tr>
<tr>
<td bordercolor="99b3b4" bgcolor="#FFFFFF" ><form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<input type="hidden" name="_submit_check" value="1"/>
<div style="margin-top:12px; margin-bottom:10px">
<span class="style4"><em>Username: </em></span>
<input class="input" type="text" name="username" id="username" size="25" maxlength="30" value="" />
</div>
<div style="margin-top:12px; margin-bottom:10px">
<span class="style4"><em>Password:</em></span>
<input class="input" type="password" name="password" id="password" size="25" maxlength="30" />
</div>
<center><?php if ( ALLOW_REMEMBER_ME ):?>
<input type="checkbox" name="remember" id="remember" />
<label for="remember">Remember me</label>
<?php endif;?></center>
<table width="150" align="center">
<tr>
<td width="97" align="center" valign="middle"><div align="center">
<input name="Login" type="image" class="submit-btn" title="submit" value="Login" src="images/btn.gif" alt="submit" align="middle" />
</div></td>
<td width="41" align="center" valign="middle"> </td>
</tr>
</table>
<center>
<span class="style8"><a href="http://www.runningprofiles.com/register.php" onclick="NewWindow(this.href,'register','240','500','no','center');return false" onfocus="this.blur()" class="style6">
Register</a> / <a href="forgot_password.php" onclick="NewWindow(this.href,'forgot_password','270','250','no','center');return false" onfocus="this.blur()" class="style6">Lost Password </a></span>
</center> <center>
<div style="margin-top:12px; margin-bottom:10px" id="log">
<?php if ( isset( $error ) ) { echo ' <p class="error">' . $error . '</p>' . "\n";}?>
</div> </center>
</form></td>
</tr>
</table>
<!-- here is the function for the popup window dont delete jarratt -->
<script>
var win=null;
function NewWindow(mypage,myname,w,h,scroll,pos){
if(pos=="random"){LeftPosition=(screen.availWidth)?Math.floor(Math.random()*(screen.availWidth-w)):0;TopPosition=(screen.availHeight)?Math.floor(Math.random()*((screen.availHeight-h)-75)):0;}
if(pos=="center"){LeftPosition=(screen.availWidth)?(screen.availWidth-w)/2:0;TopPosition=(screen.availHeight)?(screen.availHeight-h)/2:0;}
if(pos=="default"){LeftPosition=0;TopPosition=0}
else if((pos!="center" && pos!="random" && pos!="default") || pos==null){LeftPosition=0;TopPosition=20}
settings='width='+w+',height='+h+',top='+TopPosition+',left='+LeftPosition+',scrollbars='+scroll+',l ocation=no,directories=no,status=no,menubar=no,toolbar=no,resizable=no';
win=window.open(mypage,myname,settings);
if(win.focus){win.focus();}}
function CloseNewWin(){if(win!=null && win.open)win.close()}
window.onfocus=CloseNewWin;</script>
then loginfunction.php
<?php
if(isset($_GET['login'])) {
//removes sql injections from the data
$username= htmlspecialchars(addslashes($_POST[username]));
//encrypts the password
$password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST[password]))))))));
//gets the username data from the members database
$uinfo = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
//see if the user exists
$checkuser = mysql_num_rows($uinfo);
//if user name not found in database error
if($checkuser == '0')
{
echo "Username not found";
}else{
//fetch the sql
$udata = mysql_fetch_array($uinfo);
//checks see if the account is verified
if($udata[userlevel] == 1) {
echo "This account had not been verified.";
}
//if it is continue
else
//if the db password and the logged in password are the same login
if($udata[password] == $password) {
$query = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
//fetchs the sql
$user = mysql_fetch_array($query);
//sets the logged session
$_SESSION['id'] = "$user[id]";
$_SESSION['password'] = "$user[password]";
echo "You are now logged in, Please wait. . .";
//redirects them
echo "<meta http-equiv='Refresh' content='2; URL=/members/index.php'/>";
}
//wrong password
else{
echo "Incorrect username or password!";
}
}
}
echo "<center>";
?>
i will also add register.php so you can see how the data is beeing put into the table :)
register.php
<?php
session_start(); //allows session
include "config.php";
echo "<center>";
//checks if there trying to veriy there account
if(isset($_GET['verify'])) {
//gets the code and makes it safe
$code = addslashes($_GET['code']);
//gets the code from the database
$getcode=mysql_query("SELECT * FROM `verification` WHERE `code` = '$code'");
//counts the number of rows
$getcode = mysql_num_rows($getcode);
//if the ammount of rows is 0 the code does not exist
if($getcode == 0) {
echo "Invalid verification code!";
}
//or if the code does exist we will activiate there account
else{
//get the data from the database
$getcode=mysql_query("SELECT * FROM `verification` WHERE `code` = '$code'");
//fetchs the data from the db
$dat = mysql_fetch_array($getcode);
//sets the users user level to 2 which means they can now use there account
$update = mysql_query("UPDATE `members` SET `userlevel` = '2' WHERE `username` = '".$dat['username']."'") or die(mysql_error());
//deletes the code as there is no use of it now
$delete = mysql_query("DELETE FROM `verification` WHERE code = '$code'");
//says thanks and your account is ready for use
echo "Thank you, Your account has been verified.";
}
}else
//if we have posted the register for we will register this user
if(isset($_GET['register'])) {
//check to see if any fields were left blank
if((!$_POST[username]) || (!$_POST[password]) || (!$_POST[cpassword]) || (!$_POST[email])) {
echo "A field was left blank please go back and try again.";
}else{
//posts all the data from the register form
$username = $_POST[username];
$password = $_POST[password];
$cpassword = $_POST[cpassword];
$email = $_POST[email];
//check see if the 2 passwords are the same
if($password == $cpassword)
{
//encrypts the password 8 times
$password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($password))))))));
$cname = mysql_query("SELECT `username` FROM `members` WHERE `username` = '$username'");
$cname= mysql_num_rows($cname);
//checks to see if the username or email allready exist
if($cname>=1) {
echo "The username is already in use";
}else{
//gets rid of bad stuff from there username and email
$username = addslashes(htmlspecialchars($username));
$email = addslashes(htmlspecialchars($email));
if($semail == "1") { // $email set as 1 means email activation is active
//adds them to the db
$adduser = mysql_query("INSERT INTO `members` (`username`, `password`, `email`) VALUES('$username','$password','$email')");
//posible letters for the verification code
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
//shuffles the letters around to create a 16 long code
$code = substr(str_shuffle($alphanum), 0, 16);
//adds there code along with there user name to the db
$addcode = mysql_query("INSERT INTO `verification` (`username`, `code`) VALUES('$username','$code')");
//don't edit this, this is the link for there activication
$link = "http://$host$self?verify&code=$code";
//sends the email to the person
mail("$email", "Member-Ship Validation", "Thank you for registering on $sitename.
Please copy the below link into you address bar,
$link", "From: Site Verification");
//message sent now lets tell them to check there email
echo "You are now registered,<br><br>Please check your email to activate your account.";
}else{ //no need for email activation
$adduser = mysql_query("INSERT INTO `members` (`username`, `password`, `email`, `userlevel`) VALUES('$username','$password','$email','2')");
echo "You are now registered,<br><br>You can now loggin to your account";
}
}
}else{
echo "Your password and conformation password do not match!";
}
}
}else{
//none of the above so lets show the register form
echo "<form action='register.php?register' method='post'>
<table width='350'>
<tr>
<td width='150'>Username:</td>
<td width='200'><input type='text' name='username' size='30' maxlength='25'></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' size='30' maxlength='25'></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type='password' name='cpassword' size='30' maxlength='25'></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' size='30' maxlength='55'></td>
</tr>
<tr>
<td colspan='2'><center><input type='submit' value='Register'></center></td>
</tr>
</table>
</form>";
}
echo "<center>";
?>