...

View Full Version : Little Help



thetick
02-05-2010, 04:34 AM
Hi all ... I have problems with my script ... i can't login here are the login files ... can anyone spot the problem?
$siteid is in the config file and login.html values are corect. But I keep getting: "The email and password combination is incorrect"

When I try to login. Any help would be great thx ...



functions.inc.php :



<?
include('config.inc.php');
//SQL functions
function get_row($id, $table){
return mysql_fetch_array(mysql_query("SELECT * FROM $table WHERE id='$id' LIMIT 1"));
}
function get_var($id, $var, $table){
return mysql_result(mysql_query("SELECT $var FROM $table WHERE id='$id' LIMIT 1"), 0);
}
function check_duplicate($var, $value, $table){
return mysql_num_rows(mysql_query("SELECT * FROM $table WHERE $var='$value' LIMIT 1")) > 0;
}
function update_row($data, $id, $table){
foreach($data as $key => $value) {
mysql_query("UPDATE $table SET $key='$value' WHERE id='$id' LIMIT 1");
}
}
function insert_row_auto_increment($data, $table){
mysql_query("INSERT INTO $table () VALUES ()") or die(mysql_error());
$id = mysql_insert_id();
update_row($data, mysql_insert_id(), $table);
return $id;
}
function insert_row($data, $id, $table){
mysql_query("INSERT INTO $table (id) VALUES('$id')") or die(mysql_error());
update_row($data, $id, $table);
}
function delete_row($id, $table){
mysql_query("DELETE FROM $table WHERE id='$id' LIMIT 1");
}
function check_offer_done($offerid, $userid){
return mysql_num_rows(mysql_query("SELECT * FROM tracking WHERE userid='$userid' AND offerid='$offerid' LIMIT 1"));
}
//Email Functions
function send_email($name, $address){
$email = get_row($name, "emails");
$headers = get_email_headers($email['reply']);
$message = email_str_replace($email['message'], $address);
if($name = "lost_pw") {
$p = new_password();
$message = str_replace("PASSWORD", $p , $message);
mysql_query("UPDATE users SET password=md5('$p') WHERE email='$address' LIMIT 1");
}
@mail($address, $email['subject'], $message, $headers);
}
function email_str_replace($message, $email){
include('settings.php');
$message = str_replace("EMAIL", $email, $message);
$message = str_replace("SITE_NAME", $site, $message);
return $message;
}
function get_email_headers($from){
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= "FROM: $from";
return $headers;
}
//Fraud C
function proxy_check($ip){
$timeout = 5;
$ports = array(80,3128,8080);
$flag = 0;
foreach($ports as $port){
@$fp = fsockopen($ip,$port,$errno,$errstr,$timeout);
if(!empty($fp)){
$flag = 1;
fclose($fp);
}
}
return $flag;
}

//Validation Functions
function validate($data){
$errors = array();
foreach($data as $key => $value) if(empty($value) && $key != "address2") $errors[] = "Please enter a ".$key;
return $errors;
}

function validate_user($data){
$errors = validate($data);
if(!empty($errors)) return $errors;
if(strlen($data['password']) < 6) $errors[] = "Your password must be longer than six characters";
if($data['password'] != $data['confirm']) $errors[] = "Your confirmed password does not match";
// if(!proxy_check($data['ip'])) $errors[] = "You are using a proxy which are not allowed!";
if(!empty($errors)) return $errors;
if(check_duplicate("phone", $data['phone'], "users")) $errors[] = "There is already a user with that phone number";
if(check_duplicate("email", $data['email'], "users")) $errors[] = "There is already a user with that email address";
if(check_duplicate("ip", $data['ip'], "users")) $errors[] = "There is already a user with that IP address";
return $errors;
}

function checkip(){
return mysql_result(mysql_query("SELECT checkip FROM settings LIMIT 1"),0);
}

function referred($userid){
return mysql_num_rows(mysql_query("SELECT * FROM status WHERE refby='$userid'"));
}
//
function create_user($data){
foreach ($data as $key => $value) $data[$key] = trim($value);
$data['password'] = md5($data['password']);
insert_row_auto_increment($data, "users");
insert_row_auto_increment($data, "status");
send_email('welcome',$data['email']);
header("Location:login.php");
}

function new_password(){
return substr(md5(uniqid(rand(), true)), 3, 10);
}

function check_login($email, $password, $siteid){
$q = mysql_query("SELECT id FROM users WHERE email='$email' AND password=MD5('$password') AND siteid='$siteid' LIMIT 1");
$r = mysql_num_rows($q);
if($r == 1) {
$uid = mysql_result($q, 1);
$banned = mysql_result(mysql_query("SELECT banned FROM status WHERE id='$uid' LIMIT 1"), 0);
return array('login' => 1+$banned, 'userid' => $uid) ; //returns 1 for banned and 2 for not banned
}
else return array('login' => 0, 'userid' => $uid);
}

function get_status_image($required, $credits){
return "/img/".round(100*$credits/$required);
}
function check_done($userid){
$i = get_row($userid,'status');
$g = get_row($i['giftid'], 'gifts');
if($i['totalcredits'] == $g['required'] && $i['emailver'] && $i['phonever'] && !$i['banned']) return true;
else return false;
}
function check_offers(){
$dead = array();
$r = mysql_query("SELECT name, offerid, link FROM offers");
while($row = mysql_fetch_array($r)){
$file = http_get($row["link"], "");
$meta = parse_array($file["FILE"], "<meta", ">");
foreach ($meta as $o){
if (get_attribute($o, "http-equiv") == "refresh") {
$u = get_attribute($o, "content");
$file = http_get(return_between($u, "url='", "'", EXCL), "");
}
}
if(stristr($file["FILE"], $row["name"])) ;
elseif(stristr($file["FILE"], $row["name"]));
elseif(similar_text(return_between($file["FILE"], "<title>", "</title>", EXCL), $row["name"]) > 0);
elseif(similar_text($file["FILE"], $row["name"]) > 0);
else $dead[] = $row["name"];
}
return $dead;
}

function country_ip($ip){
require_once("geoIP.inc");
$gi = geoip_open("GeoIP.dat",GEOIP_STANDARD);
$cou = geoip_country_code_by_addr($gi, $ip);
geoip_close($gi);
return $cou;
}

function follow_up_email(){
if($settings["sendfollowup"] == 0) break;
$r = mysql_query("SELECT * FROM users");
$users = array();
while($user = mysql_fetch_array($r)){
if(has_credits($user["id"]));
elseif(follow_up_sent($user["id"]));
elseif(strtotime($user["regdate"]) - time < 172800);
else $users[$user["id"]] = $user["email"];
}
if(!empty($users)) foreach($user as $id => $email) send_follow_up($id, $email);
}




?>


Login.php


<?
if(isset($_POST['submit'])){
require('config.inc.php');
require('functions.inc.php');
$email = $_POST['email'];
$password = $_POST['pass'];
$errors = array();
if($email == ""){
$errors[] = "You forgot to enter a email";
}
else{
$email = mysql_real_escape_string($email);
}

if($password == "") {
$errors[] = "You forgot to enter a password";
}
else{
$password = mysql_real_escape_string($password);
}


if(empty($errors)){
$id = check_login($email,$password,$siteid);
if($id['login'] == 0){
$errors[] = "The email and password combination is incorrect";
}
if($id['login'] == 2){
$errors[] = "You have been banned from this site, please contact support if you have any question";
}
}
if ($id['login'] == 1){
session_start();
$_SESSION['userid'] = $id['userid'];
header("Location:members.php");
exit();
}

}
?>
<? include('header.php') ?>
<div id="content_main">
<h3>Login</h3>

<? if(!empty($errors)){
echo '<p class="error"><ul>';
foreach($errors as $msg) echo "<li> $msg </li>\n";
echo '</ul></p>';
}
if($_GET["new"]) echo "Your account has been sucessfully created!";
?>
<? include('login.html'); ?>
</div>
</div>
<? include ('footer.php'); ?>

bdl
02-05-2010, 05:26 AM
I'm looking at your 'checkLogin' function:



function check_login($email, $password, $siteid){
$q = mysql_query("SELECT id FROM users WHERE email='$email' AND password=MD5('$password') AND siteid='$siteid' LIMIT 1");
$r = mysql_num_rows($q);
if($r == 1) {
$uid = mysql_result($q, 1);
$banned = mysql_result(mysql_query("SELECT banned FROM status WHERE id='$uid' LIMIT 1"), 0);
return array('login' => 1+$banned, 'userid' => $uid) ; //returns 1 for banned and 2 for not banned
} else
return array('login' => 0, 'userid' => $uid);
}


I keep looking at this line:


$uid = mysql_result($q, 1);


The second argument to mysql_result() is the row number based on a zero index count. You're trying to pull an `id` value from the second record returned, from a query statement that uses LIMIT 1.

Also, this is more of a nitpick thing than anything, but having `banned` return '1' or '2' is confusing to me. A boolean switch of either 0 or 1 makes more sense. It's your application of course. ;)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum