Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jul 2007
    Posts
    100
    Thanks
    1
    Thanked 0 Times in 0 Posts

    login script doesn't work

    I've created a login script, but it's not working. I enter in my correct username and password, but it gives me my error message. I'm not sure why, but I think it's because my password isn't being converted to sha1 properly, therefore the database can't read it.

    PHP Code:
    session_start();
    require(
    "../connect.php");

    if (isset(
    $_POST['submit']))
    {
        if (
    $_POST['username'] != '' && $_POST['password'] != '')
        {
            
    $username mysql_real_escape_string($_POST['username']);
            
    $password mysql_real_escape_string(sha1($_POST['password']));

            
    $sql mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
            
    $rs mysql_fetch_assoc($sql);
            
    $ip $_SERVER['REMOTE_ADDR'];
            
    $browser $_SERVER['HTTP_USER_AGENT'];

            if (isset(
    $_POST['remember']))
            {
                
    setcookie("cookiename"$usernametime()+60*60*24*100"/");
                
    setcookie("cookiepass"$passwordtime()+60*60*24*100"/");
            }

            if (!
    $sql)
            {
                echo 
    "<p class=\"hack\">Username and password could not be found.<br /><img src=\"../images/queryerror.jpg\" alt=\"\" /></p>";
                exit;
            }

            
    $count mysql_num_rows($sql);

            if (
    $count == 1)
            {
                
    $_SESSION['username_session'] = $username;
                
    $_SESSION['status_session'] = $rs['status'];
                
    $_SESSION['ip_session'] = $ip;
                
    $_SESSION['browser_session'] = $browser;
                
    $_SESSION['db_logged_in'] = true;
                
    header("Location: ../panel.php");
            }
            else
            {
                echo 
    "<p class=\"hack\">Stop hacking!<br /><img src=\"../images/hackerror.jpg\" alt=\"\" /></p>";
                exit;
            }
        }
    }
    else
    {
        echo 
    "<p class=\"hack\">You are not suppose to be in here.<br /><img src=\"../images/hackerror.jpg\" alt=\"\" /></p>";
        exit;

    I'm receiving the "Stop hacking!" message.

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Your query could be failing but you aren't doing any error checking. Change this
    PHP Code:
    $sql mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); 
    to this
    PHP Code:
    $sql mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die(mysql_error()); 
    Also make sure the password field in your database allows enough characters to fit your whole password. Another thing, posting the actual form might help as well.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    New to the CF scene
    Join Date
    Feb 2008
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    you could change the following:

    Code:
            if (!$sql) 
            { 
                echo "<p class=\"hack\">Username and password could not be found.<br /><img src=\"../images/queryerror.jpg\" alt=\"\" /></p>"; 
                exit; 
            } 
    
            $count = mysql_num_rows($sql); 
    
            if ($count == 1) 
            { 
                $_SESSION['username_session'] = $username; 
                $_SESSION['status_session'] = $rs['status']; 
                $_SESSION['ip_session'] = $ip; 
                $_SESSION['browser_session'] = $browser; 
                $_SESSION['db_logged_in'] = true; 
                header("Location: ../panel.php"); 
            }
    to:

    Code:
                  if (!$sql) 
            { 
                echo "<p class=\"hack\">Username and password could not be found.<br /><img src=\"../images/queryerror.jpg\" alt=\"\" /></p>"; 
                exit; 
            } else  { 
                $_SESSION['username_session'] = $username; 
                $_SESSION['status_session'] = $rs['status']; 
                $_SESSION['ip_session'] = $ip; 
                $_SESSION['browser_session'] = $browser; 
                $_SESSION['db_logged_in'] = true; 
                header("Location: ../panel.php"); 
    exit;
            }
    IMO the rest seems un-needed. Just my 2 cents.

    If you want to keep your code the same without change, you forgot
    Code:
    exit;
    after
    Code:
    header("Location: ../panel.php");


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •